|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
AD questiontrusted us, they created outgoing trust and we created incoming trust) with our branch domain (HQ and branch in different forest and domain name).The objective of the trust is to remove the users' trouble to remember 2 sets of AD Account for the HQ domain account/pwd for email access and branch file server and application access. What's the benefit can i get from this trust establishment? Can i have all my file servers' file shared user access change to the HQ domain login eg....by creating a local domain group and add the HQ domain users into our group so that i can assign the access rights accordingly? By doing this i will not have to maintain my sets of AD user account? I've actually tried that. I noticed that i can grant the HQ domain user account directly into the folder, but not through group. + i can't add the HQ domain users or groups into my AD's user group in the AD MAnagment console. I can't see the HQ domain name when i try to add the HQ users. Is that normal? What's the best way to approach this? Thanks. If HQ wants you to access resources on thier side then they need to add your
Users or Groups to one of thier Groups and grant permissions to it. If you want HQ to access resources on your system then you need to add their Users or Groups to a Group on your side and grant permissions to it. If the trust won't let you do that the correct way then you have setup the Trust backwards. -- Show quoteHide quotePhillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "dkblee" <dkb***@discussions.microsoft.com> wrote in message news:C9463213-7AE3-469A-A0A6-D0C9468CB428@microsoft.com... > hi! Here's the scenario: The HQ has just configured a one way trust (they > trusted us, they created outgoing trust and we created incoming trust) > with > our branch domain (HQ and branch in different forest and domain name).The > objective of the trust is to remove the users' trouble to remember 2 sets > of > AD Account for the HQ domain account/pwd for email access and branch file > server and application access. > > What's the benefit can i get from this trust establishment? Can i have all > my file servers' file shared user access change to the HQ domain login > eg....by creating a local domain group and add the HQ domain users into > our > group so that i can assign the access rights accordingly? By doing this i > will not have to maintain my sets of AD user account? > > I've actually tried that. I noticed that i can grant the HQ domain user > account directly into the folder, but not through group. + i can't add > the > HQ domain users or groups into my AD's user group in the AD MAnagment > console. I can't see the HQ domain name when i try to add the HQ users. Is > that normal? > > What's the best way to approach this? Thanks. Hello dkblee,
Have a look here about forest trust and resource access: http://technet.microsoft.com/en-us/library/cc772808(WS.10).aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > hi! Here's the scenario: The HQ has just configured a one way trust > (they trusted us, they created outgoing trust and we created incoming > trust) with our branch domain (HQ and branch in different forest and > domain name).The objective of the trust is to remove the users' > trouble to remember 2 sets of AD Account for the HQ domain account/pwd > for email access and branch file server and application access. > > What's the benefit can i get from this trust establishment? Can i have > all my file servers' file shared user access change to the HQ domain > login eg....by creating a local domain group and add the HQ domain > users into our group so that i can assign the access rights > accordingly? By doing this i will not have to maintain my sets of AD > user account? > > I've actually tried that. I noticed that i can grant the HQ domain > user account directly into the folder, but not through group. + i > can't add the HQ domain users or groups into my AD's user group in the > AD MAnagment console. I can't see the HQ domain name when i try to add > the HQ users. Is that normal? > > What's the best way to approach this? Thanks. > 
Other interesting topics
|
|||||||||||||||||||||||
