I have setup a new domain (called "b") which trusts our old domain (called "a"). This is a one way trust which allows users from "a" to login and authenticate to domain "b" with their domain "a" credentials. The problem we are encountering is that we are unable to add "a" groups and users to domain "b"s groups. In AD when trying to add groups/users under locations only domain "b" is listed. However, if we create a shared folder on a computer in domain "b" we can add groups and users from domain "a" without any issues and those users are able to access without any troubles.
Domain "a" contains two server 2003 domain controllers and one windows 2000.
Domain "b" contains one server 2008 domain controller and one server 2008 RODC.
Forest functional level of domain "a" is 2000, while forest functional level of "b" is 2008.
How can we add groups/users from domain "a" to groups in domain "b"? Is what we are trying do even possible given current infrastructure/configuration?
Thank you in advance for any help.
Best Answer
You are probably trying to use a group that does not have the proper scope to see the members from the trusted domain.
If this is a cross forest trust the only type of group you will be able to use to assign users from domain b permissions in domain 'a' is a Domain local.
If this is not a cross forest trust then you can use Domain Local or Universal.
Microsoft has a good Technet Article about group scope.