When setting up a Active Directory Forrest Trust for one of my customers I came across this issue.
Now this was the first AD Trust that I have set up since being in school where Server 2000 was not the best tool to learn on. Needless to say I was a little rusty.
So being tasked with this job by our Project Manager I decided to do what any good engineer would do… GOOGLE IT!!!!
So I came across many good articles on Technet at also from regular bloggers, and I am pretty sure I used this blog as my reference material
Feeling confident I go to the client site and I begin to work on getting the Forrest Trust setup. Now please be mindful that there was a whole list of prerequisites that were done for basic network connectivity before I even got to this point. Some day I may even do an article on them but not today.
By the time I get done with following the directions above and I think everything is good to go I attempt to access a file from the remote AD Domain to a folder in the Local Domain. Immediately I am met with Access is Denied or one of those messages that cause my eye to twitch. Before you ask, Yes I already assigned Security Permissions and Share Permissions.
After some research into the subject and rebuilding the trust several time (which was unnecessary). I find on a remote blog somewhere what although the Trust has been created there are no permissions for the remote uses to be able to authenticate using SMB to access the files on the network.
So here is what I had to do:
1.Open up ADUC (Active Directory Users and Computers)
2. Go to the Computer/Server in AD that is hosting the files that I wanted the remote users to be able to access.
3.Open the Properties window and go to the Security tab.
4. Add the Security Group from the remote domain and make sure that they have the “Allow to authenticate” permission applied.
After doing that I tried again and like magic it just worked.
I hope you find this helpful down the road and good luck.