We have 2 seperate Domains with a forest level trust. On one Domain we have 3 Server 2003 R2 DC's. On the other Domain we have 1 Server 2008 DC. The trust works just fine as I can browse each Domain from the other, however I need to add user access to the shares on each Domain... I upgraded the 2003 R2 AD Schema to the 2008 AD Schema using adprep /forestprep, so that all the AD's have the same Schema. When I try to add a user to a share, I am able to change the Location to the other Domain, but my problem is that I cannot add a user to any shares from one Domain to the other Domain and vice-versa. Any advice would be appreciated.
do you get any error messages? can you see any users from the other domain at all?
no errors at all. on a share, when i chose the sharing tab, or permissions and try to add a user from "Select Users, Computers or Groups", i can choose the other domain from the "Locations" button, but when i type in administrator (or any other user) and then select the "Check Name" button, I get "Name Not Found"
Specifically:
An object named "administrator" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection.
What happens when you do a search with nothing typed in?
z
Not 100% sure but won't you have to run your 2008DC in 2003 forest functional mode in order to keep forest compatibility
Is the Trust in place and verified?
Just because it's there does not mean it's working.
I have had problems in the past establishing trusts between disparate domains.
The trick is to create an identical Domain Admin level account in both domains and use this to establish the domain trust.
I would also check/verify/re-establish the trust using this account.
Make sure the clocks are in sync between domains and the time zones match.
Be sure that each DC in each domain can ping each other by Name and IP.
Eg dc1.xyz.com > dc1.abc.com
If your DNS is not configured to do the lookups between your domains KDC,Keberos,LDAP all fail and you will not get the results you are expecting.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote