Adding admins from a trusted domain

I am having an issue adding an administrator from a trusted domain into the "Built-In Administrators" group.

There are two domains configured with an external one-way trust, Domain A (Server 2008) is trusted into Domain B (Server 2008 R2).  I can authenticate with regular user account on a workstation in Domain B using n account from Domain A.  I cannot authenticate a user from Domain B into Domain A, which is exactly what we want.

The problem is adding administrators from Domain A into Domain B.  I have added an administrator from Domain A into the "Built-In Administrator" group of Domain B.  I can log onto the domain controller of Domain B using the Domain A administrator account.  However, when I look at the group member ship in Domain B, I get the message it cannot display friendly names and I only see the SID of the Domain A administrator account.  I also cannot access any of the administrative tools in Domain B using the Domain A administrator account, such as ADUC.

I have validated the trust successfully and now am somewhat flummoxed.  Any suggestions or ideas are greatly appreciated.
psdadminsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
Create a universal group in Domain1 (maybe Domain1\Admin1), add Domain2\Domain
Admins to Domain1\Admin1, now you can add Domain1\Admin1 to Domain1\Domain
Admins
0
psdadminsAuthor Commented:
When I create a Universal group, I cannot view the trusted domain, only the local domain.  If I create a Domain Local group, I can then browse the other domain.  The problem persists with the newly created "Domain Local" group.
0
AnuroopsunddCommented:
Create a domain local group in your domain, add members from other domain and then make it the member of global group.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

psdadminsAuthor Commented:
This just keeps getting more bizarre and maybe I am not fully understanding the groups.

If I create a Domain Local group, I can browse to the other domain and add users, however I cannot add the Domain Local group to the Built-In Administrators group.

If I create a Universal or a Global group I can add those groups to the Administrator group, but cannot browse and add users from the trusted domain.
0
AnuroopsunddCommented:
You are right. :)
so best way we use is create Domain local group.. add administrator from trusted domain to this group.. and then add this group to other groups which are required like administrators.
0
AnuroopsunddCommented:
But hope this worked for you and this is the right way to do the stuff with trusted domains.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.