Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD question
AD question [message #157324] Mon, 06 July 2009 12:56 Go to next message
dkblee  is currently offline dkblee
Messages: 24
Registered: July 2009
Junior Member
hi! Here's the scenario: The HQ has just configured a one way trust (they
trusted us, they created outgoing trust and we created incoming trust) with
our branch domain (HQ and branch in different forest and domain name).The
objective of the trust is to remove the users' trouble to remember 2 sets of
AD Account for the HQ domain account/pwd for email access and branch file
server and application access.

What's the benefit can i get from this trust establishment? Can i have all
my file servers' file shared user access change to the HQ domain login
eg....by creating a local domain group and add the HQ domain users into our
group so that i can assign the access rights accordingly? By doing this i
will not have to maintain my sets of AD user account?

I've actually tried that. I noticed that i can grant the HQ domain user
account directly into the folder, but not through group. + i can't add the
HQ domain users or groups into my AD's user group in the AD MAnagment
console. I can't see the HQ domain name when i try to add the HQ users. Is
that normal?

What's the best way to approach this? Thanks.
Re: AD question [message #157333 is a reply to message #157324] Mon, 06 July 2009 15:12 Go to previous messageGo to next message
Phillip Windell  is currently offline Phillip Windell  United States
Messages: 526
Registered: July 2009
Senior Member
If HQ wants you to access resources on thier side then they need to add your
Users or Groups to one of thier Groups and grant permissions to it.

If you want HQ to access resources on your system then you need to add their
Users or Groups to a Group on your side and grant permissions to it.

If the trust won't let you do that the correct way then you have setup the
Trust backwards.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"dkblee" <dkblee@discussions.microsoft.com> wrote in message
news:C9463213-7AE3-469A-A0A6-D0C9468CB428@microsoft.com...
> hi! Here's the scenario: The HQ has just configured a one way trust (they
> trusted us, they created outgoing trust and we created incoming trust)
> with
> our branch domain (HQ and branch in different forest and domain name).The
> objective of the trust is to remove the users' trouble to remember 2 sets
> of
> AD Account for the HQ domain account/pwd for email access and branch file
> server and application access.
>
> What's the benefit can i get from this trust establishment? Can i have all
> my file servers' file shared user access change to the HQ domain login
> eg....by creating a local domain group and add the HQ domain users into
> our
> group so that i can assign the access rights accordingly? By doing this i
> will not have to maintain my sets of AD user account?
>
> I've actually tried that. I noticed that i can grant the HQ domain user
> account directly into the folder, but not through group. + i can't add
> the
> HQ domain users or groups into my AD's user group in the AD MAnagment
> console. I can't see the HQ domain name when i try to add the HQ users. Is
> that normal?
>
> What's the best way to approach this? Thanks.
Re: AD question [message #157357 is a reply to message #157324] Tue, 07 July 2009 03:14 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello dkblee,

Have a look here about forest trust and resource access:
http://technet.microsoft.com/en-us/library/cc772808(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> hi! Here's the scenario: The HQ has just configured a one way trust
> (they trusted us, they created outgoing trust and we created incoming
> trust) with our branch domain (HQ and branch in different forest and
> domain name).The objective of the trust is to remove the users'
> trouble to remember 2 sets of AD Account for the HQ domain account/pwd
> for email access and branch file server and application access.
>
> What's the benefit can i get from this trust establishment? Can i have
> all my file servers' file shared user access change to the HQ domain
> login eg....by creating a local domain group and add the HQ domain
> users into our group so that i can assign the access rights
> accordingly? By doing this i will not have to maintain my sets of AD
> user account?
>
> I've actually tried that. I noticed that i can grant the HQ domain
> user account directly into the folder, but not through group. + i
> can't add the HQ domain users or groups into my AD's user group in the
> AD MAnagment console. I can't see the HQ domain name when i try to add
> the HQ users. Is that normal?
>
> What's the best way to approach this? Thanks.
>
Previous Topic:Can't Install AD on 2003 R2 Server
Next Topic:Remove an attribute from a objectClass
Goto Forum:
  


Current Time: Fri Oct 20 02:54:25 EDT 2017

Total time taken to generate the page: 0.06718 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software