[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Adding admins from a trusted domain

Posted on 2012-03-30
6
Medium Priority
?
351 Views
Last Modified: 2012-12-07
I am having an issue adding an administrator from a trusted domain into the "Built-In Administrators" group.

There are two domains configured with an external one-way trust, Domain A (Server 2008) is trusted into Domain B (Server 2008 R2).  I can authenticate with regular user account on a workstation in Domain B using n account from Domain A.  I cannot authenticate a user from Domain B into Domain A, which is exactly what we want.

The problem is adding administrators from Domain A into Domain B.  I have added an administrator from Domain A into the "Built-In Administrator" group of Domain B.  I can log onto the domain controller of Domain B using the Domain A administrator account.  However, when I look at the group member ship in Domain B, I get the message it cannot display friendly names and I only see the SID of the Domain A administrator account.  I also cannot access any of the administrative tools in Domain B using the Domain A administrator account, such as ADUC.

I have validated the trust successfully and now am somewhat flummoxed.  Any suggestions or ideas are greatly appreciated.
0
Comment
Question by:psdadmins
  • 4
  • 2
6 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37786902
Create a universal group in Domain1 (maybe Domain1\Admin1), add Domain2\Domain
Admins to Domain1\Admin1, now you can add Domain1\Admin1 to Domain1\Domain
Admins
0
 

Author Comment

by:psdadmins
ID: 37787127
When I create a Universal group, I cannot view the trusted domain, only the local domain.  If I create a Domain Local group, I can then browse the other domain.  The problem persists with the newly created "Domain Local" group.
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 1500 total points
ID: 37787140
Create a domain local group in your domain, add members from other domain and then make it the member of global group.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 

Author Comment

by:psdadmins
ID: 37787376
This just keeps getting more bizarre and maybe I am not fully understanding the groups.

If I create a Domain Local group, I can browse to the other domain and add users, however I cannot add the Domain Local group to the Built-In Administrators group.

If I create a Universal or a Global group I can add those groups to the Administrator group, but cannot browse and add users from the trusted domain.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787392
You are right. :)
so best way we use is create Domain local group.. add administrator from trusted domain to this group.. and then add this group to other groups which are required like administrators.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37787455
But hope this worked for you and this is the right way to do the stuff with trusted domains.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question