Service Manager
A family of System Center products for managing incidents and problems.
210 questions
Service Manager ADgroupexpander not working in untrusted domain
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 91%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Richard
1
Reputation point
Hi,
We have created an ADconnector that should collect groups and its users from an domain with a one way trust.
Within our own domain, the group is collected and the users are added. with the other domain, the users don't get added. the groups do.
Within the event log i see an event. the most interesting rules seem to be
"the group expension workflow for Connector xxx has encountered the following error"
"CN=xx,OU=Users,OU=xx,OU=CODE,DC=xx,DC=xxxx,DC=xxxx,DC=com. ---> System.NullReferenceException: Object reference not set to an instance of an object."
following the https://techcommunity.microsoft.com/t5/system-center-blog/ad-connector-cross-forest-tricks/ba-p/341509 crost forest tricks dont give more information, besides that is not much else then the direct domain.
So we have access to de domain, it sees the groups and as seen in the logging even tries to import the first user.
We use an account that gathers similar information for other programs so the accounts has enough permissions.