single forest - multiple domain - adding a cross domain user or group

Posted on 2008-11-12
Medium Priority
Last Modified: 2012-06-27
I manage an AD domain with an empty root and multiple child domains. The domains are all Windows 2003. When I go to a group in domain A and try to add a group or user from domain B, the "Object Types" field changes to "Contacts or Other objects" after I change the location to Domain B. I don't have the option to select any groups or users from that location. I have set up a two-way trust between domain A and domain B but this does not seem to make any difference. What am I doing wrong?
Question by:Sweedy
LVL 30

Accepted Solution

LauraEHunterMVP earned 2000 total points
ID: 22946096
If the group in question is a global group, it can only contain users from within the same domain, so you would not have the option to select users/groups from the same domain.  Universal and domain local groups can contain users/groups from any domain in the forest; however, the latter can only be used to secure resources within the same domain as the domain local group.

Author Closing Comment

ID: 31516230
Thanks Laura. Much appreciated.

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question