The thing to remember is: Resources domain (stuff you want to access) - has the outgoing trust.
Accessing domain - has the incoming trust. So, yes, in your case, USA should show the incoming trust, and the accounts domain should show the outgoing trust. >>> "Ziots, Edward" <ezi...@lifespan.org> 7/12/2011 8:36 AM >>> Which it does say, but it seems like the reverse needs to be true in my case, since its accounts in the USA domain need to access resources in the trusting domain ( my domain) so basically USA would actually have to be under the Domains Trusted by this domain (Outgoing trusts) in the Domains and Trusts MMC Snapin. ( USA being the accounts domain and my Domain being the trusting domain) (Since we would have to put accounts in the USA domain in groups in my domain to have access to said system. Also when I did a netdom query trust I see the following, which leads me to believe the trust between USA and us, is probably already broken. Direction Trusted\Trusting domain Trust type ========= ======================= ========== <- USA Direct Not found I take with this thinking I am on the right page on this one? Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, July 12, 2011 11:25 AM To: NT System Admin Issues Subject: Re: Quick question on Domain Trusts The way trusts work is that the trusting domain is allowing the trusted domain to come in and access resources. So, USA would need to be the trusting domain, and your accounts domain would be the trusted domain. So, in your case, for accounts domain to access USA, in accounts Domains and Trusts, USA would be listed in the Domains that trust this domain (incoming trusts), and in the USA domain, the accounts domain would be in the Domains trusted by this domain. >>> "Ziots, Edward" <ezi...@lifespan.org> 7/12/2011 8:15 AM >>> Got a Windows 2008 R2 DFL/FFL domain. And trying to figure out a trust relationship and what could access what. ( Its been years since I dealt with trusts and what accesses what, so forgive me) I have my accounts domain, which also has my resources, then we have an external trust to a domain called USA ( Says Domains that trust this domain) (Incoming Trust) in Active Directory Domains and Trusts, so if I got this straight then my domain can access resources in the USA domain, or the other way around? Any help on sorting this one out. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin