I have a Org with offices in separate location. Each of these locations has a seperate Domain (ORG = ABC, Domains = 1,2 and 3). Typical Org....Set up MOSS (Standard) and completed the Profile Import from the forest (ABC) and all works well. 13,700+ profiles from Domains 1,2 and 3. Good to go.The Security Groups used are in Domain 1. MOSS is in Domain 1. The users access the page and the default navigation and security combination creates the typical "dashboard" and links (No access = not viewable).I am setting up Audiences using the same AD Groups used for permissions and housed in Domain 1, to create a dashboard and personalize the look and feel. The problem is I only get the members of the local domain (Domain 1) in the Audience. Let's take this a step further...The web part shows fine and works correctly for those in the local domain. The Audience recognizes the local accounts in the AD Security Group and compiles them. However, the compilation will not recognize the users in the trusted domains (2 and 3). But…. If I add a rule to the Audience for the “Account Name” and point to a user in domains 2 & 3 the Audience compiles and pulls the user into the Audience.The SSP Service has read access to the entire forest. Does it need more access than that for the Audience compilation since the Security Groups (the Audiences are compiling against) are in the local Domain? What I mean by this is:I have been able to do a Full Profile Import for the entire Forest. I am also able to add the individual user from domains 2 and 3 into the Audience if I set a rule for that users Account name. I just cannot seem to get the Audiences to recognize the users from Domains 2 & 3 from within the local Security Groups during compilation by using the AD Groups in the rule.My Profile Import completes and DOES pull in all users in the forest. Which again brings me to the GPO’s. We are running GPO’s and they were a problem for importing before but we corrected that problem and we are able to import the users’ profiles and compile the audiences. I confirmed the service accounts had access to ‘reg.exe’ and all works fine. Search works fine. Profile Imports work fine. The People Picker works fine.Audiences even compile and pull in the locals …… but…. No the users of the remote domains are not added to the Audience.

Hi, Did you use domain local scope? If so, we determine a user group membership at the time of profile import by querying for the imported user memberOf attribute in Active Directory. The memberOf is a back-link attribute that uses the members attribute of the Active Directory groups to determine group membership. Since domain local groups membership is not published outside of the domain it was created in this membership is not seen during profile import. You can create audiences based on universal groups. Universal group membership is published to all Global Catalog servers in the forest. For more information about memberOf attribute, please refer to the following articles: User Security Attributes http://msdn.microsoft.com/en-us/library/ms677943(VS.85).aspx Directory Data Store http://technet.microsoft.com/en-us/library/cc961761.aspx For more information about groups in AD, please refer to the following article: Active Directory Users, Computers, and Groups http://technet.microsoft.com/en-us/library/bb727067.aspx Hope this helps. Rock WangRock Wang MSFT

hello, the group is indeed a domain local group. the problem is that i cannot add user from the trusted domain to the universal group. any idea how i can do that ?Thanks in advance,

Hi, Universal groups are available only in native-mode domains. Please check whether you meet this requirement. Universal groups can have members from any Windows 2000 domain in the forest. (Universal groups can contain members from mixed-mode domains in the same forest, but this is not recommended. Members from such domains cannot have the universal group's SID added to their access token because universal groups are not available in mixed-mode domains. Therefore, troubleshooting access problems would be difficult.) You can also try the following steps: a. In the external domains create domain global or universal groupsb. Add the users from the external domains to either of the above security groupsc. In your primary domain (SharePoint local domain), add the domain global or universal groups to the domain local group(s).d. Add the domain local group(s) to SharePoint group(s)e. Use the SharePoint groups for audience targeting. If anything is unclear, feel free to let me know. Rock WangRock Wang MSFT

hello, this is the situation I have, which is actually a bit different from what i first understood : we have two different forest with a full trust between domain A and B. domain A is windows 2000 native and forest in windows 2000 domain B is windows 2003 and forest in windows 2003 the only way to add user from domain B to a group of domain A is to choose domain local group but then it's not possible to use it with MOSS. the second option you describe is working but it is what I try to avoid, create a group on each domain for the same purpose. Thanks again for your help.