locked
Two-way trust between two different forests RRS feed

  • Question

  • I have created a two-way trust between 2 different AD domains.  I can access shares and other resources fine.  However, I need to have Domain B login to Domain A's Terminal Server.  Does Domain B's user accounts have the ability to login to Domain A's Terminal server or will I have to create the same accounts in Domain A?
    Tuesday, November 1, 2011 3:56 PM

Answers

  • Why don’t you create a local group each domain and add users from different domain to this group, then assign the correct RDP permission using the security group?


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Elytis Cheng Wednesday, November 2, 2011 2:06 AM
    • Marked as answer by Elytis Cheng Tuesday, November 8, 2011 1:23 AM
    Tuesday, November 1, 2011 4:26 PM
  • Hello,

    as both domains belongs to different AD forests, create a new Local Domain group in Domain A and add into it users in Domain B that you want them to RDP domain A's servers. Once done, grant to this group needed RDP permissions. Note that the group should be a security one and not a distribution one.

    There is no need to create new accounts.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Proposed as answer by Elytis Cheng Wednesday, November 2, 2011 2:06 AM
    • Marked as answer by Elytis Cheng Tuesday, November 8, 2011 1:23 AM
    Tuesday, November 1, 2011 7:26 PM

All replies

  • Why don’t you create a local group each domain and add users from different domain to this group, then assign the correct RDP permission using the security group?


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Elytis Cheng Wednesday, November 2, 2011 2:06 AM
    • Marked as answer by Elytis Cheng Tuesday, November 8, 2011 1:23 AM
    Tuesday, November 1, 2011 4:26 PM
  • Hello,

    as both domains belongs to different AD forests, create a new Local Domain group in Domain A and add into it users in Domain B that you want them to RDP domain A's servers. Once done, grant to this group needed RDP permissions. Note that the group should be a security one and not a distribution one.

    There is no need to create new accounts.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Proposed as answer by Elytis Cheng Wednesday, November 2, 2011 2:06 AM
    • Marked as answer by Elytis Cheng Tuesday, November 8, 2011 1:23 AM
    Tuesday, November 1, 2011 7:26 PM
  • Yes, also you can add those users directly on those terminal servers. 
    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Wednesday, November 2, 2011 12:57 PM