Jump to content


  • 0
ingram59

cross-forest access to folder

Question

I've got two forests (Forest A and Forest B ) with a validated two-way non-transitive trust between the domains in each forest. I login as a domain admin to a server in Forest B and can open AD users and computers and browse as needed. I can also open AD in Forest A from that same server in Forest B and can I see all objects.

 

Where I'm having a problem is trying to grant access to a user in the domain on Forest A to a folder on a server in the domain in Forest B.

 

On the server in the domain in Forest B, I open "Share and Storage Management and select the share to which I want to grant the user access. I right-click on the share and go to Properties / Permissions / NTFS Permissions. I click on "Add" / "Locations" and select the domain in Forest A. (See attachment) I see the icon as displayed in the attached JPG. However, when I click on the "+" sign, the domain indicated at the arrow does not open or populate.

 

This is a crucial issue that I need to resolve. What am I missing or what else do I need to do to grant the required access.

 

Thanks in advance for timely responses.

post-16921-0-87317000-1469566339.jpg

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Hi,

I have been struggling with the same issue recently.

Microsoft recommends (and that's how we got it working) to have a global group in the user's forest and add the user to that group.

In the resource forest, create a Domain Local group and add the user's group to it. The group MUST BE domain local!

Try it out and let me know if it works or not.

 

P.S.: In theory, it should work also if you create a domain local group and add the user directly - however, it's not recommended.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.