Adding admins from a trusted domain

I am having an issue adding an administrator from a trusted domain into the "Built-In Administrators" group.

There are two domains configured with an external one-way trust, Domain A (Server 2008) is trusted into Domain B (Server 2008 R2).  I can authenticate with regular user account on a workstation in Domain B using n account from Domain A.  I cannot authenticate a user from Domain B into Domain A, which is exactly what we want.

The problem is adding administrators from Domain A into Domain B.  I have added an administrator from Domain A into the "Built-In Administrator" group of Domain B.  I can log onto the domain controller of Domain B using the Domain A administrator account.  However, when I look at the group member ship in Domain B, I get the message it cannot display friendly names and I only see the SID of the Domain A administrator account.  I also cannot access any of the administrative tools in Domain B using the Domain A administrator account, such as ADUC.

I have validated the trust successfully and now am somewhat flummoxed.  Any suggestions or ideas are greatly appreciated.
psdadminsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
AnuroopsunddConnect With a Mentor Commented:
Create a domain local group in your domain, add members from other domain and then make it the member of global group.
0
 
AnuroopsunddCommented:
Create a universal group in Domain1 (maybe Domain1\Admin1), add Domain2\Domain
Admins to Domain1\Admin1, now you can add Domain1\Admin1 to Domain1\Domain
Admins
0
 
psdadminsAuthor Commented:
When I create a Universal group, I cannot view the trusted domain, only the local domain.  If I create a Domain Local group, I can then browse the other domain.  The problem persists with the newly created "Domain Local" group.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
psdadminsAuthor Commented:
This just keeps getting more bizarre and maybe I am not fully understanding the groups.

If I create a Domain Local group, I can browse to the other domain and add users, however I cannot add the Domain Local group to the Built-In Administrators group.

If I create a Universal or a Global group I can add those groups to the Administrator group, but cannot browse and add users from the trusted domain.
0
 
AnuroopsunddCommented:
You are right. :)
so best way we use is create Domain local group.. add administrator from trusted domain to this group.. and then add this group to other groups which are required like administrators.
0
 
AnuroopsunddCommented:
But hope this worked for you and this is the right way to do the stuff with trusted domains.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.