S
Sushil
Hi,
I'm using this Windows API to obtain the local groups that a domain
user is a member of.
We have a domain tree including DomainA and DomainB. With domains at
Domain/Forest Functional level Windows Server 2003. When the call is
issued on a server in DomainA it does not return any local groups for
user DomainB\userid1 when that id is present as a member of a
universal group DomainA\group1 included within a local group on the
server.
When the userid is a member of the group DomainB\group1 (itself also
nested in the local group) the call does return the local group.
I would have expected the membership of DomainB\userid1 in the
universal group DomainA\group1 to be known throughout the two domains
- which trust each other implicitly via the parent. Actually, the
same behavior is seen when one is a child of the other.
Is the processing of the NetUserGetLocalGroups API in this environment
documented somewhere? Or are there other AD restrictions relevant to
universal groups which I need to be aware of?
TIA.
I'm using this Windows API to obtain the local groups that a domain
user is a member of.
We have a domain tree including DomainA and DomainB. With domains at
Domain/Forest Functional level Windows Server 2003. When the call is
issued on a server in DomainA it does not return any local groups for
user DomainB\userid1 when that id is present as a member of a
universal group DomainA\group1 included within a local group on the
server.
When the userid is a member of the group DomainB\group1 (itself also
nested in the local group) the call does return the local group.
I would have expected the membership of DomainB\userid1 in the
universal group DomainA\group1 to be known throughout the two domains
- which trust each other implicitly via the parent. Actually, the
same behavior is seen when one is a child of the other.
Is the processing of the NetUserGetLocalGroups API in this environment
documented somewhere? Or are there other AD restrictions relevant to
universal groups which I need to be aware of?
TIA.