RE: 2 way forest trust
- From: v-morche@xxxxxxxxxxxxxxxxxxxx (Morgan che(MSFT))
- Date: Mon, 07 Apr 2008 09:09:40 GMT
Hi,
Thanks for posting here.
From your description, I understand that you used a Domain A user accountto log on Domain B, where you had successfully established trust
relationship. However, the error message indicating "check you username or
password" was received and the logon process failed. If I misunderstood,
please let me know.
Please understand this is an expected behavior. Because Domain B doesn't
include the user account you use to logon (Domain A), the domain controller
of Domain B cannot authenticate the user account from domain A. This user
account does not have the corresponding permission to log on Domain B. To
use a user account to successfully log onto Domain B, please create the
corresponding accounts in Domain B.
The main purpose to create forest trust relationship is to allow each
domain users access trusted Domain resources through assigning the
corresponding permissions. That is to say, although a user logs on domain
A, he can still be authorized to access the resources existing in domain B.
More information about domain trust:
=============
How Domain and Forest Trusts Work
http://technet2.microsoft.com/WindowsServer/en/library/f5c70774-25cd-4481-8b
7a-3d65c86e69b11033.mspx?mfr=true
Domain Secure Channel Utility -- Nltest.exe
http://support.microsoft.com/kb/158148/en-us
I hope this helps. If you need further assistance, please feel free to post
back.
Have a good day!
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
--->From: RTR <bhamoo@xxxxxxxxx>
--->Newsgroups: microsoft.public.windows.server.migration
--->Subject: 2 way forest trust
--->Date: Sat, 5 Apr 2008 10:22:49 -0700 (PDT)
--->Organization: http://groups.google.com
--->Lines: 33
--->Message-ID:
<89cdc8b4-0557-41e0-a02f-13897b7af151@xxxxxxxxxxxxxxxxxxxxxxxxxx>
--->NNTP-Posting-Host: 70.179.124.244
--->Mime-Version: 1.0
--->Content-Type: text/plain; charset=ISO-8859-1
--->Content-Transfer-Encoding: 7bit
--->X-Trace: posting.google.com 1207416169 13655 127.0.0.1 (5 Apr 2008
17:22:49 GMT)
--->X-Complaints-To: groups-abuse@xxxxxxxxxx
--->NNTP-Posting-Date: Sat, 5 Apr 2008 17:22:49 +0000 (UTC)
--->Complaints-To: groups-abuse@xxxxxxxxxx
--->Injection-Info: 8g2000hsu.googlegroups.com;
posting-host=70.179.124.244;
---> posting-account=mq3tzwoAAAC1q8PNhpk3ETzM_b38Qf_f
--->User-Agent: G2/1.0
--->X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.13)
---> Gecko/20080311 Firefox/2.0.0.13,gzip(gfe),gzip(gfe)
--->Bytes: 2430
--->Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!nntp.giganews.co
m!postnews.google.com!8g2000hsu.googlegroups.com!not-for-mail
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3361
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
---> Hi Guys,
--->
--->Here is my setup;
--->
--->Forest A DomainA and ForestB domainB
--->2 way trust between the forests.(trust was setup correctly and
--->validates and no errors)
--->
--->I am stuck, I have 2 forests with 1domain each. I have created a 2 way
--->trust using the steps in the link below from microsoft.
--->http://technet2.microsoft.com/windowsserver/en/library/f82e82fc-0700-427
8-a166-4b8ab47b36db1033.mspx?mfr=true
--->
--->Everything sets up fine and even the trust is validated.
--->Now on one of the cleint computers I also see that the second domain
--->appears as a option to logon.
--->eg: logon to box shows- dmoainA, domainB and computername.
--->but when I try to log on to the domainB from a computer which is in
--->domainA, I cannot logon no errors just says check you username or
--->password.
--->
--->Also the username I am using to logon only exists on the domainA and
--->this computer is a member of domainA and I am trying to logon to
--->domainB as coz of trusts domainB appears as a option for me to logon
--->to box.
--->
--->IN DNS i have setup forwarder for DomainnB to the IP of the domainB
--->dns and same thing is done on domainA on dmoainB's DNS.
--->
--->I am just confused i thought I should be able to logon to any domain
--->once the 2 way trust is created regardless of the domain the user
--->account was created on.
--->
--->Is there something I am missing.
--->
.
- References:
- 2 way forest trust
- From: RTR
- 2 way forest trust
- Prev by Date: RE: Child domain migration
- Next by Date: Re: error creating trust from NT domain to AD domain
- Previous by thread: 2 way forest trust
- Next by thread: RE: 2 way forest trust
- Index(es):
Relevant Pages
|
