Re: group membership between different forests

You should be able to do this already...you mentioned that "corporate is trusted by my domain".

--
Ryan Sokolowski
MVP - Clustering
MCT, MCITP x3, MCTS x7, MCSE x2, CCNA, CCDA, BCFP


"James Yeomans BSc, MCSE" <JamesYeomansBScMCSE@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:243DFC31-E44D-44EF-9C77-93E2976A6FD1@xxxxxxxxxxxxxxxx
If both your forests are at the W2k3 level and you want all domains to trust
each other then create a forest trust. If either of these is not the case
create a external trust. Create the appropriate outgoing trust on your domain
and an incoming trust on the corporate domain. Best way to assign permissions
would be to create a global group in corporate domain then populate it with
users then a domain local group in your domain and put the global group in it.
James.
--
James Yeomans, BSc, MCSE
Ask me directly at: http://www.justaskjames.co.uk


"Blake" wrote:

I have two forests - corporate (over which I have no control) and mine.

corporate is trusted by my domain.

I'd like to create a group in my domain and populate it with users from the
corporate domain - is this possible?

What kind of trust needs to be created? (forest or external?)

Thanks
Blake




.

Relevant Pages

  • RE: Can not see users in other domain
    ... "Grog" wrote: ... when I choose the location windows 2000 domain, I can not browse the domain ... because global group can only have members fromits own domain ... But your problem appears to be otherwise, seems like the trust has been ...
    (microsoft.public.windows.server.active_directory)
  • Re: group membership between different forests
    ... I do see now what you were trying...trying to add users from another forest to a global group in your domain. ... each other then create a forest trust. ... and an incoming trust on the corporate domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Seperate Domain Trusts
    ... Using the trust, you can grant access to resources in DOMAIN2 by adding DOMAIN1/USER1 to the ACL. ... If in DOMAIN2 Global Groups are used to grant access to resources, you cannot add the user from DOMAIN1, as a global group can only contain members of the domain it is located in. ...
    (microsoft.public.windows.server.active_directory)
  • Re: group membership between different forests
    ... Apparently I can't add users from another forest to a global group (like the ... each other then create a forest trust. ... would be to create a global group in corporate domain then populate it ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot add users from trusted domain on a domain controller
    ... I see what the problem is: apparently, you can't specify a Start ... Menu location for a global group from another domain in a GPO, ... Please describe how you setup the trust, what kind of trust and how DNS is ...
    (microsoft.public.windows.server.active_directory)