Bug 875240

Adding AD-based Trusted Domains to external Groups In Red Hat Enterprise Linux 6.4, the ipa group-add-member command allows you to add members of Active Directory-based trusted domains to groups marked as external in Identity Management. These members may be specified by their name using domain- or UPN-based syntax, fox example AD\UserName or AD\GroupName, or User@AD.Domain. When specified in this form, members are resolved against Active Directory-based trusted domain's Global Catalog to obtain their Security Identifier (SID) value. Alternatively, an SID value could be specified directly. In this case, the ipa group-add-member command will only verify that the domain part of the SID value is one of the trusted Active Directory domain. No attempt will be done to verify validity of the SID within the domain. It is recommended to use user or group name syntax to specify external members rather than providing their SID values directly.