hope someone can shed some light on this issue. In our environment we have Windows Server 2003 DC on domain (A). and DC 2012 R2 Domain (B). these two are not same forest root.
we setup one-way Trust (Type) Forest trust transitive= Domain B (2012 R2 DC) trusted Domain A (2003 DC)=
-Direction of trust- Outgoing
-Transitivity of trust- forest transitive
-validated = passed (no problem here)
-Name suffix Routing setup for Domain.local B forest.
-authentication Forest wide - forest wide authentication
adding users domain A to domain B group "domain security group"= failed error stated (some of the object names cannot be shown in their user-friendly name form , this can happen if the object is from an external domain and that domain is not available to translate the object name)
this happened after selected some users from domain A, which mean I did able browsing on domain-A of AD.
If we tried two way trust then everything seemed OK, we were able successfully added some users. so no issue on two-way trust.
if two way-trust is fine, that's rule out DNS, right?
thank you every much in advance.