• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Creating 2way Forest Trusts..

M

mrCide

Diamond Member
2 Windows 2003 Forest/Domains.

Anyone here do this before? Our company recently acquired another and our primary goal for the time being is being able to share resources (files, rdp stuff, basics). I understand the concept of creating a two-way forest trust so we can access resources in each of our domains, but I'm not sure exactly how it works. Once you create the trust, what's the next step?

How do you give access to files? Do we have access to their user list to add users rights to folders, for example? Or adding a user to remote access groups, things like that. Just wondering how it works exactly after the fact.
 
as far as i know you should be able to select users and groups from the other domain once the trust is in place.
 
administrative tools > AD Domains and Trusts. Rt Click on your domain, select properties then click on the trusts tab. click on the new trust button on the lower left hand and a new trust wizard will pop up. Just follow the wizard and enter the information requested. Once this is done, your trust will be built between the two domains and corss authentication will be good to go.

From there you'll be able to give universal or global groups (can't remember which one) access to the other domain's resources (file shares, printers etc etc.) I would highly suggest giving permissions by groups to make administration easier, vs giving users permissions to objects.

ie DomainA\Global Group A in DomainA\Universal Group A given permissions to File Share in DomainB

DomainBGlobal Group in DomainBUniversal Group given permissions to Printer in DomainA

I'm a bit rusty on this, but I believe the only groups that can traverse the trust are universal groups, hence why you add the global group to a universal group.

http://technet.microsoft.com/en-us/library/cc755692%28WS.10).aspx
 
Just make sure that neither root Domain Controller on either of the Forests is an SBS server. SBS can't trust other Domains.
 
Once the trust is created, depending on if it is a one way or two way trust. You will be able to add user and groups to files for sharing purposes. We went the other way in Feb. Our company split and the other company is still using resources on our network. So we created a trust and it will be up until we sever the cord.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top