Re: AD - users and computers in child domain

In news:%23HFWNPPtFHA.2968@xxxxxxxxxxxxxxxxxxxx,
Fyodor Yemelyanenko <fyodor_e@xxxxxxx> made this post, which I then
commented about below:
> I read article from Ulf B. Simon-Weidner's post and decided to
> conduct a little experiment. I created third domain in my forest,
> installed only one dc there and didn't promote it as GC.
>
> Root domain (domain.ru)
> DC1 GC IM
> DC2 GC
> Child domain1
> DC1 IM GC
> Child domain2 (test1.domain.ru)
> DC1 IM (not GC)
>
> Then I added Administrator@xxxxxxxxxxxxxxx to Enterprise
> administrators from domain.ru and Administrator@xxxxxxxxx to
> TestUniversalGroup from test1.domail.ru. I waited for replication to
> occur. Then I checked Member Of property page from both users
> properties. Neighter user was shown as member of universal group from
> other domain! But when I looked at Members property page from
> Enterprise administrators and TestUniversalGroup properties users
> from other domains was shown there.
> What do you think about it?
> Fyodor

Universal groups will show up because they exist and are stored in the GC,
not on any specific domain. If you are looking at a Universal Group
properties, sure, the Universal Group has info about what members are in it.
What the IM does is pull references for objects in other domains, such as
Global and Domain Local Groups, which exist in the specific domain they were
created in. So if they are not in a Universal group, then if you are looking
for references for such data, they *may* not display.

Ace


.

Relevant Pages

  • Re: Message bouncing between two servers
    ... Basically she is a member of a group that is nested in one that sends to the ... (ie. departmental universal group, nested within company ... send to the company universal group. ... all refer to the SMTP connector/smart host problems, ...
    (microsoft.public.exchange.admin)
  • Re: Secondary (backup) domain controller not working ?
    ... No I am not using Universal group. ... Do you use Universal groups and are the accounts member of them? ... If i startup a client when the preferred DNS is down i don't have any delay realized. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Identify which users are missing from a group
    ... account objects a direct member of the Universal Group. ... user account objects you do not want to have 300 individual user account ... Group called 'Managers' and say that you have a Distribution Group called ...
    (microsoft.public.win2000.active_directory)
  • Child/Parent Domain sanity Check
    ... member of a universal group in A which is a member of a universal group by ... the same name in B that is a member of the administrators group of the ... Target machine is 2000 running terminal services in administration mode. ...
    (microsoft.public.win2000.security)