Solved

Domain Local Permissions across a Forest Trust

Posted on 2016-08-09
2
47 Views
1 Endorsement
Last Modified: 2016-08-09
Hi, We have recently set up a forest trust between our 2 domains.

We are in the process of testing resource sharing between domains and are currently testing file shares.

From Domain A, if I create a domain local group and add a user from domain B to that group, then assign that group to a file share it works instantly... if I remove the group then deny works instantly.

From Domain B, the exact same process does not work!

Adding a user works fine both ways...

I'm guessing it's not enumerating the groups one way?

Any suggestions anyone??
1
Comment
Question by:petekni
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41748716
If it is enumerating your users on the second domain it means that your trust relationship in that way is in place, and the infrastructure (such as dns name resolution) as well.

Let's evaluate two additional points for your groups... when you created the trust relationship was it 'Domain Wide' (not partially)?... Second, you need to be aware that Domain local groups from the other forest are not going to appear available for assigning permissions in the resource forest, you will just visualize Universal and Global groups. Additionally, for a global group in that domain you cannot add users from the trusted domain.
0
 

Author Closing Comment

by:petekni
ID: 41748739
It worked after some time, it's obviously faster one way than the other
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question