Announcement

Collapse
No announcement yet.

issue with nested security groups

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • issue with nested security groups

    Hi,

    So i made a security group (lets call it Group A) and delegated it a bunch of rights in AD such as being able to create accounts etc. I created a second group (Group B) and delegated it different rights using group policies (log on remotely to servers etc).

    I want everyone in group B to have the Group B rights, plus all of the Group A rights... so i make Group B a member of Group A.

    I add a user account as a member of group b and open ADUC.

    User account only has the permissions delegated to Group B. It is unable to create new accounts.

    If I just make the user account a member of both group A and Group B - it works fine.

    Dont delegated permissions get passed down through group nesting? If not - whats the point of nesting groups?

    Hopefully someone can explain what is going on

    P.s I'm using Server 2003 R2

    Thanks!

    Simon

  • #2
    Re: issue with nested security groups

    What is the scope of each group, also what are your domain and forest FLs?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: issue with nested security groups

      Originally posted by Ossian View Post
      What is the scope of each group, also what are your domain and forest FLs?
      Both groups are global security groups

      Domain FL is 2003..

      .... just checked forest FL... it was 2000.

      Raised it to 2003.

      Hopefully that resolves the issue.

      When i've got a bit of time i'll test and let you know.

      Thanks ossian

      Comment


      • #4
        Re: issue with nested security groups

        unfortunately it hasnt resolved the issue.

        Still have the same issue


        Its not a huge problem... if worst comes to worst it just means if i have a high leve admin i need to add them into several groups to give them the full level of permissions i want.... i was just trying to be cool and use nested groups

        Comment


        • #5
          Re: issue with nested security groups

          I am surprised it isnt working -- will try to test later with a dummy account
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment

          Working...
          X