single forest - multiple domain - adding a cross domain user or group

Posted on 2008-11-12
Last Modified: 2012-06-27
I manage an AD domain with an empty root and multiple child domains. The domains are all Windows 2003. When I go to a group in domain A and try to add a group or user from domain B, the "Object Types" field changes to "Contacts or Other objects" after I change the location to Domain B. I don't have the option to select any groups or users from that location. I have set up a two-way trust between domain A and domain B but this does not seem to make any difference. What am I doing wrong?
Question by:Sweedy
    LVL 30

    Accepted Solution

    If the group in question is a global group, it can only contain users from within the same domain, so you would not have the option to select users/groups from the same domain.  Universal and domain local groups can contain users/groups from any domain in the forest; however, the latter can only be used to secure resources within the same domain as the domain local group.

    Author Closing Comment

    Thanks Laura. Much appreciated.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now