Microsoft KB Archive/878452

= The Object Picker cannot locate objects that are located in another forest in Windows XP and Windows 2000 =

Article ID: 878452

Article Last Modified on 5/31/2005

-

APPLIES TO


 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-





SYMPTOMS
Assume the following: On a computer that is a member of a domain, you add users from another forest to your access control list (ACL) by using the Object Picker. The computer may be running Microsoft Windows XP or Microsoft Windows 2000. In this scenario, the Object Picker may not enumerate objects across an external cross-forest trust as expected.



CAUSE
This issue occurs because you can use the Object Picker to select objects only from the same forest as that of the computer account that you have logged on to. For example, if your computer account is in, you cannot use the Object Picker to select objects that are located in.



WORKAROUND
We do not recommend that you add users from a trusted forest directly to your ACL. Instead, add the users from the external trusted forest to domain local groups on the domain controller in your domain.

Note You can also use the user principal name (UPN) account names to add users from a trusted domain directly to your ACL. A UPN account name is similar to.



STATUS
This behavior is by design.

Keywords: kbtshoot KB878452

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.