Sign in with
Sign up | Sign in
Your question

Domain Admin Access across Trusted domains

Last response: in Windows 2000/NT
Share
Anonymous
April 11, 2005 4:53:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Is there a way for me to have administrator rights on a domain that I trust
with my domain? I just merged with a company and have established an external
trust with their network. I am now incharge of all active directory for the
whole company and would like to be able to access their AD from my pc
directly.

Any help would be much appreciated.

Thanks
Dev
Anonymous
April 11, 2005 5:20:16 PM

Archived from groups: microsoft.public.win2000.security (More info?)

If your machine is in domain that trust them, then you
need an account in the trusted domain. If theirs is trusting
yours, then they could adjust membership of their Domain
Admins group to add your account (they cannot add your
Domain Admns group as it would be global in alien global)

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
> Is there a way for me to have administrator rights on a domain that I
trust
> with my domain? I just merged with a company and have established an
external
> trust with their network. I am now incharge of all active directory for
the
> whole company and would like to be able to access their AD from my pc
> directly.
>
> Any help would be much appreciated.
>
> Thanks
> Dev
Anonymous
April 11, 2005 6:20:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

The trust is a two way external trust. I can not add members from the trusted
domain to groups on my domain. I can only add access on the folder/file
level. How can I add myself to the domain admins group or even the enterprise
admins group? When I open the group and select add on the members tab, I can
not see my domain to add my account.

Any ideas?

Thanks
Dev

"Roger Abell" wrote:

> If your machine is in domain that trust them, then you
> need an account in the trusted domain. If theirs is trusting
> yours, then they could adjust membership of their Domain
> Admins group to add your account (they cannot add your
> Domain Admns group as it would be global in alien global)
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
> > Is there a way for me to have administrator rights on a domain that I
> trust
> > with my domain? I just merged with a company and have established an
> external
> > trust with their network. I am now incharge of all active directory for
> the
> > whole company and would like to be able to access their AD from my pc
> > directly.
> >
> > Any help would be much appreciated.
> >
> > Thanks
> > Dev
>
>
>
Related resources
Anonymous
April 11, 2005 8:04:25 PM

Archived from groups: microsoft.public.win2000.security (More info?)

You may have a DNS issue.
If both domains are using Windows DNS and are W2k3 then
you could resolve this with conditional forwarding. Else,
you would need to establish secondary zones each in the
other domain so that both can resolved the AD supporting
DNS records of the other.

You should expect to not be able to add external groups into
your domain global groups. You should be able to see the
trusted domain in the list of locations in the user/group object
picker, and to then add from the external as long as you are
not attempting to next externals into your globals.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"DevGD" <DevGD@discussions.microsoft.com> wrote in message
news:AD20CA04-47BE-4EF3-BE8C-51063716CBA2@microsoft.com...
> The trust is a two way external trust. I can not add members from the
trusted
> domain to groups on my domain. I can only add access on the folder/file
> level. How can I add myself to the domain admins group or even the
enterprise
> admins group? When I open the group and select add on the members tab, I
can
> not see my domain to add my account.
>
> Any ideas?
>
> Thanks
> Dev
>
> "Roger Abell" wrote:
>
> > If your machine is in domain that trust them, then you
> > need an account in the trusted domain. If theirs is trusting
> > yours, then they could adjust membership of their Domain
> > Admins group to add your account (they cannot add your
> > Domain Admns group as it would be global in alien global)
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
> > > Is there a way for me to have administrator rights on a domain that I
> > trust
> > > with my domain? I just merged with a company and have established an
> > external
> > > trust with their network. I am now incharge of all active directory
for
> > the
> > > whole company and would like to be able to access their AD from my pc
> > > directly.
> > >
> > > Any help would be much appreciated.
> > >
> > > Thanks
> > > Dev
> >
> >
> >
Anonymous
April 13, 2005 8:59:13 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Roger --

I'll expand on "DevGD"'s post, if I may ...

We have a training domain in a separate forest, because we needed to not
have two-way transitive trusts between it and our production domain ... I
can add members of our production domain to Domain Local security group, but
not to Domain Glocal security groups on the training domain ... If I add our
users to a Domain Local security group, I can't add that Domain Local
security group to the Domain Global group "Domain Admins" ... We have
delegated any administrative task possible through Delegation, but that
doeds not allow us all admin rights, such as Group Policy administration ...
Anyone who can offer assistance in getting a domain user from a separate
domain and forest into the trusting domain's Domain Admins group would be
severely appreciated !!! I don't think it's possible, because I've tried
everything I can think of, but I could be wrong, and hope that I am ...

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e3%23JcpuPFHA.4024@TK2MSFTNGP10.phx.gbl...
> You may have a DNS issue.
> If both domains are using Windows DNS and are W2k3 then
> you could resolve this with conditional forwarding. Else,
> you would need to establish secondary zones each in the
> other domain so that both can resolved the AD supporting
> DNS records of the other.
>
> You should expect to not be able to add external groups into
> your domain global groups. You should be able to see the
> trusted domain in the list of locations in the user/group object
> picker, and to then add from the external as long as you are
> not attempting to next externals into your globals.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> news:AD20CA04-47BE-4EF3-BE8C-51063716CBA2@microsoft.com...
> > The trust is a two way external trust. I can not add members from the
> trusted
> > domain to groups on my domain. I can only add access on the folder/file
> > level. How can I add myself to the domain admins group or even the
> enterprise
> > admins group? When I open the group and select add on the members tab, I
> can
> > not see my domain to add my account.
> >
> > Any ideas?
> >
> > Thanks
> > Dev
> >
> > "Roger Abell" wrote:
> >
> > > If your machine is in domain that trust them, then you
> > > need an account in the trusted domain. If theirs is trusting
> > > yours, then they could adjust membership of their Domain
> > > Admins group to add your account (they cannot add your
> > > Domain Admns group as it would be global in alien global)
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> > > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
> > > > Is there a way for me to have administrator rights on a domain that
I
> > > trust
> > > > with my domain? I just merged with a company and have established an
> > > external
> > > > trust with their network. I am now incharge of all active directory
> for
> > > the
> > > > whole company and would like to be able to access their AD from my
pc
> > > > directly.
> > > >
> > > > Any help would be much appreciated.
> > > >
> > > > Thanks
> > > > Dev
> > >
> > >
> > >
>
>
!