We have established a forest trust with an external partner, both forests have over 50+ sites.
The trust is a one way trust (we trust them) ForestA Trusts ForestB
The trust is established from a Forest A site, that from a network perspective has unrestricted access to all Forest B sites, this functions as you would expect, from this site we can enumerate groups and add them to resources.
The problem comes in from our other 49 sites which from a network perspective can only see 10 of Forest B's sites.
From none of our 49 other sites can we enumerate objects to allow users in the 10 Forest B sites we are working with access to our resources.
We have unrestricted access to these 10 sites and can ping connect to shares (everything you would expect to do)
The issue comes in when we try to modify the security on a resource, we can select Forest B as a location but NOTHING enumerates.
I am thinking that it is trying to enumerate users/groups etc. from one of the "other" 40 sites in ForestB that our resources cannot directly communicate with PDCe maybe?
How can I resolve this? we have complete connectivity to over 20 Domain controllers Belonging to Forest B so why can no enumerate from them? can i force where the looksups go? (is this object picker?)
Thanks