Re: Trust not working beyween 2 Windows 2003 Domains

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

If you want to establish trust relationship for the purpose of resource
sharing across domains, then you will need to allow users from trusted
domain to be able to access directly servers hosted resources in the
trusting domain. As far as I recall, the servers where the resource reside
would also need to be able to access domain controllers in the trusting
domain so you can actually grant permissions to accounts from the trusted
domain via object picker. More importantly, you need to have cross domain
DNS name resolution...

hth
Marcin

"jlb" <jlb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F3FE4E02-F8DD-4D38-B0F1-E02C60A8E9EA@xxxxxxxxxxxxxxxx
Hi,

This one is making me crazy, here goes....

I have 2 Domains in completely seperated forests.
I have created a 2 way trust between the 2 domains, using a DC from each
domain.
The trust verifies OK.
When sitting on the DC within each domain I can see the users \ local
groups
of the opposing Domain - all good.

Here is where it gets interesting........

Only the domain controllers from the 2 domains have IP access to one
another. The memeber servers in either domain do not have any IP access
to
the opposong site.

When a member server wants to add local groups from the opposing domain to
it's local folders does it need to be able to communicate with the DC on
the
trusted domain?

OR

Does the member server simply use his local DC to proxy the request to the
trusted domain on its behalf?

As you can probably see, i do not want to give any IP access between the
sites other than the DC's - this is a limitation in the WAN
infrastructure.

Please help - I am going mad!!!!!!!!!


.

Relevant Pages

  • Re: Active Directory Restructure Question
    ... If you are building a new forest you can use the Active Directory ... To start would have to establish dns connectivity both ways, ... Once established you can then go and create your external trust, ... domains for your UNIX/LINUX servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: network replacement
    ... It sounds much more convoluted once the whoel details are provided. ... I would go with a new domain and setup a trust and migrate using ADMT. ... as servers with a trust between the two. ... same logins; ...
    (microsoft.public.windows.server.active_directory)
  • Re: Active Directory Restructure Question
    ... If you are building a new forest you can use the Active Directory Migration ... To start would have to establish dns connectivity both ways, ... Once established you can then go and create your external trust, ... domains for your UNIX/LINUX servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Recent Criticism about Ruby (Scalability, etc.)
    ... they have also invested in a ton of servers dedicated to running ... of software development with that of hardware upgrades. ... Actually, when people talk about something scaling well or poorly, ... ever-increasing inclusion of some resource. ...
    (comp.lang.ruby)
  • Re: DNS-One Way Trust-questions....
    ... If this is not the same forest (which is implied by a one-way trust since ... NETBIOS name resolution to work. ... Unless you are on a SINGLE subnet you will need WINS servers ...
    (microsoft.public.win2000.dns)