Where to begin (*sigh*). We have two domains in our environment – ZIPSERVE and BIG.OPS. BIG.OPS has an outgoing trust to ZIPSERVE.
In the ZIPSERVE directory, we have a group called Coordinators who login to their machines under the ZIPSERVE domain, but need to use the Active Directory Sites and Services tool to manage usernames and passwords in the BIG.OPS directory. They typically open an MMC, right-click ZIPSERVE, choose Connect to Domain, type in BIG.OPS and click OK.
About a week ago, this portion *broke*. After they typed in BIG.OPS and clicked OK, a message now appears saying:
Windows cannot connect to the new domain because:
Logon failure: unknown username or password
*They were NOT prompted for credentials*
However, they can sort of get around this by right-clicking ZIPSERVE again, this time choosing Connect to Domain Controller, and connect using fully.qualified.name.of.big.ops.machine.
But unfortunately, once they are connected and want to manage the BIG.OPS domain, they are constantly prompted for their ZIPSERVE credentials and/or are denied access to changes they want to make, even though they have full rights on the OUs they are adjusting.
I initially suspected a trusts issue between the two domains, but I validated it today and that went fine. I’m not sure where to start – can someone throw me a bone?