Directory and Resource Administrator 6.x
Directory and Resource Administrator 7.x
Directory and Resource Administrator does not allow Assistant Admins to add users from a domain in one forest to a universal security group in another forest.
If an Assistant Admin selects a universal security group and attempts to add users to it, a list of trusted domains appears that the Assistant Admin can choose from to select the account to be added. Even though a two way trust might exist between two domains in two different forests, no objects from the trusted domain in the second forest are be available to add to a universal group in the first.
This behavior is by design of the product and adheres to Microsoft Windows' guidelines regarding cross-domain and cross-forest group membership. The following list displays the three security group types and the possible sources for their member accounts:
- Global group: Accounts from the same domain only