Hi everyone! It's a pleasure to write one more time, after many years.
We have come across a problem regarding DCHP & DNS Dynamic Update. I'm postig here, because we think the solution relies on Active Directory Group Nesting.
Here is the thing: Our Forest has 3 domains: A, B, C. Every Domain has a two-way trust relationship with the others. Domain A has DHCP A, Domain B has DHCP B and Domain C has DHCP C.
After solving some problems with DNS Aging and Scavenging in Domain A (our principal Site), we need DHCP B and C to have the requiered permissions to make Dynamic Updates in DNSs zones of Domain A. So we created a service account DomainB\dhcp_service and DomainC\dhcp_service & configured DNS Dynamic update to happen always from the DHCP Server, not the client. So we need the service accounts DomainC\dhcp_service and DomainB\dhcp_service to be members of DomainA\DnsUpdateProxy, but this group has a scope of Global.
I can't find the nesting strategy to have those users as member of this group. Not with Global Scope. Is it possible to change-it to Universal and then to Domain Local to be able to add users from another domain? I don't know if theese built-in things are made to be changeable. I don't want to have problems running further active directory updates or extensions or functional levels...
Maybe there are another way to solve this and we are trying to solve this in a dirty or wrong way. But i cannot think of another way...
Any help will be appreciated.