Domain local groups with members from other (same forest) domains?

Similar Messages

• Expand a Domain Local group as an administrator from a different domain

  Hi experts,
  I have a multi-domain single-forest environment where there are two domains - A and B. There is also working two-way shortcut trust relationship between those. All objects I'm going to mention are domain A members except some Admins that are members of domain
  B. There is DOM_A\User1 - member of domain A Global Security group "GA". There is also Domain Local security  group "DLA" in domain A and a resource (published desktop in this case - member of domain A). DOM_A\User1 is member of GA.
  GA is member of DLA. DLA has full access to the published desktop therefore DOM_A\User1 has full access to the published desktop. Until here everything works with no problem.
  There is also a web application on an IIS server in domain A that can list resources available to users. When an admin from domain A lists resources for DOM_A\User1 - the published desktop is displayed BUT when an admin from domain B does the same - no resource
  is displayed. When I convert DLA (Domain Local Security) to Universal security group - everything works for the domain B admin. It seems to be an issue with expanding AD groups for the user DOM_A\User1 as this is exactly what the IIS application does i.e.
  it should find all groups the user is member of and compare this list with the resource access list for published resources. Now the question is whether:
  1) It should work with the Domain Local security group - I have a permission and/or another issue there
  2) This wouldn't work with the Domain Local security group as the admin comes from another domain and having Universal security group is the correct solution as per Microsoft best practices
  Thank you.

  Global - Members should be within same domain
  Universal - Members should be within same forest
  Domain local - No boundry.
  See this as well.
  http://blogs.msmvps.com/acefekay/2012/01/06/using-group-nesting-strategy-ad-best-practices-for-group-strategy/
  Regards,
  Biswajit
  MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
  Blog:
    Script Gallary:
    LinkedIn:
  Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

• Members of Domain Local Groups not showing up through net group command

  Hello,
  I am trying to get the list of members in a Domain Local Group using "NET GROUP" command, but unable to get the member list.
  I get the message "group not found", whereas members of Global Groups  are visible.
  Thank you in advance !

  Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription. 
  This is only one forum among the many that are on the TechNet Discussion Forums, and given your post, you likely chose the wrong forum. 
  This is a standard response I’ve written up in advance to help many people (thousands, really.) who post their question in this forum in error, but please don’t ignore it. 
  The links I share below I’ve collected to help you get right where you need to go with your issue.
  For technical issues with Microsoft products that you would run into as an
  end user of those products, one great source of info and help is
  http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums
  are also here: http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
  For Technical issues with Microsoft products that you might have as an
  IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
  http://social.technet.microsoft.com/forums/en-us, and search for your product name.
  For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the
  MSDN discussion forums at http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
  If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
  http://community.dynamics.com/
  If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize! 
  Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem
  you’re seeing. 
  If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have
  a forum just for you!  It’s called the Where is the forum for…? forum and it’s here:
  http://social.msdn.microsoft.com/forums/en-us/whatforum/
  Moving to off topic. 
  Thanks
  MSDN and TechNet Subscriptions Support
  Did Microsoft call you out of the blue about your computer?
  No, they didn't.

• Update Rows with info from other Rows in Same Table.

  I'm trying to update rows with information from the same table. The table gets loaded with info from a report that runs and it has to be a new entry every month but I would like to carry over some of the info from last month. This statement below runs but updates all rows in the new table load and in my test cases I only made a few match so only like 5 records should get updated. This is an example of what I'm trying to do. If I add this(C2.COL_INVC_ID = C1.COL_INVC_ID) to the last "*Where*" statement I get an invalid identifier for "C2.COL_INVC_ID". So what am I doing wrong here??? How can I update only the rows that where also in last months run???
  Thanks in advance for any help!
  Update OpenIssues OI1
  Set(OI1.Num, OI1.Status, OI1.Code, OI1.LastModifiedDate) =
  (Select OI2.Num, OI2.Status, OI2.Code, OI2.LastModifiedDate
  From OpenIssues OI2
  Where OI2.num = OI1.num and OI2.TableLoadDate = TO_DATE('01/31/2012 00:00:00', 'MM/DD/YYYY HH24:MI:SS')
  Where and OI1.TableLoadDate = TO_DATE('02/29/2012 00:00:00', 'MM/DD/YYYY HH24:MI:SS')
  SQLMe

