I've tried following some of the forum suggestions but I've had no such luck and decided to ask before I screw something up.
I'm trying to grant access to a DFS namespace and Share/NTFS permissions to users from DomainA to resources in DomainB.
Firstly,
All access from a user in DomainB works as expected. I am able to browse the DFS roots, map drives to DFS paths, and create files and folders. ABE is enabled at both the DFS level as well as the Share level.
Example:
DOMAINB\Departments\IT points to DOMAINB-FS\Departments$\IT
DOMAINB\IT User can properly map to this drive.
DOMAINB-FS\Departments$\IT has NTFS permissions with a domain local group allowing resource access to the folder. DOMAINB\IT GROUP is nested within the Domain Local Group that has access to the resource. I have also taken DOMAINA\IT GROUP (global) and also granted it access to the resource.
I'm just kind of confused as to why it works for DOMAINB user but not DOMAINA user. What's the most appropriate way to grant access?