Re: User access between different forests.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

nope... universal groups can only contain objects from the same forest, like
global groups can only contain objects from the same domain.

to do what you want create a domain local group (for which yyou need at
least WIndows 2000 native mode/DFL) Using restricted groups add the domain
local group to the local group on all clients and servers

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:1146063682.551943@xxxxxxxxxxxxxxxxxxxxxx
Yeah, this isn't as easy as you'd hope. You can't add yourself into
domain
admins as its a global group. Therefore you need to create your own group
that has the same permissions and rights. Basically, there is nothing
special about domain admins. It's just a global group that is
automatically
added to the administrators group on all domain members. Therefore, to
achieve the same thing with non-local members, you must create a universal
group in this domain and add yourself to this group. Then you add this
group to the builtin\administrators group on a DC and all members.

If you want to do this for non-DCs, have a look at this:
-- http://www.msresource.net/content/view/45/47/

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net




.

Relevant Pages