Solved

security group in a security group

Posted on 2006-06-26
10
736 Views
Last Modified: 2008-02-01
I seem to not be able to create a security group global.  then create another security group global and make the previous security group a member of this one.  What is proper way to nest these items?
0
Comment
Question by:techbnjcomp
  • 4
  • 3
  • 3
10 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983031
use universal groups for nesting
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983034
also make sure that your domain is in native mode for group nesting be available
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983089
I have some users that are in another forest and domain.  We have a two way transitive trust setup between us.  I need to allow these users to access my sharepoint server.  So my question comes in that I need (or think I want) to put these users in a security group.    Then so they need acess to sharepoint I can make that security group  a member of the domain users group and they should have access.  I am in native mode
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 16983152
with a multi domain setup like that you should create universal groups and nest these
0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16983180
Can't convert to a "universal group" as the system says "The following Active Directory error occurred:  Foreign security principals cannot be members of universal groups."

So I tried to create a universal group but then it does not let me add users from other domain/forest.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16983291
You should be able to add the Global Group from the other domain either in the local group where the resource resides or directly on the object.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16983415
what was the issue of not being able to do what you wanted? could just not see the group or was it erroring? probably should have asked that first ha!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16986218
I think he was trying to nest a Global Group from one domain inside a Global Group from the other.  It's not possible.

You can only nest GG's from the same domain.

0
 
LVL 1

Author Comment

by:techbnjcomp
ID: 16986339
So is grouping even an answer here?  how do I give rights to some users on another domain/forest to use my sharepoint?  I started with groups as i have a trust with other domain/forest.  I was wanting to add them to a group .  then add that group to my domain users which would give them permission.  Thus my original questikon of how to add a group to another group.  Can this be done with groups or what is answer?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 150 total points
ID: 16987562
Yes.  

Create a local group on the Sharepoint server.  Give the local group the permissions.  Add the Global group from the other domain to it.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question