Hello everyone, happy 2013!
In a one way trust: DomainA(trusting)-> DomainB(trusted), the best practice to allow users from B accessing resources from A would be to follow AGDLP (the Global group of DomainB would be inserted in Domain Local group of DomainA).
But what if you don't administer DomainB? i.e. you have no possibility of creating or requesting Global groups on the other side of the trust.
Do you recommend any other way besides the awkward ADLP (i.e. DomainB users inserted directly in DomainA local groups)?