RE: [ActiveDir] A Question of 2 Domains

[davlloyd]

Title: Message

Just to extract a little more information:   You have single DNS servers serving each of the two internal domain zones They have each other respectively configured as Forwarders You are also setup for Zone transfers between the two Servers (Have you set up the Secondary zones on each opposing DNS server for the transfers and listed the server in the primary zones) (the above gives you a measure of redundancy)     You get full visibility from Domain A for Domain B but not Vice Versa   DNS resolution works both ways? (You can use Nslookup to test this) Both Zones are complete in each DNS Server?     The problem sounds more orientated towards visibility/resolution then security! Is the Eventlog telling you anything?   Cheers   David     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Yeoh Sent: 14 April 2002 06:41 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] A Question of 2 Domains   Hi Rick,   Thans for the reply.   The thing is, I cannot add users in Domain A into an Admin group in Domain B.   Also, although after zone transfer, the Fwd Lookup Zone for Domain A in Domain B's DNS server only has a sinle Host record for the NS, what happened to the other host records?   This is driving me up the wall, any help will do.   Thanks a million   Regards,   ERIC   ----- Original Message ----- From: Rick Kingslan To: [EMAIL PROTECTED] Sent: Saturday, April 13, 2002 9:54 PM Subject: RE: [ActiveDir] A Question of 2 Domains   There may be much more going on here, but the quick answer (because I have about 2 minutes this AM, and this caught my eye! :)  ) would be simple permissions.  The fact that the trust exists is good, but if there are no permissions granted, then what can an object in Forest A do in Forest B?  Or, vice versa?   Consider this the same (in very high altitude terms) the Domain Admin in Domain Corp.local and the Domain Admin sales.corp.local.  Does the Domain Admin in either domain have any administrative permission in the other?   Rick Kingslan - Microsoft Certified Trainer   MCSE+I on Windows NT 4.0   MCSE on Windows 2000   MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic."   ---  Arthur C. Clarke    -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Yeoh Sent: Saturday, April 13, 2002 8:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] A Question of 2 Domains Hi,   I have this scenario.....   Domains A (accounts domain) and B (resource/Exchange 2k domain) are in diff forests and have two way trusts enabled. In each other DNS servers (Std Primary Zones) I have created a Standard Primary Zones for each other domains i.e. in Domain A a Fwd Lookup Zone for Domain B and vice versa.   For each of the created Zones, the primary name servers are of their respective domains. A NS record is created for Domain B in Domain A's DNS server and vice versa. Zone Transfer for both DNS servers are enabled for those in the NS tab.   My Question is, why can I browse Domain B from Domain A's AD Uses&Comp but not from Domain B? Also why can't members from each other domains?   Thanks   ERIC YEOH MCSE NT4             --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.346 / Virus Database: 194 - Release Date: 10/04/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.346 / Virus Database: 194 - Release Date: 10/04/2002