No announcement yet.

Group membership

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group membership

    I am trying to figure out how to make all members of a global group in domain B also be members of a domain local group in domain A. Domains are in different forests, trusts are setup and working properly (2-way external).
    I try the following with ds commands.
    dsget group "cn=groupnameB,cn=users,dc=domainB,dc=com" -members | dsmod group "cn=groupnameA,cn=users,dc=domainA,dc=com" -addmbr

    I get an error "dsmod failed : cn=groupnameA,cn=users,dc=domainA,dc=com. The spcified user does not exist."
    The group is setup in the destination domain.
    I really would rather not assign membership for each user manually (that works, btw) since I have 200+ users in the group.

    Any help would be appreciated.

  • #2
    Re: Group membership

    Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when a forest trust exists between both forests. You can use Active Directory Users and Computers to add security principals across a forest trust.


    • #3
      Re: Group membership

      can't you just add the Global group as a member of the Domain Local group ?