Group memberships incomplete when viewed on different domain

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

We have a Windows 2003 network running in native mode, with an AD
forest containing several domains

A user has an account on Domain A, and is a member of several security
groups, some of which exist in Domain A, some in Domain B.

When I view the properties of this user’s AD account using ADUC on a
server within Domain A (the user’s home domain), the Member Of tab
displays a full list of group memberships for that user.

However, when I view the same user’s account using ADUC on a server
which exists in Domain B, the Member Of tab only displays those groups
which exist in Domain A.

We’re using standard AD replication across all domains, and all the
groups are universal. As I understand it you should be able to view
the full attributes of a users’s AD account using ADUC on any server
in the forest, but this doesn’t seem to be happening in this case. It
is causing a problem because when applications send authentication
queries to AD on domain B, authentication is failing because it
doesn’t recognise that this user is a member of the appropriate
groups.

Any help or ideas on why this might be happening would be appreciated!

Thanks
Anthony

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Activ [...] 48105.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1733534