I have created a one-way trust between my domain and the empty root forest domain of another organization (I trust them, they do not trust me). I can assign security principals from their empty root domain to domain local groups in my domain.
I cannot assign security principals from child domains within their forest. What am I missing?
The trust works (via validate and ability to assign as defined above), DNS/routing/firewall source-destination configs are good (as the trust works), and the trust is set to external, one-way (outbound) and non-transitive. These domains are running 2008R2
and 2003 with 2003 domain functional level.
Should I be using a different trust type or other options or is this a different problem?
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.