User Authentication Through A Trust?

[MCP2000]

I am trying to find out how a user in Domain Y is authenticated on Domain Z through a trust.

Here is the scenario. We have a Windows NT 4.0 domain (Domain Y) in which all users and groups have been established. We are working on a stepped migration to Windows 2000. We have another domain setup with Windows 2000 (Domain Z). In Domain Z, we have setup an ISA server for Internet access. Domain Y and Domain Z have a bi-directional non-transitive trust. Due to some changes that are about to take place, I would like to know how the ISA server will authenticate users in Domain Y.

Does the ISA server ask the DC in Domain Z for authentication, and then the DC passes the request on to Domain Y's DC? OR, does the ISA server query the DC on Domain Y directly?

Any assistance would be greatly appreciated. Thanks!!

 

[BradSQLGuy]

Your ISA is asking the DC on Z since it is a member of that domain for authentication and what permissions the users have. Since your trust is set up for an NT server there are global groups set up on that 'Y' server. Through the trust you should add the global groups to the appropriate local groups on domain Z for the resources on Z. Network authentication will take place on 'Y' for its users. For access to any resources on Z it will look for the members local groups exsisting on it. Does that answer your question? -Brad :-D
A+, MCSE NT4, MCDBA SQL7

When you're having a bad day just remember it could be worse.....couldn't it?