  Hi,
  Welcome to the forum!
  SQLMe wrote:
  I'm trying to update rows with information from the same table. The table gets loaded with info from a report that runs and it has to be a new entry every month but I would like to carry over some of the info from last month. This statement below runs but updates all rows in the new table load and in my test cases I only made a few match so only like 5 records should get updated. This is an example of what I'm trying to do. If I add this(C2.COL_INVC_ID = C1.COL_INVC_ID) to the last "*Where*" statement I get an invalid identifier for "C2.COL_INVC_ID". If the aliases c1 and c2 aren't defined anywhere, then you can't use them anywhere.
  The WHERE clause of the UPDATE statement can only reference the table being updated, ot1 in this case.
  So what am I doing wrong here??? How can I update only the rows that where also in last months run???
  Thanks in advance for any help!
  Update OpenIssues OI1
  Set(OI1.Num, OI1.Status, OI1.Code, OI1.LastModifiedDate) =
  (Select OI2.Num, OI2.Status, OI2.Code, OI2.LastModifiedDate
  From OpenIssues OI2
  Where OI2.num = OI1.num and OI2.TableLoadDate = TO_DATE('01/31/2012 00:00:00', 'MM/DD/YYYY HH24:MI:SS')
  Where and OI1.TableLoadDate = TO_DATE('02/29/2012 00:00:00', 'MM/DD/YYYY HH24:MI:SS')
  ------------There's a syntax error in the last line. Either something got lost when you posted the code, or you just don't want the keyword AND. You certainly don't want AND immediately after WHERE.
  In general, if it's not obvious how to do an UPDATE, then UPDATE is the wrong tool: you want MERGE instead.
  Whenever you have a problem, please post a little sample data (CREATE TABLE and INSERT statements, relevant columns only) from all tables involved.
  Also post the results you want from that data, and an explanation of how you get those results from that data, with specific examples.
  Simplify the problem as much as possible. Remove all tables and columns that play no role in this problem.
  If you're asking about a DML statement, such as UPDATE, the CREATE TABLE and INSERT statements should re-create the tables as they are before the DML, and the results will be the contents of the changed table(s) when everything is finished.
  Always say which version of Oracle you're using.
  See the forum FAQ {message:id=9360002}

• ADMT share domain local groups access denied

  Hi,
   I have encountered strange behavior when migrating share with permissions. This is the situation:
  1) We have migrated groups from source domain(these groups are used for defining access to shares, users are directly members of these, no nested groups), groups are domain local
  2) We have migrated share and reapplied and verified ACLs, ok so far
  The problem is that users from source domain cannot access share migrated to new domain, accordin to ACL they have access BUT when they try access the share it only shows access denied. But when the groups are converted to Global in source domain(no need
  to convert in target domain) access is permitted according to ALC).
  Can someone explain that please? Thank you.
  Pete
  sfs

  Hi,
  Member permissions in domain local group can be assigned only within the same domain as the parent domain local group.
  Domain local groups can contain users from any domain. They are used to assign permissions to resources. When you restructure domains, you must migrate domain local groups when you migrate the resources to which they provide access, or you must change the
  group type to universal group.
  For more detail information, you could refer to:
  http://blog.thesysadmins.co.uk/admt-series-7-group-account-migration-wizard.html
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can the SidHistory attribute be moved from one User account to a different User account in the same Forest/Domain?

  Hello,
  Can the SidHistory attribute be moved from one User account to a different User account in the same Forest/Domain manually with  Active Directory Users and Computers or with something like Powershell?  it would seem to me this is a safe operation.
  Thanks for your help! SdeDot

  Hi,
  In addition, please also take a look at the below thread:
  copy SIDHistory from one account to another in the same domain
  http://social.technet.microsoft.com/Forums/en-US/2ca8727c-b3fd-4ef8-9747-99295f0cd61c/copy-sidhistory-from-one-account-to-another-in-the-same-domain?forum=winserverDS
  Hope this helps
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Managing membership of local group - Domain Local groups not permitted?

  Hi all
  I would like to populate the membership of the local Administrators group on certain member servers using the "Local users and groups" feature of GPP.  The object picker does not let me choose groups with Domain Local scope. 
  Does anyone know the reason for this?  Is there any workaround?
  I can add domain local groups to the membership of the Adminstrators group manually, so it seems strange I can't do it via GPO.
  Alexei

  > I would like to populate the membership of the local Administrators
  > group on certain member servers using the "Local users and groups"
  > feature of GPP.  The object picker does not let me choose groups with
  > Domain Local scope.
  I cannot confirm. I can add both DL and GG. What OS are you using? Here:
  Win 7 Enterprise 32 bit.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Filling dynamic internal table with data from other internal table

  Hi Friends,
  My problem is that i have already built a dynamic internal table
  (class int_table->create) but now i want to fill it with data from other internal table.
  The dynamic table column name and the field value of the data filled internal table are same, but how to access that column name, since i cant hard code it anyway.
  Like if my werks field value is '8001'. I want to place it under the column 8001 of dynamic table, Can anybody help me in this regard?
  Awarding points is not a problem for even giving a slight hint.
  Best Regards

