Universal groups scope with trusted domains.

F

fedayn

Hi,

In a few months, we have to merge three domains:

Domain A - Windows 2000 doamin in native mode
Domain B - Windows 2003 doamin in native mode
Domain C - Windows 2003 doamin in native mode

The three of them are bidirectionaly trusted and each of them belong to
different forests. Right now, I'm trying to create universal groups in
Domain A and add members from the other to domains, but it's impposible
beacuse I only can see Domain A in the scope.

Is it posible add members to a universal group from other domains in
different forests?.

Thanks in advance.
 
R

Richard Mueller [MVP]

fedayn said:
Hi,

In a few months, we have to merge three domains:

Domain A - Windows 2000 doamin in native mode
Domain B - Windows 2003 doamin in native mode
Domain C - Windows 2003 doamin in native mode

The three of them are bidirectionaly trusted and each of them belong to
different forests. Right now, I'm trying to create universal groups in
Domain A and add members from the other to domains, but it's impposible
beacuse I only can see Domain A in the scope.

Is it posible add members to a universal group from other domains in
different forests?.

Thanks in advance.
Click to expand...

It sounds like you expect the three domains to be in separate trees. In
order to share resources they need to be in the same forest. Universal
groups can have members from any domain in the forest. The members can even
be from domains in other trees of the forest.

For example, domains CompanyA.com, CompanyB.com, and CompanyC.com can be in
separate trees in the same forest.

If the domains are in different forests, they are isolated.
 
M

Marcin

Universal group membership is limited to accounts from the same forest - use
domain local group instead...

hth
Marcin
 
F

fedayn

Marcin escribió:
Universal group membership is limited to accounts from the same forest -
use domain local group instead...

hth
Marcin
Click to expand...
Thanks everyone.

A last question,

Domain A Forest A
Domain B Forest B.

groupA from Domain A is member of a groupB of Domain B.

If groupA is moved throughout DomainA or groupAis renamed, May I re-add
groupA to groupB?.

Thanks.
 
M

Marcin

Moving or renaming Group A would not affect its group membership in Group
B...

hth
Marcin
 
H

Herb Martin

Marcin said:
Moving or renaming Group A would not affect its group membership in Group
B...
Click to expand...

Moving won't affect anything -- I don't know how to rename a "Group"
(with any standard tool) but if you could it probably wouldn't affect
anything important either (just as renaming a user doesn't) since the SID
is what is really a "member" of some other group.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Strange membership issues 4
Trusted domains 1
Groups in 2003 2
Group Scope 1
Trust between 2000 and 2003 domain 19
Separating trusted domains 4
NetUserGetLocalGroups in multi-domain AD environment 2
Wndows 2000 and 2003 forests and domains 3

Top