Win 2003 - 2008 Trust

I have a trust relationship setup ok between 2003 AD and 2008 AD and it validates all ok. But when i goto the 2003AD and try to add a user from the 2008AD to a group it only shows me the 2003AD and not both, i checked and this is the same from the other side.
why is this the case and how can o resolve.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike ThomasConsultantCommented:
when tryng to add a user or group click the locations button, you should be able to select the trusted domain and then users/groups from that domain.
kingcastleAuthor Commented:
thats what im doing but the other domain is not listed there, weird thing is if i log off at thr ctrl alt del screen i get the option to logon onto either domain??
Mike ThomasConsultantCommented:
How long has it been since you created the trust? the fact that you see it as a log on option suggests everything is in place and working OK.

You could try adding the trusted domains DNS zone as a secondary zone on your DNS servers, this is something I do as standard so i'm not sure if it might be a factor or not but could be worth trying for the 10 mins it wil take you to do.

 Acronis Global Cyber Summit 2019 in Miami

The Acronis Global Cyber Summit 2019 will be held at the Fontainebleau Miami Beach Resort on October 13–16, 2019, and it promises to be the must-attend event for IT infrastructure managers, CIOs, service providers, value-added resellers, ISVs, and developers.

kingcastleAuthor Commented:
Will try and post back cheers
kingcastleAuthor Commented:
ok tried that same, thing do i need to leave it while before checking it again?

What is the exact type of trust you create?
If this trust is not bidirectional you don't see user from both sides.
Otherwise you have to create two trust relationships (one outgoing and another ingoing).
Post detailed info about your trust creation and we suggest the solution.
Did you use forwarder or secondary zones for name resolution between the two domains?
what happens when you validate the trust from either side?

kingcastleAuthor Commented:
i have created a two way trust, it validates fine no problem and yes i have tried both conditional forwarders and secondary zones neither work. i think this has something to do with win2003 and win2008 trusts.
i notice that if i goto some groups ie dhcp admins for example and goto memebers and add, i can change location and pick the othe domain but that is the only place i can do that. for example i only see the relavent domain if i try to change locatio for adding a user to the domain admin group for example.

Did you make the id which you are using for migration member of administrator,enterprise admin & domain admin in both the domains.

Until dns issue is resolved trust will not work.

Just Go thru below link,might be something prove helpful.
Keep in mind that your dhcp admins is probably a "Domain Local" group instead of "global group" and the reason why you can see both domain when trying to add members to it. This is by design. Just like when you open a "global group" from your win2k8 domain and trying to add members to it, you should only see your win2k8 domain but not win2k3. This is because you cannot add global group from another domain to your win2k8 domain's global group. If some global group in your win2k8 domain must be leverage and wants to add member in the win2k3 domain, all you need to do is convert that specific win2k8 global group to a domain locat group then you would be abe to see both domain as you can add global group from both domain into a Domain Local group.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kingcastleAuthor Commented:
guys i didnt realise you had to type the domains names into the source and targert part of ADMT.
i thought they had to be on the drop down list once i typed them in away it went. im goin award points based on being pointed in the right direction.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.