I’m having a huge problem getting users in a Windows 2008 domain to access folders on a file share in another Windows 2008 domain. One domain consists of servers in a DMZ; the other domain is for all the internal servers. There is a one-way trust between the domains. The internal domain can access resources on the DMZ domain but not the other way around. A few user accounts that are located in the DMZ domain need access to files on the internal domain. I created a Universal Group on the DMZ domain and added the appropriate users. I then created a Domain Local Group on the internal domain and added the DMZ group to it. I then assigned the appropriate permissions so that the Domain Local Group had access to the folders on the file share. In theory I thought this would work but it doesn’t.
To test I logged into one of the DMZ servers with a user account that has permissions to the internal domain file share. When I try to access the file share I get prompted for login credentials. I assume I shouldn’t be prompted since the user has permissions to the internal file share. When I add the login credentials I get the following error – “Login unsuccessful: The user name you have typed is the same as the user name you logged in with. That user has already been tried. A domain controller cannot be found to verify that user name.” The user account is on the DMZ domain not on the internal Domain so if the file share is trying to verify the account on the internal domain it will fail. What am I doing wrong? Since there is a domain trust should the user accounts from the DMZ domain be in AD on the internal domain? Our network administrator quit on Friday and Active Directory isn’t my area of expertise. Any help that you could provide would be greatly appreciated.