I'm trying to have a trust between domain A and B. But only user RODC on the Domain B
Domain B trusts A.
RODC for Domain A have full firewall port access to RW DCs in Domain A.
In domain A, theres a site containing all subnets on Domain B. The RODC belonging to Domain A is placed in on a subnet in Domain B.
When logging on a server in Domain B with a Domain A account. It works well.
Running NLTEST /DSGETDC:DomainAthe answer points me to the RODC.
All well but,
When trying on the member server to add groups from Domain A to local groups. It tries to communicater with the RW DCs in Domain A.
That will fail beacuse if blocks in firewall.
Is this by design?
Is there there a articel describing this?
Regards
Anders