?
Solved

Domain Local Permissions across a Forest Trust

Posted on 2016-08-09
2
Medium Priority
?
63 Views
1 Endorsement
Last Modified: 2016-08-09
Hi, We have recently set up a forest trust between our 2 domains.

We are in the process of testing resource sharing between domains and are currently testing file shares.

From Domain A, if I create a domain local group and add a user from domain B to that group, then assign that group to a file share it works instantly... if I remove the group then deny works instantly.

From Domain B, the exact same process does not work!

Adding a user works fine both ways...

I'm guessing it's not enumerating the groups one way?

Any suggestions anyone??
1
Comment
Question by:petekni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 2000 total points
ID: 41748716
If it is enumerating your users on the second domain it means that your trust relationship in that way is in place, and the infrastructure (such as dns name resolution) as well.

Let's evaluate two additional points for your groups... when you created the trust relationship was it 'Domain Wide' (not partially)?... Second, you need to be aware that Domain local groups from the other forest are not going to appear available for assigning permissions in the resource forest, you will just visualize Universal and Global groups. Additionally, for a global group in that domain you cannot add users from the trusted domain.
0
 

Author Closing Comment

by:petekni
ID: 41748739
It worked after some time, it's obviously faster one way than the other
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-threading long-running processes can have a significant increase in overall performance and drastically decrease over time it takes for a process to complete. Unfortunately, not all applications support native multi-threading, some by design a…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question