ADDS Forest Trusts Question RRS feed

  • Question

  • Do forgive me if i have posted this in the wrong place. The categories didn't look right :D 

    I have a query about ADDS domain trusts as i cannot wrap my head around it, allow me to build a quick scenario 

    2 forests forestA and forestB - They are able to resolve each other via DNS and are single domain environments 

    Trust - 1-way transitive

    ForestA -Incoming trust 

    ForestB - outgoing trust 

    Question.... This means ForestA is trusted and ForestB is trusting.. Correct? 

    what i do not understand is this

    If i have 2 DC's we will say DCa and DCb - DCa is a domain controller within Foresta and DCb is a domain controller within Forestb

    When Foresta\administrator is logged into DCa i can open ADUC and browse Forestb's domain however cannot write to it

    When Forestb\administrator is logged into DCb i can write to Foresta's ADDS such as creating a new user 

    How is this correct unless i have the whole trusted/trusting mixed up? 

    However the permissions are the opposite and what you would expect, Foresta cannot assign permissions like NTFS to groups from Forestb however it works in reverse so Forrestb can assign permissions to groups in Forresta

    Wednesday, September 30, 2020 9:04 PM

All replies

  • additional, users from Foresta cannot log into computers from forestb it says it isn't allowed but the other way around is says there is no trust relationship 

    Surely one would work being Foresta can login to Forestb computers

    Wednesday, September 30, 2020 9:09 PM
  • This is a forum strictly related to SysInternals Tools questions.

    Microsoft has moved all the old version of the forums to a new site called "Microsoft Q&A": Microsoft Q&A supported products | Microsoft Docs

    Please visit that site and post your question to the rigth forum.

    Thanks for your cooperation!


    Thursday, October 1, 2020 7:30 AM