Re: Forest-Issues
- From: "Joseph T Corey" <jcorey@xxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2008 13:50:01 -0400
The following articles should have all of the relevant information for you. In short, the Domain Admins group is a "Global" group. Global groups can only contain members of its own domain, but can be assigned anywhere in the forest (or trust). Conversely, a domain local group can contain members of any domain, but can only assigned permission in its own domain. As a side note, take a look at the last kb article for information about using the Object Picker when browsing for users. Make sure you are doing your administration from a Windows Server 2003 and up machine.
http://technet2.microsoft.com/windowsserver/en/library/79d93e46-ecab-4165-8001-7adc3c9f804e1033.mspx?mfr=true
http://technet2.microsoft.com/windowsserver/en/library/517b4fa4-5266-419c-9791-6fb56fabb85e1033.mspx?mfr=true
http://support.microsoft.com/kb/878452
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx
"Steven L Chan" <StevenLChan@xxxxxxxxx> wrote in message news:3A33AE98-8EEB-48CB-921E-0947BEDACD34@xxxxxxxxxxxxxxxx
Hi,
We created 2 seperate Forest (HQ + Retail) with a 2-way trust between them, also included Forest-Wide authentication.
We are running into an issue that we can not add users/group from one forest into the security group of the second forest. For example: HQ - Active Directory Users and Computers - Domain Admins - Add Members - I only see the HQ domain/forest, but not the Retail domain/forest.
I have never dealt with a Forest-Trust before and I am hoping someone would shed some light, as to if this is possible or not.
Thanks,
Steven
.
- Follow-Ups:
- Re: Forest-Issues
- From: Steven L Chan
- Re: Forest-Issues
- References:
- Forest-Issues
- From: Steven L Chan
- Forest-Issues
- Prev by Date: Re: Question about LDAP searchs
- Next by Date: ADAM R2 AD Sync Issue
- Previous by thread: Forest-Issues
- Next by thread: Re: Forest-Issues
- Index(es):
Relevant Pages
|
