Solved

Windows 2003 Active Directory Question - Linking ADs

Posted on 2006-06-28
17
182 Views
Last Modified: 2010-05-18
Hey everyone,

I'm not sure the best way to go about this...but I know it has to be the Microsoft way...and not some round about way of doing this.  Here is the setup.

Inside Active Directory Users and Computers you would see: 1 Forest with 2 Domains

Europe - default users
Asia - A group called Sales

How do I add the default users to the Asia domain so that they can have security set on their profiles?

Thanks,
inverted
0
Comment
Question by:inverted_2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +1
17 Comments
 
LVL 7

Expert Comment

by:ingetic
ID: 17004644
not easy to understand your question..
0
 
LVL 22

Accepted Solution

by:
mcsween earned 250 total points
ID: 17004841
The way I understand this is..

you have a Forest and beneth it you have a domain called Asia and a domain called Europe?

To add users from the Asia domain to a group in the Europe domain or vice versa you would have to use either a Global Group or a Universal Group.  If this is for security I suggest using a Universal group, except if you will be changing the group membership a lot.  If you will be chaning the group membership a lot then use a Global group to cut down on replication.  It might take slightly longer to authenticate with a global group if there isn't a DC for each domain at the site the user is at.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17005092
Why would you want to do that?  A user from either domain can log into a computer from either domain, with roaming profiles they are still the same user account.

If a user from Europe wanted to use a computer in Asia, he/she simply has to use the dropdown to select the Europe domain then log in.  They can also use their full account logon name - joe.smith@europe.com on the Asia computer.

Either logon method will get them their own profile.  The only issue is if it's on a server in the location and it will take time to load.  You can get around this using DFS and Sites.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:inverted_2000
ID: 17006125
It was a question on my 290 exam that I know I missed because I didn't understand why they would want me to do that...but none the less...they did.

So in AD I had both Euope and Asia listed as domains.  There was a group called Sales in the Asia Users bucket.  I needed to add the users from the Europe domain to have the same permissions and resources as the Asia domain's users that where in the Sales OU...

I didn't think it would be hard...but they took out a bunch of options and I couldn't simply add the Users OU from the Europe domain to the Asia domain...
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 17006180
Well, for starters, you can't add a Global Group from one domain into a Global Group from another.

The correct method is to add a Global Group from Europe into a Domain Local Group in Asia.

or

Create a Universal Group, place Global Groups from each domain containing the users from each domain that you want to affect, then add the UG to the domain local group that has access to the resources.

UGs require both domains to be in Native mode and have a 2 way trust between Forest Root DCs.

Global groups do not require Native mode, but do require the 2 way trust.

Anything there look familiar in the answers?
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17006455
Well I didn't get the answers via MS...but let me kick it around and I'll award you the correct reponse if my mentors at school verify it....it looks to me that both would sufice...but we all know how that is.   Thanks and I'll be back in a day or two (o:
0
 
LVL 22

Expert Comment

by:mcsween
ID: 17009519
I wasn't suggesting you add a global group from asia into a global group in Europe.  I was saying you can add the USERS from one domain into a global group in another domain.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 17009531
Oops, typing waaay to fast.  I mean Domain Local Group, not Global Group...sorry :(
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17009555
I wasn't suggesting you were - I was simply making a statement.

Let's see what his prof has to say.  Should I gas up the grill now!! :o)

0
 
LVL 22

Expert Comment

by:mcsween
ID: 17009802
LOL, Gas it up!!
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17012742
The professor is on vacation...me have to figure this one out with you guys (o:
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17020774
Okay...here goes my suggestion.

Create a new universal group in the Europe domain and add all of the users in the Europe domain to the new group...lets call it EupUni.

Place the new group EupUni into the built-in Users group for the Asia domain.

This would allow the users of the Europe domain access to the resources of the Asia domain.

Can we agree on that?

Thanks a lot

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17020797
Are both Forests in Native mode?

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17034580
I don't know...should they be and how do I check?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17036573
This article tells you how to raise the levels - therefore, you can also use it to see what levels you are currently at:

http://support.microsoft.com/kb/322692/en-us

You must be running in Native mode to use Universal Groups.

0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what is the difference between basic disks and dinamyic disks? 6 89
idle mapped drive 10 69
Big Problem with Redirected Folder 8 66
windows Server 2003 in 2017 10 73
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question