one-way trust

  • Thread starter Thread starter Robert Cope
  • Start date Start date
R

Robert Cope

Hello,

I apologize if this isn't the right group, or if this has been asked and
answered in the past; I am sure this is a simple question.

I come from a UNIX environment and am trying to learn Windows. For that
purpose, I have build a lab environment that consists of four domains with
two trees:

* lab-dom-00.lab.domain.com
* lab-subdom-00.lab-dom-00.lab.domain.com
* lab-subdom-01.lab-dom-00.lab.domain.com
* lab-dom-01.lab.domain.com

I then setup a one-way trust from "domain.com", which is located in another
forest, into each of these domains.

The trusts appear to be functioning to some degree. For example, from
lab-subdom-00.lab-dom-00.lab.domain.com, I can edit a file's permissions and
add a lab-dom-00.lab.domain.com or domain.com user. However, if I open the
Active Directory Users and Computers MMC, and try to add a lab-dom-00 user
to lab-subdom-00's "Domain Admins" group, I get the message "No objects are
available in this location. Select another location". Going in the other
direction does not work, either.

Is this behavior to be expected, or is something not working? I suspect
something is not working correctly, but don't know where to go from here in
order to fix it.

Any help would be appreciated; I'm willing to read on the subject, but
haven't been able to locate any real good material on it. Thanks,

robert
(e-mail address removed)
 
Take a look at 264302 Error Message: No Objects Are Available in This
Location
http://support.microsoft.com/?id=264302

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Tim,

Appreciate the response. Shortly after posting (naturally) I realized I was
not in native mode and was not using the universal groups. As that article
suggests, that made the difference, at least for domains inside the lab
forest. I am still unable to add accounts from the "domain.com" forest to
any of the other domains. Thanks for any thoughts,

robert
 
How are you going about adding them? You will not see the user accounts if
you are trying to add them to a global group. You will need to add the
users to domain local group. Make sure that you become familiar with the
group scopes. Take a look at the following article to see what groups can
contain groups from other domains.

326265 Description of the Group Scopes That You Can Use to Help Secure
Active
http://support.microsoft.com/?id=326265


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


Robert Cope said:
Tim,

Appreciate the response. Shortly after posting (naturally) I realized I was
not in native mode and was not using the universal groups. As that article
suggests, that made the difference, at least for domains inside the lab
forest. I am still unable to add accounts from the "domain.com" forest to
any of the other domains. Thanks for any thoughts,

robert
Click to expand...
 
Back
Top