AD synchronization with external trusted domain

23/06/2008 - 13:02 von Erik Hastens | Report spam
I have installed an application (MS Project Server 2007) in our AD in domain
abc.com . For granting rights now, I'm using local domain groups in the
abc.com domain.

Furthermore, in the local domain groups, I have included nested global
security groups from other external domains, to which my domain abc.com has
an external two-way trust.

However, when I start Active Directory synchronization from Project Web
Access server settings, this partially fails because the nested groups from
the trusted external domain def.com cannot be resolved or access isn't
sufficient. In eventlog, I get the message:


Standard Information:PSI Entry Point:
Project User: ABC\projectadmin
Correlation Id: f596dbdc-c3bf-4902-9b96-fd3c657bb6b6
PWA Site URL: http://projects.abc.com/main
SSP Name: SharedServices1
PSError: Success (0)
Active Directory Synchronization cannot resolve reference to a foreign
security principal in a remote forest or external domain. This could be
because the object does not exist, the user does not have permission or
because of a communication problem between the project server application
server and Active Directory. Distinguished Name :
LDAP://abc.com/CN=S-1-5-21-39779165...abc,DC=com


I don't really understand whether this is caused by insufficient access or
dns problems. The MS Project admin users which runs the AD sync is domain
administrator in abc.com domain, but does he need also access in the external
trusted def.com domain?

Any hints would be appreciated.

Regards
Erik
 

Lesen sie die antworten

#1 Nils Kaczenski [MVP]
23/06/2008 - 21:39 | Warnen spam
However, when I start Active Directory synchronization from Project Web
Access server settings, this partially fails because the nested groups from
the trusted external domain def.com cannot be resolved or access isn't
sufficient.



this is very likely a Project Server problem. Please refer to a Project
Server group or forum.

What's more, this is a German-speaking group as you can see in the
"de.german" part of its name.

Bye, Nils

Nils Kaczenski - MVP Windows Server
www.faq-o-matic.net
Antworten bitte nur in die Newsgroup!
PM: Vorname at Nachname .de
https://mvp.support.microsoft.com/p....Kaczenski

Ähnliche fragen