Solved

Accessing Resources in a trusted domain

Posted on 2011-09-28
4
180 Views
Last Modified: 2012-05-12
Hi there,
We have a legacy 2003 AD and have created a new 2008 AD. We created a two-way trust between the 2 domains, migrated the user accounts and SID history, currently migrating mailboxes.
Fileshares that are accessible in Domain A are not accessible from Domain B despite the SID history migration.
Any help would be appreciated.
0
Comment
Question by:murphyge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:x-men
x-men earned 250 total points
ID: 36718066
do DomainB\Users have permissions on the shares ?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 36718885
The Domain1 and Domain2 are two different domains you still need to add permissions to the folders for Groups\Users to the old domain.

Create Universal Group or Global Group in Domain2 then create Domain Local Group in DomainA add then DomainB Group into this Domain A group
0
 

Assisted Solution

by:murphyge
murphyge earned 0 total points
ID: 36902335
Guys,

Thanks for your contributions. We had already added the accounts from the new domain to the share permissions in the old domain but that didn't do it.

The solution was to edit the default domain policy on the old domain: Computer Configuration/Security Settings/Local Policies/User Rights Assignment/Allow Log on localy - add authenticated users from new domain. Then did a gpupdate /force on the domain controllers and the member servers where the shares existed and bingo, sorted.

Hope this helps someone else.
Gerry
0
 

Author Closing Comment

by:murphyge
ID: 36935091
I have split the points as both comments put em on the track to the solution.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question