Trust rights

  • Thread starter Thread starter Jean-Pascal Laux
  • Start date Start date
J

Jean-Pascal Laux

Hi,

is it possible for Domain Administrator for one forest to connect
locally to servers and DC in another forest (I already have a trust).

I tried to put Domain Admins for the first domain in Local Domain
Administrator group of the other forest but it has not solved the
problem with servers/computers.

Jean-Pascal
 
It is definitely possible, but first you need to specify what exactly do you
mean by "to connect".
 
Adding "Domain Admins" from domain A into the Builtin local group
"Administrators" on domain B alone will not give you access to
servers/computers in the other domain. You need to add the "Domain Admins"
from the domain A to the local "Administrators" in the target
computers/servers in domain B. Adding "Domain Admins" to the DLG
Administrators only gives you "Administrator" privileges/permissions to the
domain controllers in domain B and certain rights to the domain B Active
Directory. Since you would then be an administrator on the domain B domain
controllers, you can actually do whatever you want at that point.
 
Back
Top