0

CONTOSO has offices in the UK and in the US. each country has its own domain, but the domains trust each other.

I have created a group in the AD in UK but if the group is set to global I cannot add US users to the group.

As soon as I change the group scope to domain local I can allow US users into the UK group.

QUESTION:

why is it so?

Do I have to change the group to domain local in order to change the location to CONTOSO.COM instead of contoso.co.uk and be able to search in the US domain, and add US users to this group?

enter image description here

Marcello Miorelli
  • 215
  • 1
  • 12

1 Answers1

0

It is working as intended, the documentation says:

Possible members

Global Group

  • Accounts from the same domain
  • Other Global groups from the same domain

Domain Local Group

  • Accounts from any domain or any trusted domain
  • Global groups from any domain or any trusted domain
  • Universal groups from any domain in the same forest
  • Other Domain Local groups from the same domain
  • Accounts, Global groups, and Universal groups from other forests and from external domains
Swisstone
  • 6,725
  • 7
  • 22
  • 32