Trusted Domain missing from location when adding group membership

ADgroup4 0 Reputation points
2024-06-24T21:24:30.3333333+00:00

Hi,

I'm trying to add a group from Domain A to Domain B in active directory. I have two-way trusts between the two domains but I can't seem to see the other domain in locations when trying to add it as a member. I can see the other domain in locations when I am trying to add a user as a member, just not a group. The group is universal so it should be allowed to traverse other locations.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,131 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 4,690 Reputation points
    2024-06-24T21:39:05.9066667+00:00

    Hello ADgroup4,

    Thanks for posting your question in the Microsoft Q&A forum.

    Here are some steps and considerations to resolve this issue:

    • Ensure that the group in Domain A is a Universal group. Universal groups are designed to work across multiple domains and forests.
    • Sometimes, the Active Directory Users and Computers console may not display cross-domain groups correctly. Using PowerShell can help bypass this issue. use the Add-ADGroupMember cmdlet with the -Server parameter to specify the DNS name of the foreign domain. This ensures that PowerShell correctly identifies the group in the other domain. 
        Add-ADGroupMember -Identity "GroupB" -Members "GroupA" -Server "DomainA.com"
    • Confirm that the trust relationship between Domain A and Domain B is correctly configured and functioning

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments
  2. Jing Zhou 4,670 Reputation points Microsoft Vendor
    2024-06-27T05:33:18.04+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    To further troubleshoot this issue, please kindly try below steps:

    1.Open CMD window and ping domain B from this machine in domain A to check the if TCP connectivity or DNS resolution is working fine.

    2.Check if the firewall is open between the DC from two doamins.

    Additionally, you can use the netdom trust command to verify the trust relationship23

    3.Open CMD window and run command:

    netdom trust /d:Northamerica EUROPE /verify /twoway

    to verify if the two-way trust is built correctly.

     

    Best regards,

    Jill Zhou

     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments