Archived from groups: microsoft.public.win2000.security (
More info?)
Roger --
I'll expand on "DevGD"'s post, if I may ...
We have a training domain in a separate forest, because we needed to not
have two-way transitive trusts between it and our production domain ... I
can add members of our production domain to Domain Local security group, but
not to Domain Glocal security groups on the training domain ... If I add our
users to a Domain Local security group, I can't add that Domain Local
security group to the Domain Global group "Domain Admins" ... We have
delegated any administrative task possible through Delegation, but that
doeds not allow us all admin rights, such as Group Policy administration ...
Anyone who can offer assistance in getting a domain user from a separate
domain and forest into the trusting domain's Domain Admins group would be
severely appreciated !!! I don't think it's possible, because I've tried
everything I can think of, but I could be wrong, and hope that I am ...
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e3%23JcpuPFHA.4024@TK2MSFTNGP10.phx.gbl...
> You may have a DNS issue.
> If both domains are using Windows DNS and are W2k3 then
> you could resolve this with conditional forwarding. Else,
> you would need to establish secondary zones each in the
> other domain so that both can resolved the AD supporting
> DNS records of the other.
>
> You should expect to not be able to add external groups into
> your domain global groups. You should be able to see the
> trusted domain in the list of locations in the user/group object
> picker, and to then add from the external as long as you are
> not attempting to next externals into your globals.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> news:AD20CA04-47BE-4EF3-BE8C-51063716CBA2@microsoft.com...
> > The trust is a two way external trust. I can not add members from the
> trusted
> > domain to groups on my domain. I can only add access on the folder/file
> > level. How can I add myself to the domain admins group or even the
> enterprise
> > admins group? When I open the group and select add on the members tab, I
> can
> > not see my domain to add my account.
> >
> > Any ideas?
> >
> > Thanks
> > Dev
> >
> > "Roger Abell" wrote:
> >
> > > If your machine is in domain that trust them, then you
> > > need an account in the trusted domain. If theirs is trusting
> > > yours, then they could adjust membership of their Domain
> > > Admins group to add your account (they cannot add your
> > > Domain Admns group as it would be global in alien global)
> > >
> > > --
> > > Roger Abell
> > > Microsoft MVP (Windows Security)
> > > MCSE (W2k3,W2k,Nt4) MCDBA
> > > "DevGD" <DevGD@discussions.microsoft.com> wrote in message
> > > news:B7D22334-5383-4CA6-8B74-885D58221845@microsoft.com...
> > > > Is there a way for me to have administrator rights on a domain that
I
> > > trust
> > > > with my domain? I just merged with a company and have established an
> > > external
> > > > trust with their network. I am now incharge of all active directory
> for
> > > the
> > > > whole company and would like to be able to access their AD from my
pc
> > > > directly.
> > > >
> > > > Any help would be much appreciated.
> > > >
> > > > Thanks
> > > > Dev
> > >
> > >
> > >
>
>
Facebook
Twitter
Instagram