The Object Picker cannot locate objects that are located in another forest in Windows XP and Windows 2000 (878452)
The information in this article applies to:
- Microsoft Windows XP Professional Service Pack 2 (SP2)
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
SYMPTOMSAssume the following: On a computer that is a member of a domain, you add users from another forest to your access control list (ACL) by using the Object Picker. The computer may be running Microsoft Windows XP or Microsoft Windows 2000. In this scenario, the Object Picker may not enumerate objects across an external cross-forest trust as expected.CAUSEThis issue occurs because you can use the Object Picker to select objects only from the same forest as that of the computer account that you have logged on to. For example, if your computer account is in forest 1, you cannot use the Object Picker to select objects that are located in forest 2.WORKAROUNDWe do not recommend that you add users from a trusted forest directly to your ACL. Instead, add the users from the external trusted forest to domain local groups on the domain controller in your domain.
Note You can also use the user principal name (UPN) account names to add users from a trusted domain directly to your ACL. A UPN account name is similar to someone@example.com.STATUS
This behavior is by design.
| Modification Type: | Major | Last Reviewed: | 5/31/2005 |
|---|
| Keywords: | kbtshoot KB878452 kbAudITPRO |
|---|
|