Domain Admin Access across Trusted domains

Archived from groups: microsoft.public.win2000.security (More info?)

Is there a way for me to have administrator rights on a domain that I trust
with my domain? I just merged with a company and have established an external
trust with their network. I am now incharge of all active directory for the
whole company and would like to be able to access their AD from my pc
directly.

Any help would be much appreciated.

Thanks
Dev
4
answers
Last reply
More about domain admin access trusted domains
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If your machine is in domain that trust them, then you
    need an account in the trusted domain. If theirs is trusting
    yours, then they could adjust membership of their Domain
    Admins group to add your account (they cannot add your
    Domain Admns group as it would be global in alien global)

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
    > Is there a way for me to have administrator rights on a domain that I
    trust
    > with my domain? I just merged with a company and have established an
    external
    > trust with their network. I am now incharge of all active directory for
    the
    > whole company and would like to be able to access their AD from my pc
    > directly.
    >
    > Any help would be much appreciated.
    >
    > Thanks
    > Dev
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    The trust is a two way external trust. I can not add members from the trusted
    domain to groups on my domain. I can only add access on the folder/file
    level. How can I add myself to the domain admins group or even the enterprise
    admins group? When I open the group and select add on the members tab, I can
    not see my domain to add my account.

    Any ideas?

    Thanks
    Dev

    "Roger Abell" wrote:

    > If your machine is in domain that trust them, then you
    > need an account in the trusted domain. If theirs is trusting
    > yours, then they could adjust membership of their Domain
    > Admins group to add your account (they cannot add your
    > Domain Admns group as it would be global in alien global)
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
    > > Is there a way for me to have administrator rights on a domain that I
    > trust
    > > with my domain? I just merged with a company and have established an
    > external
    > > trust with their network. I am now incharge of all active directory for
    > the
    > > whole company and would like to be able to access their AD from my pc
    > > directly.
    > >
    > > Any help would be much appreciated.
    > >
    > > Thanks
    > > Dev
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    You may have a DNS issue.
    If both domains are using Windows DNS and are W2k3 then
    you could resolve this with conditional forwarding. Else,
    you would need to establish secondary zones each in the
    other domain so that both can resolved the AD supporting
    DNS records of the other.

    You should expect to not be able to add external groups into
    your domain global groups. You should be able to see the
    trusted domain in the list of locations in the user/group object
    picker, and to then add from the external as long as you are
    not attempting to next externals into your globals.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    news:AD20CA04-47BE-4EF3-BE8C-51063716CBA2@microsoft.com...
    > The trust is a two way external trust. I can not add members from the
    trusted
    > domain to groups on my domain. I can only add access on the folder/file
    > level. How can I add myself to the domain admins group or even the
    enterprise
    > admins group? When I open the group and select add on the members tab, I
    can
    > not see my domain to add my account.
    >
    > Any ideas?
    >
    > Thanks
    > Dev
    >
    > "Roger Abell" wrote:
    >
    > > If your machine is in domain that trust them, then you
    > > need an account in the trusted domain. If theirs is trusting
    > > yours, then they could adjust membership of their Domain
    > > Admins group to add your account (they cannot add your
    > > Domain Admns group as it would be global in alien global)
    > >
    > > --
    > > Roger Abell
    > > Microsoft MVP (Windows Security)
    > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
    > > > Is there a way for me to have administrator rights on a domain that I
    > > trust
    > > > with my domain? I just merged with a company and have established an
    > > external
    > > > trust with their network. I am now incharge of all active directory
    for
    > > the
    > > > whole company and would like to be able to access their AD from my pc
    > > > directly.
    > > >
    > > > Any help would be much appreciated.
    > > >
    > > > Thanks
    > > > Dev
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Roger --

    I'll expand on "DevGD"'s post, if I may ...

    We have a training domain in a separate forest, because we needed to not
    have two-way transitive trusts between it and our production domain ... I
    can add members of our production domain to Domain Local security group, but
    not to Domain Glocal security groups on the training domain ... If I add our
    users to a Domain Local security group, I can't add that Domain Local
    security group to the Domain Global group "Domain Admins" ... We have
    delegated any administrative task possible through Delegation, but that
    doeds not allow us all admin rights, such as Group Policy administration ...
    Anyone who can offer assistance in getting a domain user from a separate
    domain and forest into the trusting domain's Domain Admins group would be
    severely appreciated !!! I don't think it's possible, because I've tried
    everything I can think of, but I could be wrong, and hope that I am ...

    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:e3%23JcpuPFHA.4024@TK2MSFTNGP10.phx.gbl...
    > You may have a DNS issue.
    > If both domains are using Windows DNS and are W2k3 then
    > you could resolve this with conditional forwarding. Else,
    > you would need to establish secondary zones each in the
    > other domain so that both can resolved the AD supporting
    > DNS records of the other.
    >
    > You should expect to not be able to add external groups into
    > your domain global groups. You should be able to see the
    > trusted domain in the list of locations in the user/group object
    > picker, and to then add from the external as long as you are
    > not attempting to next externals into your globals.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > news:AD20CA04-47BE-4EF3-BE8C-51063716CBA2@microsoft.com...
    > > The trust is a two way external trust. I can not add members from the
    > trusted
    > > domain to groups on my domain. I can only add access on the folder/file
    > > level. How can I add myself to the domain admins group or even the
    > enterprise
    > > admins group? When I open the group and select add on the members tab, I
    > can
    > > not see my domain to add my account.
    > >
    > > Any ideas?
    > >
    > > Thanks
    > > Dev
    > >
    > > "Roger Abell" wrote:
    > >
    > > > If your machine is in domain that trust them, then you
    > > > need an account in the trusted domain. If theirs is trusting
    > > > yours, then they could adjust membership of their Domain
    > > > Admins group to add your account (they cannot add your
    > > > Domain Admns group as it would be global in alien global)
    > > >
    > > > --
    > > > Roger Abell
    > > > Microsoft MVP (Windows Security)
    > > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
    > > > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
    > > > > Is there a way for me to have administrator rights on a domain that
    I
    > > > trust
    > > > > with my domain? I just merged with a company and have established an
    > > > external
    > > > > trust with their network. I am now incharge of all active directory
    > for
    > > > the
    > > > > whole company and would like to be able to access their AD from my
    pc
    > > > > directly.
    > > > >
    > > > > Any help would be much appreciated.
    > > > >
    > > > > Thanks
    > > > > Dev
    > > >
    > > >
    > > >
    >
    >
Ask a new question

Read More

Domain Microsoft Active Directory Windows