Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 Trust Problems - Can't add users from trusted domain.

Status
Not open for further replies.
DavidLeeRoth

DavidLeeRoth

IS-IT--Management
Nov 27, 2002
25
GB
Hi Guys,

I wonder if you can help with a problem that's been bugging me for days.

I've created two win2k domains one AUSTIN the other SPRINGFIELD. I set up a one way, external trust with AUSTIN trusting SPRINGFIELD. All went well and I can verify the trust from both domains.

To test that the trust is up in place and working I create a folder on AUSTIN's DC, and tried to give a user from SPRINGFIELD permissions to it. It show's me the SPRINGFIELD domain but when I try to add a user it tells me

"you are logged on with an account without permissions on the SPRINGFIELD domain"

"Enter a name and password with permissions on this domain and press ok".

Why is it doing this?? I thought the whole purpose of the trust was to allow the administrator from the trusting domain to give users access from the trusted domain?

What am I doing wrong?

I'm grateful for any light that can be shed on this tiresome problem.

Cheers,

DLR.
 
Sort by date Sort by votes
you should add the administrator accounts on both DCs to each domain's 'domain admins' group...

is this a test environment???
cos it's not really recommended having a flat domain name.
should go for dns style domain naming...

Aftertaf

"Resolve is never stronger than the night before it was never weaker
 
Upvote 0 Downvote
Cheers for that.

The domain names are in dns style, just shortened them for the message here.

This is a test environment but when this goes live I shall not be able to add the administrator accounts on both DCs to each domain's 'domain admins' group - I'd have a lot of peeved sec people if I did it.

My problem is expressed exactly as this PSS ID Number Q263956 on support at Microsoft. They say that this is by design and can happen. Sounds like a pile of bull to me but they designed it.

Has anyone found a workaround for this one?

Cheers,

DLR
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
747
araheusaff
araheusaff
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
684
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
903
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
538
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top