none
Group Policy Issue - Targeting Remote Domain Security Groups

    Question

  • Hi All

    I need help with the following issue

    We have two domains Harris Scarfe & Best & Less with a Trust Type of Forest (Two way Trust)

    In the Best & Less Domain, they can target harris scarfe security groups in group policy.

    In the Harris Scarfe domain  we cant target Best & Less Security groups

    Why cant we target their security groups but they can target ours?

    What do I need to do to troubleshoot this

    Please note with file permissions on a file server, I dont have any problems targeting remote users or security groups 

    Tuesday, November 24, 2015 6:52 AM

All replies

  • > We have two domains Harris Scarfe & Best & Less with a Trust Type of
    > Forest (Two way Trust)
     
    Double check that this really is a Two way trust. And check whether SID
    Filtering is enabled.
     
    Tuesday, November 24, 2015 11:06 AM
  • Hi Pradzy,

    According your description, I create a test environment and we have same phenomenon.

    To achieve your goal, you could setup a proper group nesting. For example, you could add the specified group (in trusted forest) to global group (in trusting forest).

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 27, 2015 8:50 AM
    Moderator
  • Here is the command I ran

    -----------------------

    netdom  trust harrisscarfe.com.au /domain: bestandless.com.au /quarantine

    SID filtering is not enabled for this trust. All SIDs presented in an authentication request from this domain will be honored.

    The command completed successfully.

    Monday, November 30, 2015 11:04 PM
  • netdom trust bestandless.com.au /domain: harrisscarfe.com.au /quarantine
    SID filtering is not enabled for this trust. All SIDs presented in an
    authentication request from this domain will be honored.
    The command completed successfully.
    Monday, November 30, 2015 11:06 PM
  • Monday, November 30, 2015 11:13 PM