No announcement yet.

One-way Trust w2k3 and w2k8 RODC

  • Filter
  • Time
  • Show
Clear All
new posts

  • One-way Trust w2k3 and w2k8 RODC

    I have 2 domains and my environment looks like this:
    Central Site:
    Domain1: DC01 (Windows 2003 DC), DC02 (Windows 2008 DC (R/W))
    Domain2: DC11 (Windows 2003 DC), DC12 (Windows 2008 DC (R/W))

    Remote Site:
    Domain1: DC03 (Windows 2008 RODC), FIL01 (Windows 2008 )
    Domain2: DC13 (Windows 2008 RODC)

    We also have remote sites with only 2003 servers, looks like this:
    Domain1: DC04 (Windows 2003 DC), FIL02 (Windows 2003)
    Domain2: DC14 (Windows 2003 DC)

    Domain and Forest functional level is Windows 2003

    There is a one-way trust from Domain1 (Trusting) to Domain2 (Trusted), because we want users from Domain2 to access files on FILxx server in Domain1.

    This works good where we have Windows 2003 DCs/Servers.
    But when we set up the same configuration with Windows Server 2008 RODC and Member server it does not work. When I, on the FIL01 server, try to grant a group from Domain2 access to a folder I get a logon window. I need to type logon credentials for Domain2 domain in order to view the accounts/groups in Domain2 (Don't need to do that on the 2003 server). After I've done that I can add the group from Domain2 but in the permission list, only the SID number for the group is displayed (not like Domain2\Group) and I am not able to access it with the user from Domain2 belonging to this group.

    All 2008 servers in both domains (RODC:s and FIL) have access to each other and to all the DC:s in the Central Site.

    Anybody that knows anything about this?