2 domains in separate forests.
Both domains are Win2003 servers.
Functional level of domains is Win2000 native.
I have a one-way trust DomA -> DomB so that A users can be granted rights to B resources.
When granting rights, DomB admin can read DomA users/groups to grant rights. DomB non-admin user with full-control rights to a directory can grant rights to DomA users but cannot even read the list of DomA users to grant rights. Non-admin user gets prompted for a DomB user to read the list.
Is there a right that can be granted or delegated in DomB to a DomB user that will allow them to read DomA users/groups?
If not, what would be the next best suggestion to allow external AD query of DomA?
Both domains are Win2003 servers.
Functional level of domains is Win2000 native.
I have a one-way trust DomA -> DomB so that A users can be granted rights to B resources.
When granting rights, DomB admin can read DomA users/groups to grant rights. DomB non-admin user with full-control rights to a directory can grant rights to DomA users but cannot even read the list of DomA users to grant rights. Non-admin user gets prompted for a DomB user to read the list.
Is there a right that can be granted or delegated in DomB to a DomB user that will allow them to read DomA users/groups?
If not, what would be the next best suggestion to allow external AD query of DomA?