The operators managing the users are not people that i would ask to use adsiedit.
Yes please, I would like to know more about the tool. Ole Thomsen > -----Original Message----- > From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] > Sent: Saturday, April 10, 2004 3:05 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Unable to see users group membership > in trusted domain > > as mentioned, using the native tool the visibility depends on > the group > types. and it seems like you preferr viewing the > group-memberships per > user. from a child domain's GC you'll at least be able to view the UG > memberships of your parent domain via ADSIEDIT.MSC => look at the > memberOf attribute. > On a parent domain's GC you could then also use ADSIEDIT, configure it > to connect to the child domain's GC partition and view the > properties of > user of your child domain the way that it's stored on the parent > domain's GC => in the memberOf attribute of the user you'll > see the UGs > and DLG memberships of the parent domain. > > We're building a tool right now (basically done, but internal beta is > still running), that collects all this information (i.e. the links > between users and groups etc.) centrally into an SQL or MSDE database. > The tool then allows you to view all the groups that a user belongs to > in a forest in a nice UI (i.e. it will not only show you the > memberhips > in the domain's own groups, but also all UGs and DLGs from > other domains > in your forest). The main purpose though is not for viewing these > memberships - it is targeted at helping you automatically restore the > memberships in case you've lost them due to restoring accidentally > deleted objects in AD. > > Let me know if you want to know more and I'll put you on my list. > > /Guido > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ole Thomsen > Sent: Samstag, 10. April 2004 12:51 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Unable to see users group membership > in trusted > domain > > Thanks for saving my sanity, Guido, I have for days been seeking the > missing userright or setting in ADUC to show the memberships :-) > > Are there any easier method to show/set these memberships > than cruising > through all the parent domain groups? > > And BTW, copying a user no longer copies the parent domain group > memberships - argh! > > Ole Thomsen > > > > -----Original Message----- > > From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] > > Sent: Friday, April 09, 2004 7:49 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Unable to see users group membership > > in trusted domain > > > > works as designed. Especially if you're using Domain Local Groups > > (DLG). But in 2003 you can even not see the UG memberships of other > > domains in ADUC. This will likely be "fixed" in SP1 as > only GCs would > > have the potential to show UG-memberships from other domains > > anyways (a > > filter was added in 2003 so that only groups of own domain > show up on > > the MemberOf tab of an object - in SP1 you're supposed to have a > > choice). > > > > Realize a "non-GC" DC doesn't know of the UG memberships of > the other > > domains and neither a DC nor a GC will show you the DLG > memberships of > > the other domains - as these are not replicated to the GC. > > > > And wait until you try to recover accidentally deleted users in your > > environment and recover them. Then not seeing the > memberships will be > > the least of your worries => they'll actually be missing from > > the other > > groups... Read this whitepaper if you want to know more: > > http://www.aelita.com/library/whitepapers/10_Things_to_Know_ab > > out_Active > > _Directory_Recovery.pdf > > > > /Guido > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Ole Thomsen > > Sent: Mittwoch, 7. April 2004 00:37 > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Unable to see users group membership in trusted > > domain > > > > I have two AD domains, of which one is subdomain to the other. > > > > In the child domain, most users are members of a number of security > > groups in the parent domain. > > > > All was well until recently, but after raising the domain and forest > > level to 2003 i can no longer see the child domain users > parent domain > > membership under the user property "Member of". > Furthermore, from this > > property sheet i cannot add the user to parent domain > groups anymore. > > > > They are still members, everything works as expected, and i > > can add the > > users to groups from within the group property - but that is > > a hell of a > > job to cruise through the all groups everytime a user is created.... > > > > Please help :-) > > > > Ole Thomsen > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
