|
-
September 20th, 2008, 01:58 PM
#1
users in external trusts
Hey guys,
Something new for me and im stuck
I think I have successfully created an external trust between a 2003 domain and a 2000 domain. Both incoming and outgoing trusts are set to external non-transitive.
Supposedly i should be able to add members of domain 2 to domain 1 groups now. I say supposedly because that's not happening. I have no choice of other domains to select users from.
Any help?
Thanks
SANITY IS JUST A STATE OF MIND
-
September 21st, 2008, 02:45 AM
#2
What type of group are you trying to add them to? If you want a security group to have users from another domain, you should be using a Domain Local group rather than a Global one.
Safe computing is a habit, not a toolkit.
-
September 21st, 2008, 08:02 AM
#3
I cant add to any type of group as I can't list the other domains objects. I tried adding [email protected] to a local group on domain1 with "entire directory" selected and without the search thing but its not hapenning. It's like the domains cant see each other.
Maybe there is something other than a trust that needs set up?
Thanks
SANITY IS JUST A STATE OF MIND
-
September 21st, 2008, 09:22 AM
#4
Never mind that last reply. I couldn't see the other domain because i was trying to add to the members of a global group. I was sure it was a domain local group. I should have checked *Head desks*
Thanks
SANITY IS JUST A STATE OF MIND
-
September 21st, 2008, 03:15 PM
#5
On another yet similar note, How would i go about adding a user from forest 2 to a universal/global group in forest1? specifically, i'm trying to add a user to the schema/enterprise/domain admin groups in another forest. Can this be done? As far as i can see i can only add users in other forests to local groups and local groups can only be added to other local groups
Thanks
SANITY IS JUST A STATE OF MIND
-
September 21st, 2008, 04:57 PM
#6
I don't think you can. Normally the advice would be "use domain local groups to assign your permissions to objects", but for the handful of magic groups that's not really an option.
I've got a situation where my Domain1 admin account is a member of Domain2\Administrators (which is Domain Local), and for the most part admin stuff is pretty seamless. There are some things I still need to use an account in Domain2 for though. I've tried not to figure out exactly where the boundaries lie, but generally if I need to run one of the Active Directory control panel things I'll log in as a Domain2 account.
Safe computing is a habit, not a toolkit.
-
September 22nd, 2008, 12:53 PM
#7
Thanks for the help
I ended up adding an account from forest2 to a domain local group in forest1 and delegating control of the domain to that local group with full control permissions. Seems to be working ok
SANITY IS JUST A STATE OF MIND
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
