E
Erik Hastens
I have installed an application (MS Project Server 2007) in our AD in domain
abc.com . For granting rights now, I'm using local domain groups in the
abc.com domain.
Furthermore, in the local domain groups, I have included nested global
security groups from other external domains, to which my domain abc.com has
an external two-way trust.
However, when I start Active Directory synchronization from Project Web
Access server settings, this partially fails because the nested groups from
the trusted external domain def.com cannot be resolved or access isn't
sufficient. In eventlog, I get the message:
---
Standard InformationSI Entry Point:
Project User: ABC\projectadmin
Correlation Id: f596dbdc-c3bf-4902-9b96-fd3c657bb6b6
PWA Site URL: http://projects.abc.com/main
SSP Name: SharedServices1
PSError: Success (0)
Active Directory Synchronization cannot resolve reference to a foreign
security principal in a remote forest or external domain. This could be
because the object does not exist, the user does not have permission or
because of a communication problem between the project server application
server and Active Directory. Distinguished Name :
LDAP://abc.com/CN=S-1-5-21-3977916586-269920929-2514719504-2232,CN=ForeignSecurityPrincipals,DC=abc,DC=com
---
I don't really understand whether this is caused by insufficient access or
dns problems. The MS Project admin users which runs the AD sync is domain
administrator in abc.com domain, but does he need also access in the
external
trusted def.com domain?
Any hints would be appreciated.
Regards
Erik
abc.com . For granting rights now, I'm using local domain groups in the
abc.com domain.
Furthermore, in the local domain groups, I have included nested global
security groups from other external domains, to which my domain abc.com has
an external two-way trust.
However, when I start Active Directory synchronization from Project Web
Access server settings, this partially fails because the nested groups from
the trusted external domain def.com cannot be resolved or access isn't
sufficient. In eventlog, I get the message:
---
Standard InformationSI Entry Point:
Project User: ABC\projectadmin
Correlation Id: f596dbdc-c3bf-4902-9b96-fd3c657bb6b6
PWA Site URL: http://projects.abc.com/main
SSP Name: SharedServices1
PSError: Success (0)
Active Directory Synchronization cannot resolve reference to a foreign
security principal in a remote forest or external domain. This could be
because the object does not exist, the user does not have permission or
because of a communication problem between the project server application
server and Active Directory. Distinguished Name :
LDAP://abc.com/CN=S-1-5-21-3977916586-269920929-2514719504-2232,CN=ForeignSecurityPrincipals,DC=abc,DC=com
---
I don't really understand whether this is caused by insufficient access or
dns problems. The MS Project admin users which runs the AD sync is domain
administrator in abc.com domain, but does he need also access in the
external
trusted def.com domain?
Any hints would be appreciated.
Regards
Erik