Announcement

Collapse
No announcement yet.

Can non-admin grant rights to trusted domain users?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can non-admin grant rights to trusted domain users?

    2 domains in separate forests.
    Both domains are Win2003 servers.
    Functional level of domains is Win2000 native.
    I have a one-way trust DomA -> DomB so that A users can be granted rights to B resources.

    When granting rights, DomB admin can read DomA users/groups to grant rights. DomB non-admin user with full-control rights to a directory can grant rights to DomA users but cannot even read the list of DomA users to grant rights. Non-admin user gets prompted for a DomB user to read the list.

    Is there a right that can be granted or delegated in DomB to a DomB user that will allow them to read DomA users/groups without being prompted?

    If not, what would be the next best suggestion to allow external AD query of DomA?

    I tried enabling Anonymous LDAP Query as outlined here:
    http://www.petri.com/anonymous_ldap_...ws_2003_ad.htm
    but that did not remove the prompt for credentials.

  • #2
    Re: Can non-admin grant rights to trusted domain users?

    I have a one-way trust DomA -> DomB
    in this case obviously u will be able to read only domain data.
    I would say create a two trust.

    Comment

    Working...
    X