cross domain trusts

[John M]

I have 1 parent and two child domains at the same level. Everything is W2k
native mode. Let me name the domains..
parent
child1 child2

I'm trying to get child1 domain admins, account operator group in the child2
domain.
From the child2 server, I logged in as parent domain ( enterprise ) admin,
and added domain admins group from child1 into the account operators group
in child2. The problem is that it doesn't seem to be replicating, since
when I look a child1 domain admin group, member of, the child2 groups are
not there.

When I check AD domains and trusts,
I check parent domain, both childs are listed in trusted by and trust this
domain, with child relationship, and transitive = yes

If I check child1, child2 is listed in both locations, trusted by and trust
this domain, with relationship = shortcut and transitive=yes

The same information is in child2..

I'm able to add users from child2 into groups from child1... it seems weird
why I can't admin across the domains, with out using enterprise admin..

Thanks
John

 

[Guest]

Try this John,
From child1 add the domain admins of Child2 to the Administrators group of
Child1. What about a user into a group following the same guidlines?

My first question would be if you see the group or any unresolved SIDs in
the memberOf tab.

 

[John M]

no I don't see anything regarding the other domain in memberof tab

Try this John,
From child1 add the domain admins of Child2 to the Administrators group of
Child1. What about a user into a group following the same guidlines?

My first question would be if you see the group or any unresolved SIDs in
the memberOf tab.


--
James Brandt [MSFT]

I have 1 parent and two child domains at the same level. Everything is W2k
native mode. Let me name the domains..
parent
child1 child2

I'm trying to get child1 domain admins, account operator group in the
child2
domain.
From the child2 server, I logged in as parent domain ( enterprise ) admin,
and added domain admins group from child1 into the account operators group
in child2. The problem is that it doesn't seem to be replicating, since
when I look a child1 domain admin group, member of, the child2 groups are
not there.

When I check AD domains and trusts,
I check parent domain, both childs are listed in trusted by and trust this
domain, with child relationship, and transitive = yes

If I check child1, child2 is listed in both locations, trusted by and
trust
this domain, with relationship = shortcut and transitive=yes

The same information is in child2..

I'm able to add users from child2 into groups from child1... it seems
weird
why I can't admin across the domains, with out using enterprise admin..

Thanks
John