So, we have two forests (AWS and On-Prem). The DCs can talk to each other and the one-way trust works fine.
Here is the problem.
If I create a share on the DC1 (in AWS), I can grant access to the users from the other on-prem domain DC2. But, if I go to an app server APP1 which is a member of DC1, I can't list the users and grant access. The only difference is that DC1 can talk to the other DC on-prem, but APP1 can't talk to the DC2 on-prem.
My question is: does APP1 server require access to the on-prem DCs DC2.
Thank you
Best Answer
Yes. Or you can put a RODC for the On-Prem domain in AWS.