Adding user from a trusted domain to a security group?
Posted on 2010-11-09
Thanks for checking out my post. I have a question that I'm too lazy to look up, so I hope my EE friends can help me out. I have:
* Active Directory 2k3 - Running 2000 Native Mode
* All Win2k3 DCs (Win2k3 w/SP2).
* An external transitive trust with another Win2k3 domain (I believe it's running 2k3 native).
To set up the scenario:
* My domain is called MINE.local
* Their domain is called THERIS.local
I manage MINE.local, but would like to share resources in MINE.local with users in the THEIRS.local domain. The trust is cool, but I need a bit of advice on how to add users to groups.
I tested the 3 types of groups (Domain Global, Domain Universal, and Domain Local). If I attempt to add users to the Domain Local group, I can see THEIRS.local. If I attempt to add the users to Domain Global and Domain Universal groups, I can only see internal trusts (my prod. domain is in an empty forest root). My questions are:
* Why is that?
* If I convert either the Domain Global and/or Domain Univeral groups, what are the caveats, and what should I look for?