Announcement

Collapse
No announcement yet.

Unable to add a security group to a group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to add a security group to a group

    I have just setup a brand new single server (Win 2003R2 Server Std) with 40 client XP machines, and added the role from the Manage Your Server wizard to promote it to a domain controller, as usual. Everything works perfectly, except that I cannot add a security group to another security group. When I try to do so, the list of objects I am given contains only user accounts.

    So in ADUC I highlight a Security Group, right click and go Properties > Members > Add > Advanced > Find Now

    I verify that "Users or Other Objects" is showing at the top (which is the default, I didn't change anything) and yet there are only users in the list, whereas it should show both user accounts and security groups.

    So, rather than go to Advanced > Find Now, I try typing the name of the security group that I wish to add and I click the Check Names button, but the security group I just typed cannot be found. How can I fix AD so that I can add a security group to another security group?

    Oh, and if it makes any difference, these are "Global Security Groups".


    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

  • #2
    Re: Unable to add a security group to a group

    when you select object types, you should see users, computers, contacts, security groups and other objects, did you check the groups check box before searching ?

    Comment


    • #3
      Re: Unable to add a security group to a group

      Hi Doc,

      The checkboxes are:
      • Other Objects
      • Computers
      • Users
      • Contacts


      Usually, I do not have to alter the ticks there - by default, "Users" and "Other Objects" are checked. Anyway, checking them all makes no difference. I do not see "Security Groups" in the list of checkboxes of object types. Hmmmm...
      Best wishes,
      PaulH.
      MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

      Comment


      • #4
        Re: Unable to add a security group to a group

        you are running under windows 2000 mixed mode domain functional level, raise it to at least 2000 native in order to nest groups in that global group

        http://technet2.microsoft.com/window....mspx?mfr=true

        http://technet2.microsoft.com/window....mspx?mfr=true

        Regards

        Comment


        • #5
          Re: Unable to add a security group to a group

          OK, that's a brilliant answer, thanks.

          So how can that happen when I take a perfectly ordinary standard installation of Server 2003R2 and make it a domain controller by using the "Add Role" wizard? Accepting the wizard's default options, doing nothing "clever", and I end up with a DC that's running 2000 mixed mode. I don't understand how that can happen.

          (Oh, for others viewing this thread, I'm going to use http://www.petri.com/raise_domain_fu...ndows_2003.htm ... which I have now done and it does the trick.)
          Last edited by PaulH; 11th August 2007, 18:32.
          Best wishes,
          PaulH.
          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

          Comment

          Working...
          X