Hi, thanks in advance for your help......
I've setup a one-way external trust between
Domain A and domain B
Domain B is windows 2003, and is the Trusted domain.
Doman A is windows 2000, and is the Trusting domain.
We created secondary DNS zones on each DNS server, and the trust created and verified successfully.
For some reason when we try and share out resources from domain A, if we go to select a user account in domain B to grant permissions, it asks for a username and password -
We can't even view the trusted domains active directory user list - so how can we share out stuff?
I've done some investigating and found that if you build a domain without pre-2000 compatible permissions, anonymous access is turned off.
I tried creating a fresh test domain with pre-2000 permissions enabled - however I get the same problem. I even manually added the "everyone" group and "anonymous logon" to active directory with read permissions - no dice.
GRRRR!
Does this mean we have to get a user account created in every 2003 domain we trust?
KB246261 has some info about
"enumerating accounts in a trusted domain"
but I checked and our settings are correct.
I can't believe we are the only people to have come across this issue - so if anybody has any clues please help - Thanks guys!!!
p.s. sorry if this is too long or doesn't have the specifics you need!
I've setup a one-way external trust between
Domain A and domain B
Domain B is windows 2003, and is the Trusted domain.
Doman A is windows 2000, and is the Trusting domain.
We created secondary DNS zones on each DNS server, and the trust created and verified successfully.
For some reason when we try and share out resources from domain A, if we go to select a user account in domain B to grant permissions, it asks for a username and password -
We can't even view the trusted domains active directory user list - so how can we share out stuff?
I've done some investigating and found that if you build a domain without pre-2000 compatible permissions, anonymous access is turned off.
I tried creating a fresh test domain with pre-2000 permissions enabled - however I get the same problem. I even manually added the "everyone" group and "anonymous logon" to active directory with read permissions - no dice.
GRRRR!
Does this mean we have to get a user account created in every 2003 domain we trust?
KB246261 has some info about
"enumerating accounts in a trusted domain"
but I checked and our settings are correct.
I can't believe we are the only people to have come across this issue - so if anybody has any clues please help - Thanks guys!!!
p.s. sorry if this is too long or doesn't have the specifics you need!
