Inter-Forest Trust with AD Delegation

T

Tester

My company just bought a small company located in the next building. Both of
us are running Windows 2000 AD with seperate forests. We have established
trusts between our two forest. In Company B's AD Users and Computers we
created an OU and delegated control to a group of users in Company A, giving
them the ability to create users and groups in that OU.

The problem is how do I have the users from Company A access the OU in
Company B. I can't get Company A's AD Users and Computers to connect to the
other forest. The users from Company A must logged into their own AD Forest,
so how can they access the OU in the other forest to be able to create users
in that OU in the other forest.

Help please.
 
U

Ulf B. Simon-Weidner

My company just bought a small company located in the next building. Both of
us are running Windows 2000 AD with seperate forests. We have established
trusts between our two forest. In Company B's AD Users and Computers we
created an OU and delegated control to a group of users in Company A, giving
them the ability to create users and groups in that OU.

The problem is how do I have the users from Company A access the OU in
Company B. I can't get Company A's AD Users and Computers to connect to the
other forest. The users from Company A must logged into their own AD Forest,
so how can they access the OU in the other forest to be able to create users
in that OU in the other forest.

Help please.
Click to expand...
Hello Tester,

in Windows 2000 you have nothing like a interforest-Trust. If you want that
functionality you have to upgrade both companies to Windows Server 2003 and run
the forests in native mode.

And why would the users need to access the OUs? Usually OU's are just an
administrative view or tool, and users need to access ressources.

If you need the users of domain A access ressources in domain B, you'll have to
set a trust between those domains and modify the rights (ntfs - share) to allow
the users to access the ressources.

This needs to be done for every domains since the trusts are not transitive.
The transitive Trust would be the Interforest-Trust - see above.

HTH

Gruesse - Sincerely,

Ulf B. Simon-Weidner
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegation to create mail-enabled users 2
Multi forest and Citrix farm 1
Removing a domain from a forest 2
Inter Forest Migration 1
Inter-Forest Trust relationship 0
Forest trust - Administrator rights 5
Controlling Trust Traffic 1
Impoting User names and SId's to different forest 2

Top