Solved

Domain Local Permissions across a Forest Trust

Posted on 2016-08-09
2
51 Views
1 Endorsement
Last Modified: 2016-08-09
Hi, We have recently set up a forest trust between our 2 domains.

We are in the process of testing resource sharing between domains and are currently testing file shares.

From Domain A, if I create a domain local group and add a user from domain B to that group, then assign that group to a file share it works instantly... if I remove the group then deny works instantly.

From Domain B, the exact same process does not work!

Adding a user works fine both ways...

I'm guessing it's not enumerating the groups one way?

Any suggestions anyone??
1
Comment
Question by:petekni
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41748716
If it is enumerating your users on the second domain it means that your trust relationship in that way is in place, and the infrastructure (such as dns name resolution) as well.

Let's evaluate two additional points for your groups... when you created the trust relationship was it 'Domain Wide' (not partially)?... Second, you need to be aware that Domain local groups from the other forest are not going to appear available for assigning permissions in the resource forest, you will just visualize Universal and Global groups. Additionally, for a global group in that domain you cannot add users from the trusted domain.
0
 

Author Closing Comment

by:petekni
ID: 41748739
It worked after some time, it's obviously faster one way than the other
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD and Exchnage 2010 Photos 3 41
Windows 2012 R2 Terminal Server 3 33
NTP problem 24 41
How to disable AD users from a csv  list? 4 27
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question