Let users use different resources on a domain

45 pts.
Tags:
Active Directory
Active Directory Forest
Domain management
Organizational Unit
OU
Trust relationship
I want to let users from Domain A to use resources on Domain B. Domain A reside at a different Forest than Domain B. I want to limit access to a specified OU. Question: What should I setup?
  • Firewall
  • DNS
  • Sites and services
  • Trust relationship
Thanks and regards.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You didn’t say what is your version of Windows Server, but I guess there is no significant difference.

One thing you need to do is create an inter-forest trust, which you can do in Active Directory Domains and Trusts.

Here is the checklist from the Win Server 2008 help:

Checklist: Create a Forest Trust”

Before you create forest trusts between domains, it is important to verify that the Domain Name System (DNS) server in your environment is properly set up and configured to accept future trust relationships. Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, return to this topic after you review the conceptual topic so that you can proceed with the remaining tasks in this checklist.

Ensure that DNS is set up properly.

Verify a zone delegation using the nslookup command

If there is a root DNS server that can be the root DNS server for both of the forest DNS namespaces, make it the root server by ensuring that the root zone contains delegations for each of the DNS namespaces. Also, update the root hints of all DNS servers with the new root DNS server.

Update root hints on the DNS server

If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are running a Windows Server 2008 operating system, configure DNS conditional forwarders in each DNS namespace to route queries for names in the other namespace.

Configure DNS server forwarders.

If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are not running a Windows Server 2008 operating system, configure DNS secondary zones in each DNS namespace to route queries for names in the other namespace.

Add a secondary server for an existing zone

Create the forest trust (AD Domains and trusts, right-click, properties, trusts, new trust).”

When you create the trust, you should select the “one way:incoming” direction, and you might want to use the “selective authentication” in the trust properties in order to not allow all users to access resources on domain B.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following