Domain Local Permissions across a Forest Trust

Hi, We have recently set up a forest trust between our 2 domains.

We are in the process of testing resource sharing between domains and are currently testing file shares.

From Domain A, if I create a domain local group and add a user from domain B to that group, then assign that group to a file share it works instantly... if I remove the group then deny works instantly.

From Domain B, the exact same process does not work!

Adding a user works fine both ways...

I'm guessing it's not enumerating the groups one way?

Any suggestions anyone??
Who is Participating?
Schnell SolutionsConnect With a Mentor Systems Infrastructure EngineerCommented:
If it is enumerating your users on the second domain it means that your trust relationship in that way is in place, and the infrastructure (such as dns name resolution) as well.

Let's evaluate two additional points for your groups... when you created the trust relationship was it 'Domain Wide' (not partially)?... Second, you need to be aware that Domain local groups from the other forest are not going to appear available for assigning permissions in the resource forest, you will just visualize Universal and Global groups. Additionally, for a global group in that domain you cannot add users from the trusted domain.
petekniAuthor Commented:
It worked after some time, it's obviously faster one way than the other
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.