Solved

Windows 2003 Active Directory Question - Linking ADs

Posted on 2006-06-28
17
178 Views
Last Modified: 2010-05-18
Hey everyone,

I'm not sure the best way to go about this...but I know it has to be the Microsoft way...and not some round about way of doing this.  Here is the setup.

Inside Active Directory Users and Computers you would see: 1 Forest with 2 Domains

Europe - default users
Asia - A group called Sales

How do I add the default users to the Asia domain so that they can have security set on their profiles?

Thanks,
inverted
0
Comment
Question by:inverted_2000
  • 5
  • 5
  • 4
  • +1
17 Comments
 
LVL 7

Expert Comment

by:ingetic
ID: 17004644
not easy to understand your question..
0
 
LVL 21

Accepted Solution

by:
mcsween earned 250 total points
ID: 17004841
The way I understand this is..

you have a Forest and beneth it you have a domain called Asia and a domain called Europe?

To add users from the Asia domain to a group in the Europe domain or vice versa you would have to use either a Global Group or a Universal Group.  If this is for security I suggest using a Universal group, except if you will be changing the group membership a lot.  If you will be chaning the group membership a lot then use a Global group to cut down on replication.  It might take slightly longer to authenticate with a global group if there isn't a DC for each domain at the site the user is at.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17005092
Why would you want to do that?  A user from either domain can log into a computer from either domain, with roaming profiles they are still the same user account.

If a user from Europe wanted to use a computer in Asia, he/she simply has to use the dropdown to select the Europe domain then log in.  They can also use their full account logon name - joe.smith@europe.com on the Asia computer.

Either logon method will get them their own profile.  The only issue is if it's on a server in the location and it will take time to load.  You can get around this using DFS and Sites.

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17006125
It was a question on my 290 exam that I know I missed because I didn't understand why they would want me to do that...but none the less...they did.

So in AD I had both Euope and Asia listed as domains.  There was a group called Sales in the Asia Users bucket.  I needed to add the users from the Europe domain to have the same permissions and resources as the Asia domain's users that where in the Sales OU...

I didn't think it would be hard...but they took out a bunch of options and I couldn't simply add the Users OU from the Europe domain to the Asia domain...
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 17006180
Well, for starters, you can't add a Global Group from one domain into a Global Group from another.

The correct method is to add a Global Group from Europe into a Domain Local Group in Asia.

or

Create a Universal Group, place Global Groups from each domain containing the users from each domain that you want to affect, then add the UG to the domain local group that has access to the resources.

UGs require both domains to be in Native mode and have a 2 way trust between Forest Root DCs.

Global groups do not require Native mode, but do require the 2 way trust.

Anything there look familiar in the answers?
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17006455
Well I didn't get the answers via MS...but let me kick it around and I'll award you the correct reponse if my mentors at school verify it....it looks to me that both would sufice...but we all know how that is.   Thanks and I'll be back in a day or two (o:
0
 
LVL 21

Expert Comment

by:mcsween
ID: 17009519
I wasn't suggesting you add a global group from asia into a global group in Europe.  I was saying you can add the USERS from one domain into a global group in another domain.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 21

Expert Comment

by:mcsween
ID: 17009531
Oops, typing waaay to fast.  I mean Domain Local Group, not Global Group...sorry :(
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17009555
I wasn't suggesting you were - I was simply making a statement.

Let's see what his prof has to say.  Should I gas up the grill now!! :o)

0
 
LVL 21

Expert Comment

by:mcsween
ID: 17009802
LOL, Gas it up!!
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17012742
The professor is on vacation...me have to figure this one out with you guys (o:
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17020774
Okay...here goes my suggestion.

Create a new universal group in the Europe domain and add all of the users in the Europe domain to the new group...lets call it EupUni.

Place the new group EupUni into the built-in Users group for the Asia domain.

This would allow the users of the Europe domain access to the resources of the Asia domain.

Can we agree on that?

Thanks a lot

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17020797
Are both Forests in Native mode?

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17034580
I don't know...should they be and how do I check?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17036573
This article tells you how to raise the levels - therefore, you can also use it to see what levels you are currently at:

http://support.microsoft.com/kb/322692/en-us

You must be running in Native mode to use Universal Groups.

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VCSA join to Active directory 10 105
idle mapped drive 10 51
GPO Access denied in AD 12 39
Need MS Windows 2003 R2 (32) support tools 3 56
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now