Active directory conflict

Hi all,
          I have a strange issue in active directory. Lets say I have group in the one domain, call it DOMAIN_A
and have a user in another DOMAIN_B. I can add this person to a group in DOMAIN_B.

Now having the person add to the group I can see this person as the member of the group (in member tab) but if I go to the DOMAIN_B and locate the person I have added to the group, idealy I should be able to this group in user's memberof list.. right? but in this case I cant.
accross domain.. Can any one please tell me why cant I see the group in users memberof list. I dont think its a normal behavior but please ensure if it suppose to be like this.
Realy very urgent for me to know this or have a fix for it.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SameerMirzaAuthor Commented:
any ideas guys? Is it a normal behavior, I heared there are different types of groups such as local, universal...
does it have somthing to do with that ? can any one please help me out on this one
Chris DentPowerShell DeveloperCommented:

Hi SM,

If the group is a Universal group, and the user is not in the same domain as the group then you will not see the group in memberOf.

Universal Group membership across a forest and only be fully enumerated using a Global Catalog.

Another thing to look for is your FSMO roles.  If you've got two domains in your forest, you'll need to make sure that your Infrastructure Master FSMO role is not sitting on a global catalog server, or that all servers in the forest are global catalog servers - otherwise, the IMR won't update anything in the active directory.  

Install the support tools, not the adminpak.msi mind you, but the setup.exe from the \support\tools dir on the server 2003 disc (or you can download it).  Install these tools on your local machine, then from an account logged in as a domain administrator, run this command at the dos prompt:  netdom query fsmo

This will tell you which machine holds the infrastructure master fsmo role - make sure that's not a global catalog server.  --TX

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SameerMirzaAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.