Loging on to a trusted domain

I have 4 domains that I want to setup with a full trust. Do I need to create a user ID in each seperate domain for me to log into those domains or will my login credentials be shared between the trusted domains from the one domain I have credentials on?
raffie613Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
RickSheikhConnect With a Mentor Commented:
To follow the nesting restrictions. Use a "Domain Local" group to nest trusted users in it. Your question did deviate a bit. All along we had been talking about how a trusted user can log on to a trusted workstation, but now we are talking about resources access (such as a "share"). Pretty much same rules applies but the key thing to note here is that a local admin group on a workstation will accept a trusted user but an AD Global Group would.

Sorry I am kind of lost with your end goal.
0
 
RickSheikhCommented:
In  order to setup a two way trust you should have an account in each of those domains as "domain admins".
0
 
RickSheikhCommented:
After the trust has been established you can log on to a trusted domain's resource (i.e workstation etc) if the account you are using has right to log on. Note that trust does not mean "rights". Rights still need to be manually  granted on whichever resource with the trusted credential.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
RickSheikhCommented:
Credentials are not shared, Trusts merely provide a way for an resource to be ACL'd with trusted account(s).
0
 
raffie613Author Commented:
oh, so If domain A and domain B were in a full trust relationship and I am a user with credentials at domain A, can I log on while on site location at domain B?
thanks.
0
 
RickSheikhCommented:
On a workstation in Domain B with the credential of Domain A ? Yes if the Domain A credentials have been added to either local Users, Administrators, Power Users etc Groups on that Domain B's workstation.
0
 
raffie613Author Commented:
so just go to the uysers under control panel on a workstation in domain B and when I add new user, it will have users lists from domain A drop down for me to add them to that machine?
0
 
RickSheikhCommented:
Sorry for a late reply. No you do not need to create a user account in the trusted domain in order for you to be able to log on to it.

Go to the trusted workstation's local administrators groups from "local users and groups", i.e computer mgmt. and add the Domain A user to that group.

What is your end goal here?
0
 
raffie613Author Commented:
precisley that. To have certain users from Domain A, be able to log in while on site visiting at Domain B without having to create new user logins for them in Domain B.
0
 
RickSheikhCommented:
That will do then.
0
 
raffie613Author Commented:
RickSheikh:
what if I am using a laptop with xp pro which is from domain A? how do I log on while I am visiting at domain b?
thanks
0
 
RickSheikhCommented:
Laptop as in not connected to either network i.e domain A or B ?

Then the cached profiles work exactly as they do for all Domain A users while in Domain A.

If the Domain A user's account is (as discussed above) is part of the local administrators (or any builtin group that allow logon privileges i.e Power Users) group on a computer in domain B and that user from domain A had once logged to this laptop (where the laptop was on Network in domain B) then the profile/credential will be cached.

http://support.microsoft.com/kb/172931
0
 
raffie613Author Commented:
No the laptop belongs to domain A. I need him to be able to logon while being on site at domain B.

So as long as i add local user rights to the laptop for domain B, he can do it?

0
 
RickSheikhCommented:
Are these two domains by an chance from same parent (forest) ?
0
 
raffie613Author Commented:
no different parent domains. I established a two way trust between them. When I try to share a resource to the trusted domain group users, it is not seeing it. I do see the trusted domain in the shared folder properties>security>add>locations. but when I type in a users name it can't find it.
0
 
RickSheikhCommented:
You are probably running into the group nesting restrictions across a trust. For instance a Global Group will not accept users from a trusted domain. Domain Local will. For all restrictions see my post :

http://www.shariqsheikh.com/blog/index.php/200909/group-nesting-reference-chart/
0
 
raffie613Author Commented:
ok so how to get get around it to allow users from one domain to log onto and access resources on the trusted domain?
thanks.
0
 
RickSheikhCommented:
* the key thing to note here is that a local admin group on a workstation will accept a trusted user but an AD Global Group would NOT.
0
 
raffie613Author Commented:
MY end goal is just to have a user who belongs to Domain A, be able to logon using his Laptop which runs XP, while visitng on site at domain B.

Do I create a "Domain local" group on a DC or on the user's laptop?

If on a DC, which domain do I create the "Domain Local" group on, A or B?
Thanks.
0
 
RickSheikhCommented:
Yes you can create a "domain local" security group in Domain A (add users to it), and take that group and nest it into the Domain B's workstation' local administrators group.
0
 
raffie613Author Commented:
ok, but My user is a member of Domain A with his laptop belonging to domain A as well. So how do I do the nesting to get him to be able to logon with his laptop while visiting at Domain B?
sorry for the confusion..
thanks..
0
 
RickSheikhCommented:
So this is your third scenario and If I understand correctly, nothing is required.

If a user from domain A logs on to domain A workstation while visiting a location (such as Domain B's) where the Domain A's DC don't exist, than the logons will be facilitated via Trust with the Domain A's DC.

0
 
raffie613Author Commented:
That has been my question all along. Sorry for the confusion.
I am testing it, and I am unable to login while at Domain B, using my user credentials from Domain A on the laptop.
0
 
raffie613Author Commented:
RickSheikh:
Any ideas why I am not able to logon to domain B with my xp laptop that belongs to domain A? The domains are trusted two ways.
thanks.
0
 
raffie613Author Commented:
How do I do the nesting process again. it seems your instructions were deleted from here.
0
 
raffie613Author Commented:
RickSheikh:
Why is Nesting needed when during the trust proces, one of the options it asks is to automatically allow users from the trusted domain to have access to all resources on this domain?
Thanks again.
0
All Courses

From novice to tech pro — start learning today.