trusted domain not showing in ad users and computers

I am studying at present and have 2 servers setup 1 as 2k ad controller in
Litwareinc.com and 1 in fabrikam.com as a 2003 ad controller, I have setup a
trust so both trust each other and verified in both directions and all looks
ok.
I can browse both domains and can even open folders on other domains server
without any problems.
My problem is I can only see local domain in user manager in both domains
which makes it impossible to add a user from remote domain to local domain
groups.

I am struggling with this so any help much appreciated.

In news:%(E-Mail Removed),
BINZA@ <mark1.smith(remove this)@virgin.net> stated, which I commented on
below:
> I am studying at present and have 2 servers setup 1 as 2k ad
> controller in Litwareinc.com and 1 in fabrikam.com as a 2003 ad
> controller, I have setup a trust so both trust each other and
> verified in both directions and all looks ok.
> I can browse both domains and can even open folders on other domains
> server without any problems.
> My problem is I can only see local domain in user manager in both
> domains which makes it impossible to add a user from remote domain to
> local domain groups.
>
> I am struggling with this so any help much appreciated.

In User Manager? You mean ADUC (Active Directory Users and Computers)?

If so, you can rt-click the ADUC console name at the top of the console,
change domains, and select the other one. Or create an ADUC console
specificially for the other one. You won't be able to view domain objects
from both simultaneously other than creating a console with snap ins for
each.

Otherwise, domain admininistration is done at their resepective domains in
most cases, but that depends on the scenario.

Of course, I assume that you've already added the Domain ADmins of
litwareinc to the Domain Local Administrators Group of fabrikam? Otherwise
you won't be able to do it with the domain admin account you're logged on to
trying to access the other domain's ADUC.

You can also view users when you set permissions on a network share or some
other resource. When choosing, in the location box, choose the other domain
to see the user, group and computer objects you can add to a resource.

Sounds like you're studying for an exam. Good luck if that's the case. I
hope it helps.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

Thanks for reply Ace,

Of course, I assume that you've already added the Domain ADmins of
> litwareinc to the Domain Local Administrators Group of fabrikam?

You hit the nail on the head with this one.
This is exactly what i am trying to do but cannot, as i cant see the other
domain to add users to groups??
any help appreciated.







"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In news:%(E-Mail Removed),
> BINZA@ <mark1.smith(remove this)@virgin.net> stated, which I commented on
> below:
>> I am studying at present and have 2 servers setup 1 as 2k ad
>> controller in Litwareinc.com and 1 in fabrikam.com as a 2003 ad
>> controller, I have setup a trust so both trust each other and
>> verified in both directions and all looks ok.
>> I can browse both domains and can even open folders on other domains
>> server without any problems.
>> My problem is I can only see local domain in user manager in both
>> domains which makes it impossible to add a user from remote domain to
>> local domain groups.
>>
>> I am struggling with this so any help much appreciated.
>
> In User Manager? You mean ADUC (Active Directory Users and Computers)?
>
> If so, you can rt-click the ADUC console name at the top of the console,
> change domains, and select the other one. Or create an ADUC console
> specificially for the other one. You won't be able to view domain objects
> from both simultaneously other than creating a console with snap ins for
> each.
>
> Otherwise, domain admininistration is done at their resepective domains in
> most cases, but that depends on the scenario.
>
> Of course, I assume that you've already added the Domain ADmins of
> litwareinc to the Domain Local Administrators Group of fabrikam? Otherwise
> you won't be able to do it with the domain admin account you're logged on
> to trying to access the other domain's ADUC.
>
> You can also view users when you set permissions on a network share or
> some other resource. When choosing, in the location box, choose the other
> domain to see the user, group and computer objects you can add to a
> resource.
>
> Sounds like you're studying for an exam. Good luck if that's the case. I
> hope it helps.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
> you to easily find, track threads, cross-post, sort by date, poster's
> name, watched threads or subject.
>
> It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only thing in life is change. Anything more is a blackhole consuming
> unnecessary energy. - [Me]
>

In news:(E-Mail Removed),
BINZA@ <mark1.smith(remove this)@virgin.net> stated, which I commented on
below:
> Thanks for reply Ace,
>
> Of course, I assume that you've already added the Domain ADmins of
>> litwareinc to the Domain Local Administrators Group of fabrikam?
>
> You hit the nail on the head with this one.
> This is exactly what i am trying to do but cannot, as i cant see the
> other domain to add users to groups??
> any help appreciated.

Well, I don't know what steps you are doing to make this work, noe did you
offer, but this is accomplished very easily. Go into litware's ADUC, click
on the Built-In container, rt-click on the "Administrators" group, choose
properties, click on the Members tab, click Add, in the location box, choose
Fabrikam, then click on Advanced, click on Find, then from the list, choose
the Domain Admins, click ok.

If you cannot see litware while performing these steps, then the trust is
corrupted. You can go ahead and try to re-verify it, or remove it and
recreate it.

Since this is a 2000 to 2003 trust, it is NTLM. I am assuming that both DCs
are on the same subnet, since this sort of trust requires NetBIOS name
resolution support for it to work.

Ace