can't see trusted domain users names from member servers

Home Forums Microsoft Networking and Management Services Active Directory can't see trusted domain users names from member servers

This topic contains 2 replies, has 2 voices, and was last updated by Avatar BretL 1 year, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Avatar
    BretL
    Participant
    #611717

    Hi,

    A one-way forest trust is created between 2 Domains, whereby Domain B trusted Domain A. Users a/c in Domain A has been populated in the Domain Local Group (DLG) of Domain B.

     

    However member servers from Domain B is not able to see the user names of Domain A in the DLG of Domain B. Instead the member servers can only see the foreign principal names (aka SID) in the DLG of Domain B.

     

    Can the member servers from Domain B able to see the user friendly names of Domain A in the DLG of Domain B? If yes, may I know how to make it happen?

     

    Appreciate your guidance. Thanks in advance.

     

    pic

    JeremyW
    JeremyW
    Moderator
    #611800

    Hi Bret.

    Can the Domain B member servers properly resolve Domain A DNS?

    Is authentication otherwise working as expected?

    Jeremy

    Avatar
    BretL
    Participant
    #611919

    Hi Jeremy,

    Thanks for your reply. Yes member servers can resolve Domain A through DNS.

    Access cannot be granted to the users in Domain A because member servers cannot see the user names in the DLG of Domain B. Hence authentication cannot work.

    Is it true that Kerberos authentication doesn’t need to grant user by specific name? If so may I know how Kerberos authenicattion works without the need to grant specific users?

    Thanks.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.