External Trust capabilities between two organizations


  • I have created a one-way trust between my domain and the empty root forest domain of another organization (I trust them, they do not trust me).  I can assign security principals from their empty root domain to domain local groups in my domain.  I cannot assign security principals from child domains within their forest.  What am I missing?

    The trust works (via validate and ability to assign as defined above), DNS/routing/firewall source-destination configs are good (as the trust works), and the trust is set to external, one-way (outbound) and non-transitive. These domains are running 2008R2 and 2003 with 2003 domain functional level.

    Should I be using a different trust type or other options or is this a different problem?

    • Edited by macombej Saturday, July 13, 2013 8:41 PM
    Friday, July 12, 2013 4:56 PM