Solved

Domain and trust between two domains but list users only from one side.

Posted on 2014-10-12
11
86 Views
Last Modified: 2015-04-15
Drawing1.jpg1.PNG2.PNG3.PNGHello Experts ,
I have a problem with the domain and trust relationship between two different domains as you can see in drawing1.jpg >> we did trust between domain A and domain B  and it's successfully created >> Domain "A" has multiple sites >> domain B has one site ..The problem is when we list the resources "Users ,computers..etc " of domain B from Domain A it's listing them but it did not list users,computers of domain A from domain B and it asks you to enter user name and password ,when you enter any Enterprise admin of domain A or domain B it shows to you "Access is denied " and images number 1,2,3 logged in the event viewer
Please bear in mind the following items
1-Stub zone created on both domains.
2-we did the same configurations in new domain"test.com " in the same physical location as domain A  <<we did Trust between Domain B and Test .com and it worked fine "listing the resources  " from both sides.
3-VMware Tools has been removed from all servers.
4-Firewall is off on both domains.
5-subnets crated for all sites.
6-They have the same forest and domain functional level 2003.
7-Domain A has windows server 2003 and domain B windows server 2008.

Please advise about this issue..Thanks.
0
Comment
Question by:Mahmoud Noubani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40376183
break / remove your trust and then create a 2 way transitive trust again
0
 

Author Comment

by:Mahmoud Noubani
ID: 40376319
Hello david ;
Thanks for your reply I did that many times and created forest ;transitive ;one way trust incoming ;and one outgoing with the same results "error message "
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40376374
It seems to be an authentication permission issue. Have you verified the domain B has proper authentication permission in Domain A?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Mahmoud Noubani
ID: 40376417
Yes Zacharia,
We use Domain admin user of domain A and domain B ,enterprise admin of A and B also.
0
 
LVL 14

Expert Comment

by:Abduljalil Abou Alzahab
ID: 40399132
What is the Domain Function Level and Forest Function Level for domain B ?
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40400349
according to this:
http://technet.microsoft.com/en-us/library/cc816810%28v=ws.10%29.aspx

you have to do some DNS magic, have you done one of these options?
To create a forest trust successfully, you must set up your Domain Name System (DNS) environment properly. If there is a root DNS server that you can make the root DNS server for the DNS namespaces of both forests, make it the root DNS server by ensuring that the root zone contains delegations for each of the DNS namespaces. Also, update the root hints of all DNS servers with the new root DNS server.

If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are running Windows Server 2003, configure DNS conditional forwarders in each DNS namespace to route queries for names in the other namespace.

If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are not running Windows Server 2008 or Windows Server 2003, configure DNS secondary zones in each DNS namespace to route queries for names in the other namespace. For more information about configuring DNS to work with Active Directory Domain Services (AD DS), see the DNS Support for Active Directory Technical Reference (http://go.microsoft.com/fwlink/?LinkID=106660).
0
 
LVL 14

Expert Comment

by:Abduljalil Abou Alzahab
ID: 40400443
Hello,
Also to create a forest trust, the minimum forest functional level for the forests that are involved in the trust relationship is Windows Server 2003.

For more information about trust requirements:
http://technet.microsoft.com/en-us/library/cc816810(v=ws.10).aspx
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40400452
Abduljalil, the information in both of your last 2 comments is already in the original question.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40404493
The problem is when we list the resources "Users ,computers..etc " of domain B from Domain A it's listing them but it did not list users,computers of domain A from domain B

What kind of trust have you created? Could you please give  more details?

Are you sure that the  "DNS"  records are been populated properly in your forests?

Did you make sure the domain admins have proper authentications rights  on each forest?
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40404504
Just for you clarification with regard to the trusts please have a look into the below link.

http://www.edwardsd.co.uk/work/2012/02/domain-trusts-guide/

I believe that you have created only "one way trust" which allows you only to access Domain B from Domain A. Is this your requirement or do you want to have access vise versa?
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question