  Hi
  See this
  Dynamic internal table is internal table that we create on the fly with flexible column numbers.
  For sample code, please look at this code tutorial. Hopefully it can help you
  Check this link:
  http://www.****************/Tutorials/ABAP/DynamicInternaltable/DynamicInternalTable.htm
  Sample code:
  DATA: l_cnt(2) TYPE n,
  l_cnt1(3) TYPE n,
  l_nam(12),
  l_con(18) TYPE c,
  l_con1(18) TYPE c,
  lf_mat TYPE matnr.
  SORT it_bom_expl BY bom_comp bom_mat level.
  CLEAR: l_cnt1, <fs_dyn_wa>.
  Looping the component internal table
  LOOP AT it_bom_expl INTO gf_it_bom_expl.
  CLEAR: l_cnt1.
  AT NEW bom_comp.
  CLEAR: l_cnt, <fs_dyn_wa>, lf_mat.
  For every new bom component the material data is moved to
  temp material table which will be used for assigning the levels
  checking the count
  it_mat_temp[] = it_mat[].
  Component data is been assigned to the field symbol which is checked
  against the field of dynamic internal table and the value of the
  component number is been passed to the dynamic internal table field
  value.
  ASSIGN COMPONENT c_comp_list OF STRUCTURE <fs_dyn_wa> TO
  <fs_check>.
  <fs_check> = gf_it_bom_expl-bom_comp.
  ENDAT.
  AT NEW bom_mat.
  CLEAR l_con.
  ENDAT.
  lf_mat = gf_it_bom_expl-bom_mat.
  Looping the temp internal table and looping the dynamic internal table
  *by reading line by line into workarea, the materialxxn is been assigned
  to field symbol which will be checked and used.
  LOOP AT it_mat_temp.
  l_nam = c_mat.
  l_cnt1 = l_cnt1 + 1.
  CONCATENATE l_nam l_cnt1 INTO l_nam.
  LOOP AT <fs_dyn_table2> ASSIGNING <fs_dyn_wa2>.
  ASSIGN COMPONENT l_nam OF STRUCTURE <fs_dyn_wa2> TO <fs_xy>.
  ENDLOOP.
  IF <fs_xy> = lf_mat.
  CLEAR lf_mat.
  l_con1 = l_con.
  ENDIF.
  Checking whether the material exists for a component and if so it is
  been assigned to the field symbol which is checked against the field
  of dynamic internal table and the level of the component number
  against material is been passed to the dynamic internal table field
  value.
  IF <fs_xy> = gf_it_bom_expl-bom_mat.
  ASSIGN COMPONENT l_nam OF STRUCTURE <fs_dyn_wa> TO <fs_check>.
  CLEAR l_con.
  MOVE gf_it_bom_expl-level TO l_con.
  CONCATENATE c_val_l l_con INTO l_con.
  CONDENSE l_con NO-GAPS.
  IF l_con1 NE space.
  CONCATENATE l_con1 l_con INTO l_con SEPARATED BY c_comma.
  CLEAR l_con1.
  l_cnt = l_cnt - 1.
  ENDIF.
  <fs_check> = l_con.
  l_cnt = l_cnt + 1.
  ENDIF.
  ENDLOOP.
  AT END OF bom_comp.
  At end of every new bom component the count is moved to the field
  symbol which is checked against the field of dynamic internal table
  and the count is been passed to the dynamic internal table field
  value.
  ASSIGN COMPONENT c_count OF STRUCTURE <fs_dyn_wa> TO <fs_check>.
  <fs_check> = l_cnt.
  INSERT <fs_dyn_wa> INTO TABLE <fs_dyn_table>.
  ENDAT.
  ENDLOOP.
  Reward if useful
  Anji

• Compare two members from the same dimension in HFR

  Hi,
  Is it possibe to compare two members from the same dimension in HFR? The requirement is to compare Year and Week members from the same dimension. The Week date will be selected from POV. The corresponding Year date should be displayed in the report. Week dates are in the format W2008-03-07 and Year dates are in YTD2008-03-07.
  The dates are same except the preceding character.I am unable to compare these two. In my understanding there's no substring or replace functions in HFR.
  Kindly help. Thanks in advance.
  Regards,
  Uma

  Hi,
  How is your database structured? it may be possible to use the 'RelativeMember' function if it will always be the same number of steps between the 'W' member and the 'YTD' member, e.g. if your hierarchy is something like:
  Time
  .Weeks
  ..W2008-03-07
  ..W2008-03-10 etc.. for 52 weeks
  .YTD
  ..YTD2008-03-07
  ..YTD2008-03-10 etc.. for 52 weeks
  In your report select 'Current Point of View for Time' in one row/column and in the other use:
  RelativeMember set up as follows:
  Member: Current Point of View for Time
  Offset: 52
  Hierarchy: Time
  RelativeMemberList: Lev0, Time
  UseFirstDescendant: leave unselected
  Hope this helps
  StuartGame
  www.analitica.co.uk

• When using panasonic remote2 app, videos shot on iPad appear upside down on the television.  This does not happen with videos from other sources. Any suggestions?

