0

I frequently have to create Directories and set permissions on Samba-Shares which are joined to foreign Domains without Trust Relationship to my "home" Domain.

Mounting and creating Directories works fine

New-PSDrive -Name "F" -PSProvider FileSystem -Root $someNAS -Persist -Credential $admin_in_foreign_domain

New-Item -Path "F:\a\b\testdir" -ItemType Directory

but changing Permissions on that newly created Folder fails.

icacls.exe "F:\a\b\testdir" /inheritance:r /grant "$($foreign_domain)\$($some_username):(OI)(CI)(RX,W)"

results in

domain\User The Trust Relationship Between This Workstation and the Primary Domain Failed

using Powershell Get/Set-ACL didn´t even work within our own Domain. This is probably a Samba issue (didn´t test further).

Any idea how to get around this without using domain-joined computers?

Thanks in Advance

Jochen
  • 1
  • If you don't have a trust, you will need to grant permissions to the *SID* for the security principal in question. I.e., the domain SID of ForeignDomain\Username. – Greg Askew Jan 31 '23 at 16:50
  • Or perhaps you need to run `icacls.exe` with [runas](https://ss64.com/nt/runas.html), specify the external domain credential which you can talk with its domain controller, and see if the command works. Something like this for example may do it.... `RUNAS /user:\ icacls.exe "F:\a\b\testdir" /inheritance:r /grant "$($foreign_domain)\$($some_username):(OI)(CI)(RX,W)"` – Pimp Juice IT Feb 02 '23 at 18:35

0 Answers0