GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Two-domain Active Directory rights conundrum

Home Forums Server Operating Systems Windows Server 2000 / 2003 / 2003 R2 Two-domain Active Directory rights conundrum

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    RouterPouter
    Member
    #129663

    Hey all,

    Where to begin (*sigh*). We have two domains in our environment – ZIPSERVE and BIG.OPS. BIG.OPS has an outgoing trust to ZIPSERVE.

    In the ZIPSERVE directory, we have a group called Coordinators who login to their machines under the ZIPSERVE domain, but need to use the Active Directory Sites and Services tool to manage usernames and passwords in the BIG.OPS directory. They typically open an MMC, right-click ZIPSERVE, choose Connect to Domain, type in BIG.OPS and click OK.

    About a week ago, this portion *broke*. After they typed in BIG.OPS and clicked OK, a message now appears saying:


    Windows cannot connect to the new domain because:
    Logon failure: unknown username or password

    *They were NOT prompted for credentials*

    However, they can sort of get around this by right-clicking ZIPSERVE again, this time choosing Connect to Domain Controller, and connect using fully.qualified.name.of.big.ops.machine.

    But unfortunately, once they are connected and want to manage the BIG.OPS domain, they are constantly prompted for their ZIPSERVE credentials and/or are denied access to changes they want to make, even though they have full rights on the OUs they are adjusting.

    I initially suspected a trusts issue between the two domains, but I validated it today and that went fine. I’m not sure where to start – can someone throw me a bone?

    Thanks,
    Brian

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.