Solved

security group in a security group

Posted on 2006-06-26
10
739 Views
Last Modified: 2008-02-01
I seem to not be able to create a security group global.  then create another security group global and make the previous security group a member of this one.  What is proper way to nest these items?
0
Comment
Question by:techbnjcomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983031
use universal groups for nesting
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983034
also make sure that your domain is in native mode for group nesting be available
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983089
I have some users that are in another forest and domain.  We have a two way transitive trust setup between us.  I need to allow these users to access my sharepoint server.  So my question comes in that I need (or think I want) to put these users in a security group.    Then so they need acess to sharepoint I can make that security group  a member of the domain users group and they should have access.  I am in native mode
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 16983152
with a multi domain setup like that you should create universal groups and nest these
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983180
Can't convert to a "universal group" as the system says "The following Active Directory error occurred:  Foreign security principals cannot be members of universal groups."

So I tried to create a universal group but then it does not let me add users from other domain/forest.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16983291
You should be able to add the Global Group from the other domain either in the local group where the resource resides or directly on the object.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983415
what was the issue of not being able to do what you wanted? could just not see the group or was it erroring? probably should have asked that first ha!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16986218
I think he was trying to nest a Global Group from one domain inside a Global Group from the other.  It's not possible.

You can only nest GG's from the same domain.

0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16986339
So is grouping even an answer here?  how do I give rights to some users on another domain/forest to use my sharepoint?  I started with groups as i have a trust with other domain/forest.  I was wanting to add them to a group .  then add that group to my domain users which would give them permission.  Thus my original questikon of how to add a group to another group.  Can this be done with groups or what is answer?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 150 total points
ID: 16987562
Yes.  

Create a local group on the Sharepoint server.  Give the local group the permissions.  Add the Global group from the other domain to it.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question