Forum Discussion
Check user permissions for users in trusted domains
Trevor SewardYes, it's cross forest. It works in SharePoint 2013 if the People Picker properties SidHistorySafeMode and UseGlobalCatalog both are set to false (which is the default value).
It works in SharePoint 2013 because principal.GetAuthorizationGroups() is always called when getting the token groups.
The users are in the remote domain, and groups are in the local domain where SharePoint is installed.
Jens Otto Hatlevold Did you get any more clarity in this?
We have a 2016-farm (connected to Domain A) and users in Domain B-AD groups do not get access unless they click "Sign Out" on their user top right corner. The AD groups from Domain B are added as Edit-permission in SharePoint Permission Groups.
Domain A and Domain B has two-way trust between them.
UP sync works for settings against Domain B.
Matz Höög No, the company I worked for had plans for migrating into a new domain removing every domain trust that they had. After this was completed not long ago we did not have this issue anymore as all users, groups and SharePoint is now in the same domain.
- Check user permissions for users in trusted domains
Hi,
I have the same problem, did you find a solution.
I have users in domain A, and security groups (AD Goups) in sub domain B (trusted domains).
Domain B security groups contain users of Domain A.
The Permissions check functionality in SharePoint 2019 (CU March 2021) does not pull up security groups (AD Groups) from a different domain than the user's domain.
In the SharePoint logs file, we get this error message "unable to obtain GroupPrincipal object for group SID {0} which is found in the SPClaimsAuthRoleProvider.GetTokenGroupsForUser() method.
This works perfectly with SharePoint 2013 and SharePoint 2016
Best Regards
Edmond
