In this scenario, there are 3 machines, Machine 1 and 2 are each domain controllers for Domain A. Machine 3 is a domain controller for Domain B. I want a one-way trust to be setup so that domain admins in Domain A can administer specific resources in Domain B.
The rub here is the way Machines A and B have been configured (misconfigured). Each are multihomed. Machine 1 is set with its primary NIC to be on Subnet 1. Machine 2 is set with its primary NIC to be on Subnet 2. All 3 of the machines can ping the other 2.
All machines can nslookup the other 2, forward lookup zones have been placed in each DNS for the other Domain. The Name Server assigned to the forward lookup zone that has been added is the Domain Controller responsible for that domain and it is correctly resolving.
Machine 3 is on Subnet 2 and is not multi-homed.
The trust can be setup and validated from Machine 3, but users from Domain A cannot be added to a group in Domain B. When attempting to add users or groups from Domain A into a Group on Domain B, only Domain B can be seen in the tree that is offered. This is true even though the trust has been validated. When the trust is tested (validated) from either Machine 1 or 2, it fails. If setting up the trust is initiated from Machines 1 or 2, it fails, says it cannot find a domain controller for Domain B.
I"m looking for either a way to unwind the misconfigured Machines A and B, but still service subnets 1 and 2 with Domain A. Or a completely new configuration that allows the selective authorization one-way incoming trust to work the way it is supposed to.