One way, non-transitivie trust is implemented, can we manage the specified domain ( other forest) from existing domain.

Bhavani B 40 Reputation points
2024-01-09T10:35:06.1366667+00:00

Hi, I am implementing one way non transitive trust between two forests(xyz.domain and abc.domain). I have few questions, kindly help me on this.

  1. Can we manage the trusting domain (abc.domain) from xyz.domain. E.g., creating users, updating group policies on abc.domian from xyz domain. If it is possible how to do so?
  2. How the authorization process works?

Thanks and Regards,

Bhavani

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,703 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,887 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 35,511 Reputation points
    2024-01-09T11:32:33.97+00:00

    Hi @Bhavani B

    Yes it's possible.
    The fisrt step is to create a delegation group (named Group_abc) in abc.domain with required permission to create users or updating group policy. These groups must be created with LOCAL scope to be able to add group or user from another domain.
    The second step is to create a group (named Group_xyz) in xyz.domain in order to add administrator accounts to manager abc.domain domain. these groups must be created with GLOBAL scope in order to be member of another group in another domain.

    The last step is to add group (named Group_xyz) created in xyz.domain group to the group (named Group_abc) created in abc.domin.
    One done each member of group (named Group_xyz) will be able to get the same permission as the group (named Group_abc) to manage users or group policy.


    Please don't forget to accept helpful answer


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.