RE: [ActiveDir] Cross forest trust: universal groups

Mon, 22 Aug 2005 21:11:48 -0700

Thanks Dean
 
That makes absolute sense....only it conflicts with what is says here:
 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/517b4fa4-5266-419c-9791-6fb56fabb85e.mspx
 

"Create a universal group in the resource forest, and then add all global groups from the other forest (or forests) that need similar access as members of the universal group.

For example, both the employees in the Sales Department and Accounting Department global groups located in ForestA use similar print resources located in ForestB. Create a universal group called Print Users in Other Forests in ForestB, and add both the Sales Department and Accounting Department global groups from ForestA as members.

Universal groups are used primarily to group together two or more global groups (possibly from other forests) into one group for the resource domain."

 
Tony
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Tuesday, 23 August 2005 1:46 p.m.
To: Send - AD mailing list
Subject: RE: [ActiveDir] Cross forest trust: universal groups

A user's Universal group membership must be able to be fully enumerated against a forest-local GC, thus you cannot add users to a Universal beyond their own forest.

--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Monday, August 22, 2005 9:38 PM
To: [email protected]
Subject: [ActiveDir] Cross forest trust: universal groups

Hi all
 
I'm missing something here and I'm hoping you can give me a pointer.
 
Scenario:
2 single domain forests connected by a forest trust.
 
I want to add global groups from ForestB to a universal group in ForestA.  I go into ADUC in ForestA and click on the Members tab and select Add.  When I go to the Locations tab to select the domain from ForestB I only see ForestA as an available option.  Surely I should be able to add resources from ForestB to this universal group?  If I try to do the same thing with a domain local group in ForestA, I see the the domain in ForestB as an available option, so it looks like the trust is ok.
 
Any thoughts?
 
Tony
This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i Limited

Reply via email to