Share via

how can we add Manager to an AD user from different trusted forest, we have a bidirectional trust?

Anonymous
2024-03-11T18:30:43+00:00

how can we add Manager to an AD user from different trusted forest, we have a bidirectional trust?

Windows for business Windows Server Directory services Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-03-12T07:01:03+00:00

    Hi Shaik Lalmahammad,

    Thank you for posting in the Microsoft Community Forum.

    In an environment with bidirectional trust, adding AD users from different trusted forests to the Manager field may require additional steps because, by default, the Active Directory Manager field typically only contains users from the same trusted forest.

    You can try the following methods:

    1. **Set the Manager field in user properties:**
      • Open Active Directory Users and Computers (ADUC).
      • Locate the user for whom you want to set the Manager, right-click, and select "Properties."
      • Switch to the "Attribute" tab and find the "Manager" field.
      • In the "Manager" field, enter the Distinguished Name (DN) of the user from the different trusted forest. Ensure that the entered DN is accurate, and the user has the necessary permissions.
    2. **Use Fully Qualified User Names (FQDN):**
      • When setting the Manager field, use the fully qualified user name, including the user's trusted forest information. For example, if your domain is domainA.com, and the user is in domainB.com, the fully qualified user name in the Manager field might be ******@domainB.com.
    3. **Consider Permissions:**
      • Ensure that users from different trusted forests have sufficient permissions to be set as the Manager for other users. This may involve configuring cross-forest access permissions.

    Please note that the actual steps for these operations may vary based on your Active Directory architecture and the configuration of trusts between domains. Before making such changes, it is advisable to test in a controlled environment and ensure that you understand and consider potential security and permission implications.

    Best regards

    Neuvi Jiang

    0 comments
  2. Anonymous
    2024-10-22T12:58:06+00:00

    Does not work. I get a "name reference is invalid" error.

    I believe the manager object must exist in the forest as the user.

    The only way to do this that I am aware of is to use a “placeholder” contact type object for the manager in the user forest you can link manager attribute to.

    0 comments