Solved

Adding admins from a trusted domain

Posted on 2012-03-30
6
339 Views
Last Modified: 2012-12-07
I am having an issue adding an administrator from a trusted domain into the "Built-In Administrators" group.

There are two domains configured with an external one-way trust, Domain A (Server 2008) is trusted into Domain B (Server 2008 R2).  I can authenticate with regular user account on a workstation in Domain B using n account from Domain A.  I cannot authenticate a user from Domain B into Domain A, which is exactly what we want.

The problem is adding administrators from Domain A into Domain B.  I have added an administrator from Domain A into the "Built-In Administrator" group of Domain B.  I can log onto the domain controller of Domain B using the Domain A administrator account.  However, when I look at the group member ship in Domain B, I get the message it cannot display friendly names and I only see the SID of the Domain A administrator account.  I also cannot access any of the administrative tools in Domain B using the Domain A administrator account, such as ADUC.

I have validated the trust successfully and now am somewhat flummoxed.  Any suggestions or ideas are greatly appreciated.
0
Comment
Question by:psdadmins
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37786902
Create a universal group in Domain1 (maybe Domain1\Admin1), add Domain2\Domain
Admins to Domain1\Admin1, now you can add Domain1\Admin1 to Domain1\Domain
Admins
0
 

Author Comment

by:psdadmins
ID: 37787127
When I create a Universal group, I cannot view the trusted domain, only the local domain.  If I create a Domain Local group, I can then browse the other domain.  The problem persists with the newly created "Domain Local" group.
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 500 total points
ID: 37787140
Create a domain local group in your domain, add members from other domain and then make it the member of global group.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:psdadmins
ID: 37787376
This just keeps getting more bizarre and maybe I am not fully understanding the groups.

If I create a Domain Local group, I can browse to the other domain and add users, however I cannot add the Domain Local group to the Built-In Administrators group.

If I create a Universal or a Global group I can add those groups to the Administrator group, but cannot browse and add users from the trusted domain.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787392
You are right. :)
so best way we use is create Domain local group.. add administrator from trusted domain to this group.. and then add this group to other groups which are required like administrators.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787455
But hope this worked for you and this is the right way to do the stuff with trusted domains.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question