| Author |
Message |
frankcvc
Guest
|
 Posted:
Thu Nov 10, 2005 9:50 pm Post subject:
Re: Problem creating a forest trust relationship |
|
|
I was able to establish a two-way externl trust for two forests with domain
wide authentication.
Users from one forest can access shares on the other forest's shares.
However, when the trust was removed, the access is still there, even they can
access the new files in the share. Anyone can explain why? Both DCs are
VMWare virtual machines.
I was also able to establish a two-way trust for the same DCs with
Selective Authentication. Added users from forest-A to a local group in
forests B and assigned the local group permissions to a share in forest B.
But users from forest A cannot access the share in forest B. The Share is on
the DC in forest B.
Any suggestions?
--
Frank
"Englishman" wrote:
| Quote: | I don't know if you resolved the problem, but I just completed a forest
migration and found a solution to your problem.
If you don't have DNS setup properly between the forests, your trusts will
fail. Please try the following:
- setup a conditional forwarder in DNS for each forest.
- On the servers that you are using to setup the trusts, go to the network
connections > local area conn > tcp/ip properties. Under DNS, ensure that the
primary DNS is the local domain DNS and add an additional DNS of the other
forest DNS server. Then go to advanced and under DNS, select append these DNS
suffixes. Then add each local DNS domain fisrt and then the DNS domain of the
other forest.
Once DNS is prepared, use nslookup to query the servers in each forest. If
this works nicely, you should be able to do the trusts.
Hope this helps
"Ace Fekay [MVP]" wrote:
In news:1126221030.823364.81420@o13g2000cwo.googlegroups.com,
LMiguel <luis.canari@gmail.com> made this post, which I then commented about
below:
It's a fresh install of Windows2003 (SP1)
I followed the steps in the article, and the event id didn't appear
anymore, but the problem with the relationship persists.
Any idea?
Is there any way I can remote into these machines?
It appears from what you said, that everything should just work. I'm not
sure where you are going wrong or what is going on. I've done this a hundred
times (literally because I am a trainer and a consultant) and it always jsut
works unless there's a DNS config issue, forest level issue or errors in
either machine.
Ace
|
|
|
| Back to top |
|
 |
Ace Fekay [MVP]
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 am Post subject:
Re: Problem creating a forest trust relationship |
|
|
In news:235F43EC-BBB2-40ED-ADA3-BACF447D9606@microsoft.com,
frankcvc <frankcvc@discussions.microsoft.com> made this post, which I then
commented about below:
| Quote: | I was able to establish a two-way externl trust for two forests with
domain wide authentication.
Users from one forest can access shares on the other forest's shares.
However, when the trust was removed, the access is still there, even
they can access the new files in the share. Anyone can explain why?
Both DCs are VMWare virtual machines.
I was also able to establish a two-way trust for the same DCs with
Selective Authentication. Added users from forest-A to a local group
in forests B and assigned the local group permissions to a share in
forest B. But users from forest A cannot access the share in forest
B. The Share is on the DC in forest B.
Any suggestions?
|
Did you log them off first, then logon again and they can still access the
shares?
Are the username/passwords the same in both domains?
Ace |
|
| Back to top |
|
|
frankcvc
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: Problem creating a forest trust relationship |
|
|
Thanks, Ace.
Your questions hit the point! After further testing, the only users who can
still access the shares across the forests are administrators on both sides
who also share the same password. Is there anyway to alter this behavior?
--
Frank
"Ace Fekay [MVP]" wrote:
| Quote: | In news:235F43EC-BBB2-40ED-ADA3-BACF447D9606@microsoft.com,
frankcvc <frankcvc@discussions.microsoft.com> made this post, which I then
commented about below:
I was able to establish a two-way externl trust for two forests with
domain wide authentication.
Users from one forest can access shares on the other forest's shares.
However, when the trust was removed, the access is still there, even
they can access the new files in the share. Anyone can explain why?
Both DCs are VMWare virtual machines.
I was also able to establish a two-way trust for the same DCs with
Selective Authentication. Added users from forest-A to a local group
in forests B and assigned the local group permissions to a share in
forest B. But users from forest A cannot access the share in forest
B. The Share is on the DC in forest B.
Any suggestions?
Did you log them off first, then logon again and they can still access the
shares?
Are the username/passwords the same in both domains?
Ace
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: Problem creating a forest trust relationship |
|
|
In news:B307115F-91BA-4A83-914F-F5EF913E4C64@microsoft.com,
frankcvc <frankcvc@discussions.microsoft.com> made this post, which I then
commented about below:
| Quote: | Thanks, Ace.
Your questions hit the point! After further testing, the only users
who can still access the shares across the forests are administrators
on both sides who also share the same password. Is there anyway to
alter this behavior?
|
Change the passwords!
:-)
Ace |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in