Domain Trusts

Discussion in 'Networks' started by Slam, May 12, 2007.

Page 2 of 2
  1. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    May 16, 2007 #21
    Remove Advertisement - Premium Membership
    Good news on getting the trust to work after changing the DNS and adding a secondary zone.

    More information on DNS...

    http://support.microsoft.com/kb/254680

    The Universal group issue you are having...is one of the domains in Windows 2000 mixed mode..possibly the Windows2000 domain??

    EDIT - you should be able to add users to universal groups in one domain then add the universal group to a domain local group in the second domain...
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  2. MartinZ

    MartinZ New Member

    2
    0
    11
    Jun 21, 2007 #22
    Remove Advertisement - Premium Membership
    I confirm you are likely to have a domain functionality level issue here.
    If any left, get rid of your NT4 domain controllers, raise the domain and forest functionality levels.


    ok, sorry, I just realise I'm 2 months late...
     
    Certifications: MCSE 2k3
    WIP: 70-299
  3. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Jun 21, 2007 #23
    you can have members of other domains in a universal group. If we have DL's on our UK domain that need US members in it, we upgrade the DL to universal and it works fine.

    http://www.samspublishing.com/articles/article.asp?p=30901&seqNum=7&rl=1

    If you are running a 2k DCs and a 2k3 DCs on the same domain, then you will be running in mixed mode, so in your setup, the universal groups wont work.

    EDIT: in order to deal with this, you should be using a global/local combination. Create a GROUPA_L group (domain Local) on the required domain (depends on which domain the resource is on), and a GROUPA (global) group in each of the domains. you add the members to the global group in their domain, and then add all the global groups into the domain local group. you then use the local groups for applying permissions, etc.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
Page 2 of 2

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...