groups

[glenn]

I am having issues then I try to add a global group from
another domain to a local group. I can add it, and the
icon changes to "grey", but when I close it and reopen it
the icon have what looks like a red arrow going up on the
left side.
I have checked the trusts between the domains - GOOD - any
help in this matter is helpful for my migration.

 

[Kevin Sullivan]

SWAG...

The infrastructure master FSMO role holder needs to update the cross domain
security principal reference and I think what you are experiencing is this
in the works. When you look at the membership of a domain local group from
one domain and there is a GG that is a member from a different domain, the
ability to resolve that SID (or group ID) is sort of impossible. The local
DC only knows of security principals from its domain. The GG has a RID form
another domain so it does not get resolved in the normal manner. This is
where the infrastructure master comes into play. It holds onto
'cross-domain-refernces'. I think some of the documentation refers to these
objects as 'Phantoms'.

I am reaching here but your description sounds like something that is
realated to this scenario.

Are you haveing any issues with resource access or anything else?

Kevin