Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Two Way Domain Trust - ACL Problem on One Server

Posted on 2016-10-13
2
Medium Priority
?
76 Views
Last Modified: 2016-10-18
I've googled this for a few hours now and I haven't been able to solve this problem.

Domains are ole.local and ept.local.  Two way domain trust. Trust type = Forest, Transitive = Yes.

Both domains have stubs in DNS to resolve to each other. I can ping the root domain ole.local from ept,local and it resolves with one of ole.local's DNS servers and visa versa.  I can add a user or group (from ept.local) to the ACL of an ole.local shared folder on any of the three Windows 2008R2 or 2012 servers at OLE.

I can add a user or group (from ole.local) to the ACL of a ept.local shared folder to all (server 2008 and 2012) but one server 2008R2 machine. When I try this on any of the folders on this machine I get the error "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: ole.local"...  I have confirmed that I can ping from this server the root of the ole.local domain. Again I can add an ole.local user on the other servers at ept with no issue.

Can anyone shed some light on this situation?

Thanks
Rob
0
Comment
Question by:robertgibson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 41848737
Instead of using stub zone, either use conditional forwarding or secondary zone both side for cross forest name resolution

It might be possible that while resolving other domain users, DC to DC communication not happening because stub zone may resolve to some other DC for which AD ports are not opened
0
 

Author Comment

by:robertgibson
ID: 41848763
Based on your comment I went back and checked the two DNS servers on the ept.local side.  One still had an old record in there referencing an old DC.  Once I did a reload it suddenly worked.

Thanks
Rob
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question