RE: How to Add Users from Trusted Domain in a Different to a Univ
From: Phillip Renouf (PhillipRenouf_at_discussions.microsoft.com)
Date: 09/28/04
- Previous message: Phillip Renouf: "RE: addusers command line in 2003 server"
- In reply to: Phillip Renouf: "RE: How to Add Users from Trusted Domain in a Different to a Univeral"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 13:29:06 -0700
Just to make a correction in my previous post: I mention that you can add
groups from a trusted domain into either Domain Local groups or Universal
groups in the trusting domain. That is incorrect: you can only add groups
from a trusted domain to a Domain Local group in the trusting domain.
Fortunately I wasn't the only one to make that mistake, it is published
incorrectly in the Active Directory for Windows Server 2003 technical
reference published by MSPress too. I feel much better ;)
Phil
"Phillip Renouf" wrote:
> That is correct, the only type of group that you can add users from a trusted
> forest to are Domain Local groups.
>
> The official way to manage this is to add the users to a Global or a
> Universal group in their home domain, then add that group to either a Domain
> Local group or a Universal group in your domain.
>
> (Global groups from a trusted domain can only be added to a Universal group
> in your domain, while a Universal group from a trusted domain can be added to
> either a Domain Local group or a Universal group in your domain)
>
> Phil
>
> "Tyler" wrote:
>
> > I would like to know if it is possible to add users from a trusted domain in
> > one forest into a universal (or otherwise) group in a trusting domain (in a
> > different forest).
> >
> > When I create a new universal group in my trusting domain and click on the
> > button to add users, I am only allowed shown the domain's forest - I cannot
> > see the forest containing the trusted domain. However, on things like
> > shares, I am able to add users from the trusted domain so I can set their
> > access permissions.
> >
> > Am I missing something obvious, or is this just not possible?
> >
> > Thanks, Tyler
> >
> >
> >
- Previous message: Phillip Renouf: "RE: addusers command line in 2003 server"
- In reply to: Phillip Renouf: "RE: How to Add Users from Trusted Domain in a Different to a Univeral"
- Messages sorted by: [ date ] [ thread ]
