I currently have two domains with bi-directional parent/child trust:- Domain A (Forest root domain)- Domain B (child domain in forest)
I’m trying to give users in Domain A access to resources in Domain B through a domain local group in Domain B, which in turn is nested in the ACL of the resource.
In summary: DomainA\\GlobalGroup nested in DomainB\\DomainLocalGroup nested in DomainB\\ResourceACL.
From my understanding this is considered the best practice method for providing access to resources across trust.
However when attempting to nest DomainA\\GlobalGroup I recieve the error in the attached screenshot. This is despite being able to resolve the group in Members of DomainB\\DomainLocalGroup.
I have forced replication between the domains without issue and it has well and truly been more than 15 minutes since these groups were created.
Can anyone guide me on what surely stupid mistake I”m making here?