groups

[Glenn]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I am having issues then I try to add a global group from
another domain to a local group. I can add it, and the
icon changes to "grey", but when I close it and reopen it
the icon have what looks like a red arrow going up on the
left side.
I have checked the trusts between the domains - GOOD - any
help in this matter is helpful for my migration.

--
Glenn Ward

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

SWAG...

The infrastructure master FSMO role holder needs to update the cross domain
security principal reference and I think what you are experiencing is this
in the works. When you look at the membership of a domain local group from
one domain and there is a GG that is a member from a different domain, the
ability to resolve that SID (or group ID) is sort of impossible. The local
DC only knows of security principals from its domain. The GG has a RID form
another domain so it does not get resolved in the normal manner. This is
where the infrastructure master comes into play. It holds onto
'cross-domain-refernces'. I think some of the documentation refers to these
objects as 'Phantoms'.

I am reaching here but your description sounds like something that is
realated to this scenario.

Are you haveing any issues with resource access or anything else?

Kevin

"glenn" <glenn.ward@dc.gov> wrote in message
news:212a501c459f3$58d203a0$a001280a@phx.gbl...
> I am having issues then I try to add a global group from
> another domain to a local group. I can add it, and the
> icon changes to "grey", but when I close it and reopen it
> the icon have what looks like a red arrow going up on the
> left side.
> I have checked the trusts between the domains - GOOD - any
> help in this matter is helpful for my migration.
>
> --
> Glenn Ward
>