We have two domains in a school, Admin and Curriculum, in Windows Server 2003. We are trying to set it up such that users in Admin can access Curriculum but not vice-versa. They are both tree roots in the same forest, so there are tree-root trusts between them, which seem OK.
Active Directory seems to be working in both. If a workstation is a member of one domain (e.g Admin, i.e. via computer name properties in Windows XP), it can log on to either domain. However, the user can only access resources (e.g. see computers) in the domain in which they are a member. Presumably there is something else required to grant access to computers that are members of the other trusted domain. I have tried giving file and share permissions to users in the other domain.
Each domain controller runs DNS for its own domain, and have both themselves and the other DC in the DNS list, while workstations that should access both domains have both DNS servers in the DNS list.
I can grant permissions to users on the other domain in Active Directory OK.
Thanks in advance