works as designed. Especially if you're using Domain Local Groups (DLG). But in 2003 you can even not see the UG memberships of other domains in ADUC. This will likely be "fixed" in SP1 as only GCs would have the potential to show UG-memberships from other domains anyways (a filter was added in 2003 so that only groups of own domain show up on the MemberOf tab of an object - in SP1 you're supposed to have a choice).
Realize a "non-GC" DC doesn't know of the UG memberships of the other domains and neither a DC nor a GC will show you the DLG memberships of the other domains - as these are not replicated to the GC. And wait until you try to recover accidentally deleted users in your environment and recover them. Then not seeing the memberships will be the least of your worries => they'll actually be missing from the other groups... Read this whitepaper if you want to know more: http://www.aelita.com/library/whitepapers/10_Things_to_Know_about_Active _Directory_Recovery.pdf /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ole Thomsen Sent: Mittwoch, 7. April 2004 00:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] Unable to see users group membership in trusted domain I have two AD domains, of which one is subdomain to the other. In the child domain, most users are members of a number of security groups in the parent domain. All was well until recently, but after raising the domain and forest level to 2003 i can no longer see the child domain users parent domain membership under the user property "Member of". Furthermore, from this property sheet i cannot add the user to parent domain groups anymore. They are still members, everything works as expected, and i can add the users to groups from within the group property - but that is a hell of a job to cruise through the all groups everytime a user is created.... Please help :-) Ole Thomsen List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
