How to Add users from external domain to local AD Group

Top Doc
Top Doc used Ask the Experts™
on
Hello Team,

I have an external trust between my domain and another companies domain.
I want to create a security group in AD and members from that external domain to it.
but when I try, all I am seeing is my domain when I go to locations

How can I add users from other domains to my local security group?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
RobertSystem Admin

Commented:
You will want to look into the group Types. That is likely the issue.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755692(v=ws.10)
Top DocSystems Administrator

Author

Commented:
Hi Robert,

I was looking at a similar article and did create the group as a universal group, but even then, when I went to specify the location that I wanted to select the group members from, I was only seeing my domain.
RobertSystem Admin

Commented:
Might be DNS related if your already using the correct group type.

I did a quick search on MS and the following provides information about the issue your having if it is DNS related this may help.
https://social.technet.microsoft.com/Forums/windows/en-US/1f2d8abb-8e2a-4b86-9378-4aec9057a095/domain-trusts-unable-to-add-users-to-groups?forum=winserverDS
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
This is normal. The Group Membership Add function can only access users that are in Domains that are in the same forest as the DC you are browsing from. You would need to go to the other domain, open ADUC, run a search, choose your domain from the list, enter the name of your Universal group, select that group's properties, then add members. It should then show you the users of the other domain that can then be added to the Universal Group. It's a little annoying, but that's how it's done.
Sr. Systems Administrator
Commented:
Make the group a Domain local group. I know it says for a Universal group, users from any domain can be added but I have found this not to be the case. You can add universal groups from other domains to security permissions but to add a user, you need to add it to a domain local group.  You can add groups from the trusted domain (Global and Universal) to the Domain local group.
Top DocSystems Administrator

Author

Commented:
Team,

Sorry for the delayed responses.

@Jeff, your solution worked like a charm.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial