Honored Contributor.. RiverRat_1 Honored Contributor..
Honored Contributor..
327 views

AD Cross Domain User to Group Association

Jump to solution

Just curious if anyone has done this yet and what gotchas exist within AD.

I have flow that's been running for years to Active Directory user to group associations witihn once specific AD domain.   Now I've been asked to do cross-domain user to group associations where supposedly there is 2-way "transitive trust" (don't know what that means) between the two AD domains.  Recently DEV testing is throwing an error:

System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server

The flow is using the .NET "Add User to Group" step.    I'm pulling the User DN from AD domain where the user account lives and the Group DN from the AD domain where the group lives.    Then I'm using the "Add User To Group" step against the User Account AD Domain and it throws that error.

I might be going about this wrong.  Should I pull the cross-domain Group DN from the user account AD instance ??

0 Likes
1 Solution

Accepted Solutions
Honored Contributor.. RiverRat_1 Honored Contributor..
Honored Contributor..

Re: AD Cross Domain User to Group Association

Jump to solution

Thanks for the reply.  Turns out I was basically doing it correctly.

Discussions with my customer indicated the AD gurus-gods don't do cross-domain on purpose.  The indivdual asking for this feature didn't know that.  So ... they've changed their process and I get to leave my logic in OO for attemptoing to do cross-domain assuming they figure out they want to use it in the future.

0 Likes
2 Replies
Luis_V_OO Super Contributor.
Super Contributor.

Re: AD Cross Domain User to Group Association

Jump to solution

Hello,

            I believe that as yourself said, you have to pull the cross-domain Group DN from the user account AD instance.

Did you try that?

 

Regards,

Luis Quiros
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
0 Likes
Honored Contributor.. RiverRat_1 Honored Contributor..
Honored Contributor..

Re: AD Cross Domain User to Group Association

Jump to solution

Thanks for the reply.  Turns out I was basically doing it correctly.

Discussions with my customer indicated the AD gurus-gods don't do cross-domain on purpose.  The indivdual asking for this feature didn't know that.  So ... they've changed their process and I get to leave my logic in OO for attemptoing to do cross-domain assuming they figure out they want to use it in the future.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.