Solved

Net localgroup/net group cross domains

Posted on 2011-03-10
3
1,410 Views
Last Modified: 2012-05-11
Hello,

I have the following situation:

- there are 2 domains: domain1.contoso.com and domain2.contoso.com.(parent-child trust between domain1-contoso and domain2-contoso).
- there is a user from domain2 which want to see all members from a group from domain1.

I`ve tried net group or net localgroup command, but is not working because the domain controller who process the command is the primary DC from domain2 and it doesn`t know who is a specific group from domain1.
/domain switch is not working and i`m not able to specify the DC or the domain where the command should be processed.

Any help?
Thank you!
0
Comment
Question by:andreibutu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 35092969
Use the "ds"-tools instead.
dsquery group "dc=domain1,dc=contoso,dc=com" -name "The Group Name" | dsget group -members
Or to see expanded nested group membership:
dsquery group "dc=domain1,dc=contoso,dc=com" -name "The Group Name" | dsget group -members -expand
Or, if he knows the LDAP path, of course a single dsget will do the trick, too:
dsget group "cn=The Group Name,ou=SomeOU,ou=SomeGroups,dc=domain1,dc=contoso,dc=com" -members
0
 
LVL 3

Author Comment

by:andreibutu
ID: 35093973
yes, your solution is correct, now i`m adding some requirments... i must run such a command from a client computer which does not have admin pack installed in order to run ds tools :| .

what in that case?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 35094022
Either install adminpak.msi (you can install a subset of the admin tools if you don't want all of them), or make the ds...exe tools available in a file share, they don't require a special installation as far as I know.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question