Solved

Two Way Domain Trust - ACL Problem on One Server

Posted on 2016-10-13
2
50 Views
Last Modified: 2016-10-18
I've googled this for a few hours now and I haven't been able to solve this problem.

Domains are ole.local and ept.local.  Two way domain trust. Trust type = Forest, Transitive = Yes.

Both domains have stubs in DNS to resolve to each other. I can ping the root domain ole.local from ept,local and it resolves with one of ole.local's DNS servers and visa versa.  I can add a user or group (from ept.local) to the ACL of an ole.local shared folder on any of the three Windows 2008R2 or 2012 servers at OLE.

I can add a user or group (from ole.local) to the ACL of a ept.local shared folder to all (server 2008 and 2012) but one server 2008R2 machine. When I try this on any of the folders on this machine I get the error "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: ole.local"...  I have confirmed that I can ping from this server the root of the ole.local domain. Again I can add an ole.local user on the other servers at ept with no issue.

Can anyone shed some light on this situation?

Thanks
Rob
0
Comment
Question by:robertgibson
2 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 41848737
Instead of using stub zone, either use conditional forwarding or secondary zone both side for cross forest name resolution

It might be possible that while resolving other domain users, DC to DC communication not happening because stub zone may resolve to some other DC for which AD ports are not opened
0
 

Author Comment

by:robertgibson
ID: 41848763
Based on your comment I went back and checked the two DNS servers on the ept.local side.  One still had an old record in there referencing an old DC.  Once I did a reload it suddenly worked.

Thanks
Rob
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question