Solved

Active Directory Transitive Forest Trust

Posted on 2010-09-07
3
1,192 Views
Last Modified: 2012-05-10
Hi Everyone

I had the following scenario/"headache"...

We as working with a Company that has 2 forest at the moment. Lets say pe.local and jhb.local. Both forest are running PDC's with Server 2008 Standard.
I have created a two way transitive cross forest trust between the 2 forests primary domain controllers.

Now i have managed to connect to the different forest PDC's with Active Directory Users and Computers, but i would like to create a distribution group in pe.local and then add users from the jhb.local to the distribution group as well. I have half-half managed to get this right, but works sometimes and other times i get errors of the server is not operational.....

Any help would be greatly appreciated.
0
Comment
Question by:technolutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:jarremopoulos
ID: 33624497
First check that trust secure channel is operational. Help you can find http://waynes-world-it.blogspot.com/2008/06/troubleshooting-cross-forest-trust.html . Any  error messages/event log entries you get? Would be helpful.....

 
0
 

Author Comment

by:technolutions
ID: 33631299
@jarremopoulos. Thanks for the website help. I have tested the trust channel and everything checks out 100% successful. Trust seems to be working now. But i have one small other issues as well. Now lets say I add the DnsAdmins group from custom.local to be a member of a Domain local group from tester.local, it finds the custom.local group on the tester domain controller and ads it just fine (see Incident-Pic). But as soon as i close the diaglog box and open it again the group is missing......(see Incident-Pic2)


Incident-Pic.png
Incident-Pic2.png
0
 
LVL 3

Accepted Solution

by:
jarremopoulos earned 500 total points
ID: 33634335
I'm not sure, but I think this has something to do with Global Catalog replication?? I found following article http://technet.microsoft.com/en-us/library/cc759007%28WS.10%29.aspx --> and there's chapter How universal groups affect global catalog replication.

"Groups with universal scope, and their members, are listed exclusively in the global catalog. Groups with global or domain local scope are also listed in the global catalog, but their members are not."

And Domain Controllers is "special" built-in Global group. Maybe some limitations it's Member of functionality?

0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question