I have two AD in which two-way trusts relationship(forest and transitive) exists. Trusted domain are trust1.com and trust2.com.
I created a AD-User(TEST1) in trust2.com using administrator credentials of trusted domain (trust1.com). But I am not able to rename the computer username from TEST1 to TEST2 using administrator credentials of trust1.com.
I can see ldap_rename is giving the error insufficient access of the user. The confusion here is the user can add using trusted domain credential, but not able to rename.
Parameters passed to ldap_rename function is
int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] );
dn : CN=TEST1,CN=Computers,DC=trust2,DC=com
newrdn: cn=TEST2
newparent: CN=Computers,dc=trust2,dc=com
deleteoldrdn = 1
Do I need to do anything else before doing this operation?
The standard security settings for an Active Directory domain allow all authenticated user to add new computers, while instead you need to be an administrator (or have specific access rights) to rename or delete one.
It looks like your admin account in trust1.com doesn't have any administrative rights in trust2.com, thus it's treated as a standard user: it can add new computers to the domain but it can't manage existing ones (includes the one itself created).
This is indeed normal, because a domain trust doesn't allow by itself admins from one domain to manage the other one, and vice-versa; in order to achieve this, you'll have to grant admin rights in trust2.com to users or groups from trust1.com, either explicitly (using ACLs) or by placing them in the Administrators domain local group.