Skip to content

Unable to make Active Directory group member of another group

This article was been published more than 6months ago. The information contained herein may be outdated.

Some time ago, I was working on a request to limit access to a folder to members of four AD groups. Following the established practice at my employer, I created the group to grant access to the folder, and the one to control who has access. I made the latter a member of the former, and went to add the members. Two of the AD groups that were to have access were added, no problem. The other two were not. Not only that, I couldn’t even find them when searching for them,

Looking at settings for the group I could add, and comparing them to those I couldn’t, I found one significant difference; the setting under Group scope. Here they are; the ones I could add are on the left, the ones I couldn’t on the right:

Scope

Because the groups I couldn’t add were set to use a Universal, rather than Global, group scope, I was unable to find them when searching for them, or add them at all. Luckily, this is easily remedied, as you can simply change the setting.

For more information on AD Group Scopes, see information from Microsoft TechNet

Be First to Comment

Leave a Reply