Solved

Active Directory Transitive Forest Trust

Posted on 2010-09-07
3
1,147 Views
Last Modified: 2012-05-10
Hi Everyone

I had the following scenario/"headache"...

We as working with a Company that has 2 forest at the moment. Lets say pe.local and jhb.local. Both forest are running PDC's with Server 2008 Standard.
I have created a two way transitive cross forest trust between the 2 forests primary domain controllers.

Now i have managed to connect to the different forest PDC's with Active Directory Users and Computers, but i would like to create a distribution group in pe.local and then add users from the jhb.local to the distribution group as well. I have half-half managed to get this right, but works sometimes and other times i get errors of the server is not operational.....

Any help would be greatly appreciated.
0
Comment
Question by:technolutions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:jarremopoulos
Comment Utility
First check that trust secure channel is operational. Help you can find http://waynes-world-it.blogspot.com/2008/06/troubleshooting-cross-forest-trust.html . Any  error messages/event log entries you get? Would be helpful.....

 
0
 

Author Comment

by:technolutions
Comment Utility
@jarremopoulos. Thanks for the website help. I have tested the trust channel and everything checks out 100% successful. Trust seems to be working now. But i have one small other issues as well. Now lets say I add the DnsAdmins group from custom.local to be a member of a Domain local group from tester.local, it finds the custom.local group on the tester domain controller and ads it just fine (see Incident-Pic). But as soon as i close the diaglog box and open it again the group is missing......(see Incident-Pic2)


Incident-Pic.png
Incident-Pic2.png
0
 
LVL 3

Accepted Solution

by:
jarremopoulos earned 500 total points
Comment Utility
I'm not sure, but I think this has something to do with Global Catalog replication?? I found following article http://technet.microsoft.com/en-us/library/cc759007%28WS.10%29.aspx --> and there's chapter How universal groups affect global catalog replication.

"Groups with universal scope, and their members, are listed exclusively in the global catalog. Groups with global or domain local scope are also listed in the global catalog, but their members are not."

And Domain Controllers is "special" built-in Global group. Maybe some limitations it's Member of functionality?

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now