Join Log in
Score:0
Jochen avatar Server

run icacls across domains - failed trust relationship

ng flag
Jochen

I frequently have to create Directories and set permissions on Samba-Shares which are joined to foreign Domains without Trust Relationship to my "home" Domain.

Mounting and creating Directories works fine

New-PSDrive -Name "F" -PSProvider FileSystem -Root $someNAS -Persist -Credential $admin_in_foreign_domain

New-Item -Path "F:\a\b\testdir" -ItemType Directory

but changing Permissions on that newly created Folder fails.

icacls.exe "F:\a\b\testdir" /inheritance:r /grant "$($foreign_domain)\$($some_username):(OI)(CI)(RX,W)"

results in

domain\User The Trust Relationship Between This Workstation and the Primary Domain Failed

using Powershell Get/Set-ACL didn´t even work within our own Domain. This is probably a Samba issue (didn´t test further).

Any idea how to get around this without using domain-joined computers?

Thanks in Advance

199
0 + 2
cn flag
Greg Askew
If you don't have a trust, you will need to grant permissions to the *SID* for the security principal in question. I.e., the domain SID of ForeignDomain\Username.
0
Reply
Pimp Juice IT avatar
ch flag
Pimp Juice IT
Or perhaps you need to run `icacls.exe` with [runas](https://ss64.com/nt/runas.html), specify the external domain credential which you can talk with its domain controller, and see if the command works. Something like this for example may do it.... `RUNAS /user:<foreign domain>\<username> icacls.exe "F:\a\b\testdir" /inheritance:r /grant "$($foreign_domain)\$($some_username):(OI)(CI)(RX,W)"`
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.