Solved

Domain Local Permissions across a Forest Trust

Posted on 2016-08-09
2
53 Views
1 Endorsement
Last Modified: 2016-08-09
Hi, We have recently set up a forest trust between our 2 domains.

We are in the process of testing resource sharing between domains and are currently testing file shares.

From Domain A, if I create a domain local group and add a user from domain B to that group, then assign that group to a file share it works instantly... if I remove the group then deny works instantly.

From Domain B, the exact same process does not work!

Adding a user works fine both ways...

I'm guessing it's not enumerating the groups one way?

Any suggestions anyone??
1
Comment
Question by:petekni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41748716
If it is enumerating your users on the second domain it means that your trust relationship in that way is in place, and the infrastructure (such as dns name resolution) as well.

Let's evaluate two additional points for your groups... when you created the trust relationship was it 'Domain Wide' (not partially)?... Second, you need to be aware that Domain local groups from the other forest are not going to appear available for assigning permissions in the resource forest, you will just visualize Universal and Global groups. Additionally, for a global group in that domain you cannot add users from the trusted domain.
0
 

Author Closing Comment

by:petekni
ID: 41748739
It worked after some time, it's obviously faster one way than the other
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IT certifications are a concrete representation of continual learning on the part of the candidate.  Continual learning is necessary for the long term success of an IT professional, but are IT certifications the right path for you?
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question