I am trying to set up a forest trust and use ADMT to migrate users using this set of instructions; ADMT Instructions . I am having issues getting the two-way trust to work. Domain A (testad.domain.org) is not allowing me to add users to the builtin/Administrators group on domain B (target.migrate.org). I can select domain A trust as a location, but when I go to search for a user it says it cannot find it. Additionally when I attempt to add Domain A as a nav node in AD Admin Center it says I do not have permissions. I am able to verify the two way trust without issues.
I've read that firewall may be an issue so I disabled it on both sides temporarily and still the same behavior.
I set up a one-way incoming trust on domain A to domain B. I was able to add a domain A user to domain B's administrator group, but I was prompted for credentials for a user on Domain A to access the trust. I can also add domain A as a nav node in AD admin center on domain B. When I convert the trust to a two-way, it breaks again.
I was able to work through the entire set of instructions on two clean domains, so I know they work. Additionally, I was never prompted for credentials when adding users to the builtin/Administrators group through the trust both ways.
I'm thinking there is some configuration on domain A (testad.domain.org) that is cuasing the issue. I can't seem to pinpoint where it would be.