Add parent user to child domain group

[ForADolr]

I want to put a parent domain user in a child domain
group. Basically I have the child domain users restricted
w/GPO settings. I want to allow a member of the parent
domain to login without such restrictions. Thus I created
a Domain Local group on the child domain and add the
parent domain user to that group. It gives a msg that it
can be found after it added it and says it may take 15
min to replicate. OK So when I go back to see the members
of that group they are gone. If I try to add a global
security group all I can add is contacts or other objects.

On the local machine I added this group to the admin
local group so they could have full access.

I'm doing something wrong or missed a step as this should
not have been a problem???? Or maybe I'm going about it
wrong.

trans trusts are ok.

 

[Cary Shultz]

-----Original Message-----

I want to put a parent domain user in a child domain
group. Basically I have the child domain users restricted
w/GPO settings. I want to allow a member of the parent
domain to login without such restrictions. Thus I created
a Domain Local group on the child domain and add the
parent domain user to that group. It gives a msg that it
can be found after it added it and says it may take 15
min to replicate. OK So when I go back to see the members
of that group they are gone. If I try to add a global
security group all I can add is contacts or other objects.

On the local machine I added this group to the admin
local group so they could have full access.

I'm doing something wrong or missed a step as this should
not have been a problem???? Or maybe I'm going about it
wrong.

trans trusts are ok.

.

In what mode is the Child Domain: Mixed Mode or Native
Mode? I am going to guess that it is in Mixed Mode.

Just an FYI: all domains in an AD Domain Tree trust one
another, by default. The trusts are set up automagically.

I would also suggest that you create either a Global
Security Group or a Universal Security Group in the
Parent Domain, make that particular User Account ( or
user accounts ) a member of the Security Group and make
that group a member of the Local Secuirty Group in the
child domain.

Now, this is how I would do it to set up the Group
Membership. It looks like you have Group Restrictions
set up in the Child Domain. This throws a potential
monkey in the wrench. Can you elaborate a bit more on
this?

Additionally, if you want a user in the Parent Domain to
be able to log in to the Child Domain that aprticular
user either needs to have a specific user account in the
Child Domain or you need to be making use of UPNs....Take
a look at the placement of Global Catalog Servers if this
is the case.

Please let us know.

Cary

 

[ForADolr]

-----Original Message-----

In what mode is the Child Domain: Mixed Mode or Native
Mode? I am going to guess that it is in Mixed Mode.

Just an FYI: all domains in an AD Domain Tree trust one
another, by default. The trusts are set up automagically.

I would also suggest that you create either a Global
Security Group or a Universal Security Group in the
Parent Domain, make that particular User Account ( or
user accounts ) a member of the Security Group and make
that group a member of the Local Secuirty Group in the
child domain.

Now, this is how I would do it to set up the Group
Membership. It looks like you have Group Restrictions
set up in the Child Domain. This throws a potential
monkey in the wrench. Can you elaborate a bit more on
this?

Additionally, if you want a user in the Parent Domain to
be able to log in to the Child Domain that aprticular
user either needs to have a specific user account in the
Child Domain or you need to be making use of UPNs....Take
a look at the placement of Global Catalog Servers if this
is the case.

Please let us know.

Cary
.

Yes that are all native. And you were right on, I was able
to find some obscure not even close title in the
knowledgebase KB237905

Here it is you(I) cannot add a parent user to a child
domain group. This is by default according to MS to reduce
replication traffic. You have to create a Global group in
the parent and add the users to that one. Then on the
child, create a domain local security group and add the
global group to that group.

I then add the child domain local group to the computers
admin local group. and there you go.

Thanks...