Announcement

Collapse
No announcement yet.

2003 to 2008R2 one-way incoming Forest Trust

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2003 to 2008R2 one-way incoming Forest Trust

    I have a 2008R2 environment which is at 2008R2 forest & domain function levels with its default domain.

    I also have a 2003 environment which is at 2003 forest & domain function levels with its default domain plus has one child domain.

    Can a one-way incoming forest trust from that 2003 environment in to the 2008R2 environment be established due to the 2008R2 function level?

    If yes, will that trust permit 2003 users to access \\2003\shares or does that require two-way trusting to "reach back" even though they originate from 2003?

    EDIT: Based on what I see in the trust creation wizard I may be confusing terminology "incoming" with "outgoing". Ultimately the 2003 users need to reach 2008R2 resources such as RDP'ing but be able to open items in their home directory back at 2003 shares.
    Last edited by chip743; 13th January 2011, 17:26.

  • #2
    Re: 2003 to 2008R2 one-way incoming Forest Trust

    Hi,

    Please find the answers inline

    Can a one-way incoming forest trust from that 2003 environment in to the 2008R2 environment be established due to the 2008R2 function level?


    Yes

    will that trust permit 2003 users to access \\2003\shares or does that require two-way trusting to "reach back" even though they originate from 2003?


    Ok It depends upon the direction. Trusts are a lil bit confusing let say if 2003 is A and 2008 R2 is B then one way trust from A--->B, means users in B can access Resources in A. It's like A saying to B that You can use my Car but B is not saying the same
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: 2003 to 2008R2 one-way incoming Forest Trust

      Thanks for the reply. In the 2008R2 environment I created an external outgoing (selective authentication) one-way non-transitive trust.

      In the 2003 environment I created an external incoming one-way (selective authentication) non-transitive trust.

      In the 2008R2 environment, in a Security Group - Domain Local members tab I choose Add and when I click to expand the 2003 domain I am prompted for a username and password.

      Did I do this right or am I missing a step? Should object enumeration be prompting?

      Then after I input credentials of a 2003 Domain Administrator, no objects expanded. EDIT: but I am able to type one in manually and "check name".
      Last edited by chip743; 13th January 2011, 20:58.

      Comment


      • #4
        Re: 2003 to 2008R2 one-way incoming Forest Trust

        So after adding the user to the security group are you able to access it.
        Apparently i have also come across such issues (not really sure if they are really issues or they are as design)
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: 2003 to 2008R2 one-way incoming Forest Trust

          Originally posted by v-2nas View Post
          So after adding the user to the security group are you able to access it.
          Apparently i have also come across such issues (not really sure if they are really issues or they are as design)
          I could not visually drill down the Active Directory tree to a sub- OU. But I could type domain\user and then click check name which discovered my user. Maybe this by design to keep certain trust types from enumerating the AD structure, I dunno? My trust seems to be working ok though.

          Comment

          Working...
          X