Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Groups in pure server2003 mode

Status
Not open for further replies.
Frank666

Frank666

IS-IT--Management
Apr 27, 2005
49
AU
Is there anyone out there who can help with a problem of adding groups from other domains?
We are running in pure server2003 mode.
As far as I can understand Domain local groups can ONLY be used in mixed mode.
Universal groups can be used for nesting global groups and also other universal groups.
Global groups can contain other global groups but not users unless in mixed mode.
I need to get a group of users from one domain (admin) to authenticate on the other (curric), there is a two way trust.
1. I created a Global group on admin and put the users in it.
2. Then I created a universal group and added the global group created in step 1 as universal groups cannot contain users.

THEN

3. on the curric domain I created another universal group to contain the global group from step 1 but cannot 'see' the other domain when trying to add

What am I doing wrong?
 
Sort by date Sort by votes
You don't mention if the domains are in the same forest. Assuming seperate domains then you need to create a trust between the two domains.

Otherwise simply type in the domainname\groupname int he Add members box.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
No domains are in different forests, there is a two way trust.
I have tried all sorts of ways to do this but when I try and add a Global group from one domain into the universal group of the other, I cannot 'see' the domain under location tab
I also tried to do the way you mentioned but that does not work either. Do I have a dns problem?
 
Upvote 0 Downvote
Sounds like you may.

Configure the server NIC to only list itself or other DCs, no ISP DNS gets configured on the NIC TCP/IP properties.

In DHCP, set the DNS scope option to only provide the IP of your local DNS server

For any statically configured IPs, make sure the DNS only lists local DNS servers and not ISP DNS.

In the DNS snap-in on the forwarders tab enter your ISP DNS.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
G'day Frank,

1. Domain Local Groups are used to set the permissions. Add these types of groups to the printer or folder and set the permissions against it.

2. Global Groups are able to be used in the domain they are created in. Add the users to these types of groups you wish to access something and add the Global Group to the Domain Local Group where the permissions are set to. It is usually a good practice to create GG's relevant to the departments for ease of management.

3. Universal Groups are Global Groups that can be applied across domains. Use these like the Global Group option above for access to Domain Local groups is other domains.

Have a look at the below thread:
thread96-609239

Good luck

"Assumption is the mother of all f#%kups!
 
Upvote 0 Downvote
Domain Local Groups can only be seen and used on domain controllers in mixed mode, we are in pure server 2003 mode.
I am looking at Mark's suggestions to see if I can fix the problem of not being able to add global groups on one domain to universal group on the other. I think it may well be a dns problem
 
Upvote 0 Downvote
Frank,

What makes you think this? Domain Local groups are a standard part of windows Active Directory. Are you looking at the Computer management side of things (Which is disabled on domain controllers) or Active Directory Computers & Users (Start -> Run -> dsa.msc)? If so, then you are looking in the wrong area. (Not meaning to sound harsh)


I know the post i sent was for Windows 2000, but the concept is the same for no matter what Forest / Domain Functional Level you have.



"Assumption is the mother of all f#%kups!
 
Upvote 0 Downvote
Thanks for the link, it will be really helpful, I was quoting another document that is a microsoft one in which it said what I quoted, you are probably right I am getting mixed up. See Let me know, and please do not worry about sounding harsh, I want to learn!
Could you please elaborate on the suggestion "In the DNS snap-in on the forwarders tab enter your ISP DNS" I have done the rest of it but was a bit concerned about how to do this.

Thanks
 
Upvote 0 Downvote
Could you please elaborate on the suggestion "In the DNS snap-in on the forwarders tab enter your ISP DNS" I have done the rest of it but was a bit concerned about how to do this.
Click to expand...

Not sure where you are not seeing this. If you are in the DNS Snap in, right click your server name and choose properties. You should see the forwarders tab. enter the IP addresses of your ISP primary and secondary servers there.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
713
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
636
mangentle
mangentle
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
552
antonio_dsanchez
antonio_dsanchez
goombawaho
  • Locked
  • Question
Server 2012 Essenitals Installation Media
Replies
1
Views
277
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top