Lookie, an AD related post. Been ages since I did any AD work.
I always thought Universal groups could contain members from any domains in any forests. Coz back when I was learning about this stuff I guess there weren’t multiple forests – it was more about multiple domains. But turns out Universal groups can only contain members from other domains of the same forest. If you want a group that can contain members from any domains (in any forests) then Domain Local is the one you want.
One lives and learns.