Hello @G-ONE ,
Thank you for posting here.
So my question is how access is granted by adding target users to source domain local groups as per above mentioned scenario? According to Microsoft and Quest articles, If target user login to target domain joined workstation, then in his access token will only include target domain local group not source domain local group.
Because the group with target user has permissions, when the target user access the resource file system resource, they create the session.
For example:
I have two trusts:
a.local, user named u1 and group named g1 (domain local group), domain-joined PC1.
b.local, user named u2 and group named g2(domain local group), domain-joined PC2, shared folder on DC in domain b.local.
u1 is in g2 and u2 is in g1.
g2 has permissions on shared folder in domain b.local.
when u1 logs on PC1, and u1 can access the shared folder.
On server with shared folder, I can see the session.
And below information.
Best Regards,
Daisy Zhou