Security Group Nesting RRS feed

  • Question

  • Hi,

    Having an Issue with Security Group nesting in FIM as follows:

    Domain B trusts Domain A

    In FIM security groups i'm attempting to add a domain global group from Domain A into a domain local group in Domain B using manually managed memberships.  This is possible directly in AD.  Initially FIM doesn't complain and the operation completes, however, on returning to the members tab after submitting the request the group from Domain A now shows as an invalid member.  The RCDC dialogue states that 'Current members who do not meet Active Directory criteria for membership in this group' are invalid members, but of course this is not the case as you can nest a global from Domain A into the local in Domain B in AD.

    Any ideas??  Is this a Foreign Security Principle issue?

    If you have resolved this please shed some light but do not refer me to the Cross-Forest Management Deployment guide, as like several others this guide doesn't make easy reading or understanding



    Monday, July 29, 2013 12:23 PM

All replies

  • By default there will only be one each of the Domain Configuration and Forest Configuration objects create for you when you install FIM.  Have you created objects for the second domain?

    Bob Bradley (FIMBob @ ... now using FIM Event Broker for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM

    • Proposed as answer by UNIFYBobMVP Sunday, November 23, 2014 1:05 PM
    Saturday, May 17, 2014 1:35 PM