Our MS SQL Server is on another trusted domain (Trusted Domain T). We created a Universal Group within Domain A with users from different forest domains and added the AD group onto the SQL Server. When the user from Child Domain B tries to connect, they get the error: "Login failed for user".
If I add the user directly instead of the AD Group in SQL Server, they can login without problems. Furthermore, if I create a AD group in Child Domain B, include all the users from that domain and add it to SQL Server, they have access.
- Child Domain B (Child Transitive - Relationship)
- Child Domain C (Child Transitive - Relationship)
Trusted Domain T (External - Non Transitive Relationship)
I'm on SQL Server 2016 (13.0.4001.0)
SQL Server error logs displays the error for that particular user:
Reason: SQL Server error logs displays the error for that particular user: Reason: Could not find a login matching the name provided.
We created a new AD Group within Child Domain B and added the users from that domain and added the group to SQL Server and it worked. So the problem is domain cross referencing in SQL Server.