Announcement

Collapse
No announcement yet.

Cannot add Universal Groups between trusted forests

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot add Universal Groups between trusted forests

    Hello Everyone!
    I am hoping that someone here can help me! I have been brought into this little project mid-way through so I might be lacking in some information. If there is any information needed please let me know. Our objective is to add a universal Security group from company1.corp1.com to a universal security group in company2.corp2.com.

    1. There are two seperate forests (We are trying to authenticate to just individual domains within these forests) We have set up a two way domain trust between company1.corp1.com and company2.corp2.com. The trust is an external trust that is NOT transitive.
    2. We have set up stub DNS zones in each domain for the other domains, the DNS seems to have populated properly and we are able to ping resources by name from company1.corp1.com to company2.corp2.com.
    3. We are able to use Active Directory Users and Computers to view all OU's Groups users etc etc in each domain.
    4. Both the Domain and Forest Function levels are Windows Server 2003


    When we try to add group1.company1.corp.com to group2.company2.corp.com the GUI utility can ONLY see the Local groups! As far as I knew Local groups should be invisible to external forests. I have tried the suggestions listed herewith no luck. I would greatly appreciate any assistance that anyone can offer. Please let me know if any further information is available. Thanks!
    Justin
    A+ Net+ MCP

  • #2
    Re: Cannot add Universal Groups between trusted forests

    Don't you need a full Forest Trust in place to be able to inter-operate Universal Groups?


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Cannot add Universal Groups between trusted forests

      Universal groups can only contain security principals from the same forest the group is in. You can't add universal group from one forest as a member of universal group from another forest. Forest trust will not help here.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Cannot add Universal Groups between trusted forests

        Thanks for the replies! I did not think that Universal groups would work. I have had my supervisor recreate the structure using Global groups. I had him add the GG from domain1 into a domain local group in domain2 and vice versa, this seems to have worked. We are still in the test phase on this so we have some time to get it working. Thanks again for the help!
        Justin
        A+ Net+ MCP

        Comment

        Working...
        X