Universal groups scope with trusted domains.

  • Thread starter Thread starter fedayn
  • Start date Start date
F

fedayn

Hi,

In a few months, we have to merge three domains:

Domain A - Windows 2000 doamin in native mode
Domain B - Windows 2003 doamin in native mode
Domain C - Windows 2003 doamin in native mode

The three of them are bidirectionaly trusted and each of them belong to
different forests. Right now, I'm trying to create universal groups in
Domain A and add members from the other to domains, but it's impposible
beacuse I only can see Domain A in the scope.

Is it posible add members to a universal group from other domains in
different forests?.

Thanks in advance.
 
fedayn said:
Hi,

In a few months, we have to merge three domains:

Domain A - Windows 2000 doamin in native mode
Domain B - Windows 2003 doamin in native mode
Domain C - Windows 2003 doamin in native mode

The three of them are bidirectionaly trusted and each of them belong to
different forests. Right now, I'm trying to create universal groups in
Domain A and add members from the other to domains, but it's impposible
beacuse I only can see Domain A in the scope.

Is it posible add members to a universal group from other domains in
different forests?.

Thanks in advance.
Click to expand...

It sounds like you expect the three domains to be in separate trees. In
order to share resources they need to be in the same forest. Universal
groups can have members from any domain in the forest. The members can even
be from domains in other trees of the forest.

For example, domains CompanyA.com, CompanyB.com, and CompanyC.com can be in
separate trees in the same forest.

If the domains are in different forests, they are isolated.
 
Universal group membership is limited to accounts from the same forest - use
domain local group instead...

hth
Marcin
 
Marcin escribió:
Universal group membership is limited to accounts from the same forest -
use domain local group instead...

hth
Marcin
Click to expand...
Thanks everyone.

A last question,

Domain A Forest A
Domain B Forest B.

groupA from Domain A is member of a groupB of Domain B.

If groupA is moved throughout DomainA or groupAis renamed, May I re-add
groupA to groupB?.

Thanks.
 
Moving or renaming Group A would not affect its group membership in Group
B...

hth
Marcin
 
Marcin said:
Moving or renaming Group A would not affect its group membership in Group
B...
Click to expand...

Moving won't affect anything -- I don't know how to rename a "Group"
(with any standard tool) but if you could it probably wouldn't affect
anything important either (just as renaming a user doesn't) since the SID
is what is really a "member" of some other group.
 
Back
Top