Unable to Browse Users in Trusted Domain (263956)

SYMPTOMS

When users and groups are enumerated from a trusted domain, you may receive the following message:

You are logged on with an account that does not have access to:

TrustedDomain

Enter the name and password of an account with permissions for this domain and click OK.

This behavior occurs with any of the following operations:

Defining group membership, such as adding a domain user to the local Administrators group on a member workstation
Setting permissions for users and groups on files and folder shares
Setting permissions for users and groups on keys in the Windows NT registry
Enabling an audit trail for object access by users and groups

CAUSE

This behavior occurs when you log on to a trusting domain and try to gain access to the list of users in the trusted domain and only a one-way trust exists. This problem can occur with any of the following one-way explict trusts:

Trust between two Windows 2000 domains that reside in different forests.
Trust between a Windows 2000 domain and a Microsoft Windows NT 4.0 domain.
Trust between two Windows NT 4.0 domains that have Windows 2000 clients

A Windows 2000-based computer does not try a null session when it requests the list of users from the trusted domain. When the authentication request of the currently logged on user is unsuccessful, the user is prompted for the appropriate credentials.

RESOLUTION

To resolve this issue, use one of the following methods:

Supply the user name and password of an account that can be authenticated by the trusted domain.
Add a second trust in the reverse direction so the trusted domain also trusts the trusting domain.
Synchronize the user name and passwords for the accounts you will be using for this operation in each domain.

Unable to Browse Users in Trusted Domain (263956)

SYMPTOMS

CAUSE

RESOLUTION

STATUS