A one-way forest trust is created between 2 Domains, whereby Domain B trusted Domain A. Users a/c in Domain A has been populated in the Domain Local Group (DLG) of Domain B.
However member servers from Domain B is not able to see the user names of Domain A in the DLG of Domain B. Instead the member servers can only see the foreign principal names (aka SID) in the DLG of Domain B.
Can the member servers from Domain B able to see the user friendly names of Domain A in the DLG of Domain B? If yes, may I know how to make it happen?
Appreciate your guidance. Thanks in advance.
Can the Domain B member servers properly resolve Domain A DNS?
Is authentication otherwise working as expected?
Thanks for your reply. Yes member servers can resolve Domain A through DNS.
Access cannot be granted to the users in Domain A because member servers cannot see the user names in the DLG of Domain B. Hence authentication cannot work.
Is it true that Kerberos authentication doesn’t need to grant user by specific name? If so may I know how Kerberos authenicattion works without the need to grant specific users?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.