I am currently familiarizing myself with trusts.On each of two Server 2012 R2 I installed a domain controller in a new forest.
- dc1.forest01.local, 192.168.10.10/16
- dc2.forest02.local, 192.168.20.10/16
I set up a trust. Forest01 is the trusting domain and forest02 is the trusted domain.
Forest02 has a global group object GlobalGroup02.
I wanted to assign GlobalGroup02 read permissions on a share on dc1.forest01.local.
When I try to do that, I get asked for credentials for the trusted domain forest02. When I enter the password, the group is found and added. But as far as I should not getting asked for a password? I did some troubleshooting (see below picture)
but everything looks fine to me. Why do I get the credentials prompt and what must I do to be able to search for users and groups in the trusted domain?
I tested the trusts on both domain controllers using the Active Directory Trusts Snap-In. On both DCs they are active.
I executest nltest /trusted_domains and don't see any problems:
C:\>nltest /trusted_domains
0: FOREST02 forest02.local (NT 5) (Direct Outbound) ( Attr: 0x18 )
1: FOREST01 forest01.local (NT 5) (Forest Tree Root) (Primary Domain) (Native)