Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5616
  • Last Modified:

Accessing File Share across Forest Trust

Hi,

I have two domains, with a forest trust built between them.  In domain A, I have a file share that I want users from Domain B to access.  If I share the folder and add users from Domain B individuallly it works fine.  

However, when I try to add a group from Domain B to the file share in Domain A, it wont find the group.  

How can I create a group in Domain B and give them access to a file share in Domain A.

Domain A is 2K3 and Domain B is 2K8.
TIA
0
Earl28
Asked:
Earl28
1 Solution
 
serchlopCommented:
You can uses the info in the next link

http://msmvps.com/blogs/acefekay/archive/2012/01/06/using-group-nesting-strategy-ad-best-practices-for-group-strategy.aspx

this show you how configure AGDLP, or short for "Add Accounts to Global Groups, then to Domain Local Groups, then apply Permissions to the Domain Local Group."
0
 
Earl28Author Commented:
Ok, I got it working from 2k8 to 2k3 by doing what the article suggested.  However, I cant get it to work from 2k3 to 2k8.

Originally, I had both groups set as domain local.  I changed the group in domain b to globla and added to the domain local group in A and it worked.  But for some reason, when i try the same thing the other way, it cant find the group.

Any idea?
0
 
pyrosdavCommented:
I need to do the same thing and I am familiar with the AD side, but what required ports are needed since our firewall team wants to lock down everything.

I am assuming file sharing and ADDS ports

TCP/UDP 135, 137, 138, 139 (RPC)
TCP/UDP 389 by default, customizable (LDAP)
TCP 636 by default, customizable (LDAP SSL)
TCP 3268 (LDAP GC)
TCP 3269 (LDAP GC SSL)
TCP/UDP 53 (DNS)
TCP/UDP 88 (Kerberos)
TCP/UDP 445 (Directory Services)

thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now