JSI Tip 9422. The Object Picker cannot locate objects that are located in another forest in Windows XP and Windows 2000?

When your domain computer tries to add users from another forest to an ACL (Access Control List) using the Object Picker, it may not enumerate objects from an external cross-forest trust.

NOTE: DO NOT add users from a trusted forest directly to an ACL. Add them to domain local groups on the domain controllers in your domain.

This behavior occurs because the Object Picker is only designed to select objects from the forest that the computer account you are logged on to belongs.

NOTE: If you use the UPN (User Principal Name), like [email protected], you could add users from a trust domain directly to your ACL.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.