Thanks for saving my sanity, Guido, I have for days been seeking the missing userright or setting in ADUC to show the memberships :-)
Are there any easier method to show/set these memberships than cruising through all the parent domain groups? And BTW, copying a user no longer copies the parent domain group memberships - argh! Ole Thomsen > -----Original Message----- > From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] > Sent: Friday, April 09, 2004 7:49 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Unable to see users group membership > in trusted domain > > works as designed. Especially if you're using Domain Local Groups > (DLG). But in 2003 you can even not see the UG memberships of other > domains in ADUC. This will likely be "fixed" in SP1 as only GCs would > have the potential to show UG-memberships from other domains > anyways (a > filter was added in 2003 so that only groups of own domain show up on > the MemberOf tab of an object - in SP1 you're supposed to have a > choice). > > Realize a "non-GC" DC doesn't know of the UG memberships of the other > domains and neither a DC nor a GC will show you the DLG memberships of > the other domains - as these are not replicated to the GC. > > And wait until you try to recover accidentally deleted users in your > environment and recover them. Then not seeing the memberships will be > the least of your worries => they'll actually be missing from > the other > groups... Read this whitepaper if you want to know more: > http://www.aelita.com/library/whitepapers/10_Things_to_Know_ab > out_Active > _Directory_Recovery.pdf > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ole Thomsen > Sent: Mittwoch, 7. April 2004 00:37 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Unable to see users group membership in trusted > domain > > I have two AD domains, of which one is subdomain to the other. > > In the child domain, most users are members of a number of security > groups in the parent domain. > > All was well until recently, but after raising the domain and forest > level to 2003 i can no longer see the child domain users parent domain > membership under the user property "Member of". Furthermore, from this > property sheet i cannot add the user to parent domain groups anymore. > > They are still members, everything works as expected, and i > can add the > users to groups from within the group property - but that is > a hell of a > job to cruise through the all groups everytime a user is created.... > > Please help :-) > > Ole Thomsen > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
