6 Replies Latest reply on Nov 2, 2011 2:29 PM by Erik Brown

    Populating roles using domain local groups with members from multiple domains in a single forest

      I work in a multi-domain/single AD forest environment.  We are leveraging AD groups for populating roles in BBSA.


      In my lab, I have attempted to demonstrate how to go about adding new users to the system from a single domain local group.


      So, my lab setup is like this, I have two domains, X and Y.



        - X\user1

        - X\user2

        - X\user3

        - X\BBSAAdmins.GG (Global Group)

        - Y\user1

        - Y\user2


      I have setup a basic Automation Principal using an account in domain X, I have certificates for X and Y, but I'm pointing to a DC in domain X for my LDAP Connection.  My LDAP query points to X\BLAdminGroup.


      The obvious result is that my group mapping on my role produces a list of only those users in domain X.  After running a test on a group wholly contained in Domain Y (with associated domain Y-based Automation Principals and LDAP Connections), I got a similar result -- all Y, no X.


      My question is, how do I also get the users for domain Y from the same group?  Is there a pretty straightforward way to get there inside the console or using BLCLI?