Weird 2-way trust issues...

MasterPlan1 · 12 Jul 2011 at 12:10

I'm currently perplexed by an issue which I'm having with a 2 way trust I have set up from my current domain and my new domain - the domain controllers can query the current domain, but any other machine no matter what level of access (standard user, domain admin) I have I cannot query it. It says access denied.

The trust is a 2 way external non-transistive trust...

I'm in a bit of a pickle because I've got an EV consultant which I'm paying per day sitting here idle, and have no idea why this is happening.

TIA.

oddjob62 · 12 Jul 2011 at 13:01

How does a machine become a domain admin?

What do you mean by "querying"?

If you tell us exactly what you do that works and what you do that doesn't work that might help.

MasterPlan1 · 12 Jul 2011 at 13:11

Querying, netdom query dc /domain

ld.domain.org so I can see the list of DCs in the old domain, this is failing with access denied, no matter what account I use on a member server, it fails, but on a DC it works fine.

And the machines aren't admins, the users who are logged on to machines in the new domain.

Querying the domain is a pretty low level thing if I'm using netdom. But anyway, I'm trying to setup EV in a cross-forest config, but it's not working because the new EV server in the new domain can't contact the DCs, it's coming up with access denied.

Uhtred · 12 Jul 2011 at 13:29

is your dns setup correctly?

MasterPlan1 · 12 Jul 2011 at 13:46

I have forwarders in place on both domains pointing to their respective DNS servers.

So on old domain I have a forwarder of new.dom.org > 10.10.10.1 and 10.11.10.1
New domain I have old.dom.org > 10.12.10.1 and 10.13.10.1