Cross Forest Resource Security

Cross-forest resource security   

   

 To grant access to resources from one forest to another:   

 

 

 

 Create/ensure they have a forest level transitive trust   

 

 

 Create a domain local security group   

 

 

 This group will be what is assigned to the resources.   

 

 

 File shares, delegated AD permissions, etc should point to the domain local group   

 

 

 

 

 Create a universal security group   

 

 

 This will be what the users are added to   

 

 

 

 

 Assign the universal groups as a member of the domain local groups