  When using panasonic remote2 app, videos shot on iPad appear upside down on the television.  This does not happen with videos from other sources. Any suggestions?

  Hi Steve
  worldweary wrote:
  Thanks again. I tried channel 13 and it seemed to work better, with less dropouts (albeit not perfect) but sadly my slightly ageing laptop wouldn't recognise the network at all with the Hub set to that channel, so I had to switch it back to 11!
  Will try the factory reset at some point to see if that improves things.
  I have the same issue with my iPad when streaming videos...like the issue posted on ‎25-04-2014 18h36 by Steve.
  Steve - Can you kinldy clarify how you resolved the problem finally.
  I was infact planning to change the iPad or sell it off due to this recurring problem.
  Thanks and regards
  Siva

• The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

  I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
  with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
  The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
  Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
   is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
  I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
  is not available.
  Help please!

  Hi,
  As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC. 
  If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
  are different site then check the ports are open on firewall. 
  http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
  http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
  If issue reoccurs, post dcdiag /q result.
  NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
  Active Directory Metadata Cleanup
  http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
  Best regards,
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

• Add custom local group with similar power as Windows BUILTIN\Administrators group

  In windows 7 or windows 8
  Is there any possibility to create a custom Local group having the same power/privileges as it does the BUILTIN\Administrators group.
  If yes; how?
  For instance:  I created a new local group, then in Local Security Policy(secpol.msc) \Security Settings\Local Policies\User Rights Assignments I added all the available policies where the Administrators group was also there, then I create a normal
  local user and assigned this new customized group, however the user never obtained the sufficient power as it does a user from Administrators group.
  Can anyone help?
  Thanks in advance.

  I don't think you can create a replica for Admin group.
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Measure using UseRelationship not working well when sliced with attributes from the same table

  Hi,
  I have Measure created using the 'UseRelationship' Function, which uses a different datekey to link to the DateDim than the one the table is directly related by. The measure works as expected except in one scenario.
  If I browse the measure using an attribute from the same fact table then the attribute is filtered using active relationship whereas the measure is filtered using the inactive relationship as shown below:
  FACT(2 rows)(Active Relationship to Date using DateKey1)
  SNo     DateKey1     DateKey2     Geo        Amt
  1         20100101     20120101    India      100
  2         20100101     20120101    US         200
  AmtMeasure:=CALCULATE(SUM([Amt]),USERELATIONSHIP(FACT[DateKey2],'Date'[DateKey]))
  If I browse the above measure in excel, with Year selected as 2012, I get 100+200=300. Now if I drag the Geo attribute against the measure I get 2 rows with 100 and 200.
  If I do the same in a power view report I don't get any results after dragging the Geo attribute, whereas I get the correct value of 300 without the geo attribute. I checked the DAX query which the power view generates and figured this is being caused because
  there are no rows in the table with DateKey1 having year 2012. I understand why this is happening this way in a DAX query and not in MDX, but shouldn't both behave in the same way and what is a work around.
  Thanks,
  Sachin Thomas

  Sac, is this still an issue?
  Thank you!
  Ed Price, Azure & Power BI Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• Page with Information from other page

  I need to do a page where it shows information from other page.
  By example,I want that my page must a banner with the bursatil information.
  How can I do that?
  Thank by any idea.
  null

  So is anyone actually here to help with problems? What's the use of just seeing how many other people experience the same issue? Hello? I'm still having this problem with Firefox...

• Create package with prompt from other application

  Hi Experts!
  I need to create a package in the planning application. In the screen selection I need some dimensions of my planning cube and one dimension of the Ownership application. I don't have any problem with the current application dimension, but I need to retrieve the members of INTCO dimension from Ownership because the user should make the selection. Is it possible to create a prompt from other application?
  Thanks!!

  I create the package in Planning application: 
  PROMPT
  (SELECTINPUT,,,"Selction members","%ENTITY_DIM%,%CATEGORY_DIM%,%TIME_DIM%,%CURRENCY_DIM%,INTCO")
  When i try to select one member of INTCO dimension it appear the following message: "Dimension INTCO is not found". BPC is not finding this dimension because it pertain to another application.