You cannot browse users in a trusted domain


When users and groups are enumerated from a trusted domain, you may receive the following message:
You are logged on with an account that does not have access to:


Enter the name and password of an account with permissions for this domain and click OK.
This behavior occurs when you perform any of the following operations:
  • Define group membership

    For example, you add a domain user to the local Administrators group on a member workstation.
  • Set permissions for users and groups on files and folder shares
  • Set permissions for users and groups on keys in the Windows NT registry
  • Enable an audit trail for object access by users and groups


This behavior occurs when you log on to a trusting domain and try to access the list of users in the trusted domain and only a one-way trust exists. This problem can occur with any of the following one-way explict trusts:
  • Trust between two Windows 2000 domains that reside in different forests
  • Trust between a Windows 2000 domain and a Microsoft Windows NT 4.0 domain
  • Trust between two Windows NT 4.0 domains that have Windows 2000 clients
A Windows 2000-based computer does not try a null session when it requests the list of users from the trusted domain. When the authentication request of the currently logged on user is unsuccessful, the user is prompted for the appropriate credentials.


To resolve this issue, use one of the following methods:
  • Supply the user name and password of an account that can be authenticated by the trusted domain.
  • Add a second trust in the reverse direction so that the trusted domain also trusts the trusting domain.
  • Synchronize the user name and passwords for the accounts you will be using for this operation in each domain.


This behavior is by design.

Artikelnummer: 263956 – Letzte Überarbeitung: 07.01.2008 – Revision: 1