• State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 3218 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add Manager for Security Group 2nd Domain

wbedwell
over 7 years ago

Hi,

We have recently merged and have two domains with a trust in place.

I'm trying to figure out a way where I can add a person from one of the domains as the Manager of a security group in the other domain?

I can add a member to the group from the other domain, but when trying to search for the user to add as manager it only shows the domain where the security group was created ?

Any Help greatly appreciated

  • 0 over 7 years ago

    AD\group.managedBy = user.DN
    Is Cross-Forest relation involved?
    DN is Forest wide scope and cannot cross forest boundary. If group and user belong to different forests then user cannot be set as manager of the group.
    Group.member attribute allows cross forest relation utilizing ForeignSecruityPrinciple (FSP) (SID of foreign trusted forest\user is set into ForestA\FSP and the FSP.DN is set as memberOf the ForestA\group.

  • 0 over 7 years ago
    Yes we have a trust in place between both domains