Microsoft KB Archive/284776

= Security Setting Dialog Box Does Not Display Some Security Groups =

Article ID: 284776

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q284776



SUMMARY
Domain Local groups are not listed on an Active Directory Integrated ISA server when you try to perform either of the following actions:
 * You try to configure a Protocol rule or a Site and Content rule, and then apply this rule to specified groups and users.

-or-
 * You try to set permissions on objects.

You can add only Domain Global groups in these situations.

Note: If you use ADSIEdit, you may be able to see Domain Local groups.



MORE INFORMATION
By default, the ADSIEdit and Active Directory Users and Computers connect to the domain controller of the domain to which the currently logged-on user belongs. However, ISA Server connects to the domain controller of the domain to which the current computer belongs.

Using the information provided below, note that it is not possible to see the domain local groups from any domain other than the one you are currently connected to.

You can see the Domain Local Groups of the parent domain when you are connected to the configuration container through the parent domain domain controller and the ISA snap-in is connected to domain controller of the child domain.

Note: You can view the parent local domain group name from its Security Identifier (SID). Therefore you can see the correct domain group name in the Security dialog box in the ISA snap-in and in ADSIEdit.exe.

Can include

 * Principals from any domain in the forest.
 * Other universal groups from any domain in the forest.
 * Global groups from any domain in the forest.
 * Global groups from any domain in the forest.

Visible from

 * All the computers that are in the forest.
 * All the computers that are in the forest.

Replication

 * Group Name, SID and members name are all replicated through the global catalog.
 * Group Name, SID and members name are all replicated through the global catalog.

Can include

 * Principals from the same domain
 * other global groups from the same domain (Native mode only)
 * other global groups from the same domain (Native mode only)

Visible from

 * Group name is visible from all the computers that are in the forest
 * Members are not visible from all the computers that are in the forest
 * Members are not visible from all the computers that are in the forest

Replication

 * Group name and SID are replicated through GC
 * Member information is not replicated.
 * Member information is not replicated.

Can include

 * Principals from any domain in the forest
 * Global groups from any domain in the forest
 * Universal groups from any domain in the forest
 * Other domain local groups from the same domain (Native mode only)
 * Other domain local groups from the same domain (Native mode only)

Visible from:

 * All the computers that are in the domain.
 * Not visible from the computers that belong to another domain.
 * Not visible from the computers that belong to another domain.

Replication

 * No Replication
 * No Replication

Keywords: kbinfo KB284776

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.