I have the following domain configuration in place:
Corporate.com <- one-way trust <- qadev.local <-> dev.qadev.local
I am able to add email@example.com as a local administrator to machines on qadev.local, but not to machines on its child, dev.qadev.local.
When I attempt to add to the local administrators group on any machine to dev.qadev.local, I can browse corporate.com and select the user, but after this that I receive the error:
The Active Directory Domain Controllers required to find the selected objects in the following domains are not available:
Ensure the Active Directory Domain Controllers are available, and try to select the objects again.
Am I missing anything in this design. Should children of the root be able to piggy-back on the root's trust, or do they require their own trusts to corporate.com for this to work?