Solved

security group in a security group

Posted on 2006-06-26
10
737 Views
Last Modified: 2008-02-01
I seem to not be able to create a security group global.  then create another security group global and make the previous security group a member of this one.  What is proper way to nest these items?
0
Comment
Question by:techbnjcomp
  • 4
  • 3
  • 3
10 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983031
use universal groups for nesting
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983034
also make sure that your domain is in native mode for group nesting be available
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983089
I have some users that are in another forest and domain.  We have a two way transitive trust setup between us.  I need to allow these users to access my sharepoint server.  So my question comes in that I need (or think I want) to put these users in a security group.    Then so they need acess to sharepoint I can make that security group  a member of the domain users group and they should have access.  I am in native mode
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 16983152
with a multi domain setup like that you should create universal groups and nest these
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983180
Can't convert to a "universal group" as the system says "The following Active Directory error occurred:  Foreign security principals cannot be members of universal groups."

So I tried to create a universal group but then it does not let me add users from other domain/forest.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16983291
You should be able to add the Global Group from the other domain either in the local group where the resource resides or directly on the object.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983415
what was the issue of not being able to do what you wanted? could just not see the group or was it erroring? probably should have asked that first ha!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16986218
I think he was trying to nest a Global Group from one domain inside a Global Group from the other.  It's not possible.

You can only nest GG's from the same domain.

0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16986339
So is grouping even an answer here?  how do I give rights to some users on another domain/forest to use my sharepoint?  I started with groups as i have a trust with other domain/forest.  I was wanting to add them to a group .  then add that group to my domain users which would give them permission.  Thus my original questikon of how to add a group to another group.  Can this be done with groups or what is answer?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 150 total points
ID: 16987562
Yes.  

Create a local group on the Sharepoint server.  Give the local group the permissions.  Add the Global group from the other domain to it.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question