?
Solved

Adding admins from a trusted domain

Posted on 2012-03-30
6
Medium Priority
?
346 Views
Last Modified: 2012-12-07
I am having an issue adding an administrator from a trusted domain into the "Built-In Administrators" group.

There are two domains configured with an external one-way trust, Domain A (Server 2008) is trusted into Domain B (Server 2008 R2).  I can authenticate with regular user account on a workstation in Domain B using n account from Domain A.  I cannot authenticate a user from Domain B into Domain A, which is exactly what we want.

The problem is adding administrators from Domain A into Domain B.  I have added an administrator from Domain A into the "Built-In Administrator" group of Domain B.  I can log onto the domain controller of Domain B using the Domain A administrator account.  However, when I look at the group member ship in Domain B, I get the message it cannot display friendly names and I only see the SID of the Domain A administrator account.  I also cannot access any of the administrative tools in Domain B using the Domain A administrator account, such as ADUC.

I have validated the trust successfully and now am somewhat flummoxed.  Any suggestions or ideas are greatly appreciated.
0
Comment
Question by:psdadmins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37786902
Create a universal group in Domain1 (maybe Domain1\Admin1), add Domain2\Domain
Admins to Domain1\Admin1, now you can add Domain1\Admin1 to Domain1\Domain
Admins
0
 

Author Comment

by:psdadmins
ID: 37787127
When I create a Universal group, I cannot view the trusted domain, only the local domain.  If I create a Domain Local group, I can then browse the other domain.  The problem persists with the newly created "Domain Local" group.
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 1500 total points
ID: 37787140
Create a domain local group in your domain, add members from other domain and then make it the member of global group.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:psdadmins
ID: 37787376
This just keeps getting more bizarre and maybe I am not fully understanding the groups.

If I create a Domain Local group, I can browse to the other domain and add users, however I cannot add the Domain Local group to the Built-In Administrators group.

If I create a Universal or a Global group I can add those groups to the Administrator group, but cannot browse and add users from the trusted domain.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787392
You are right. :)
so best way we use is create Domain local group.. add administrator from trusted domain to this group.. and then add this group to other groups which are required like administrators.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787455
But hope this worked for you and this is the right way to do the stuff with trusted domains.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question