Solved

Windows 2003 Active Directory Question - Linking ADs

Posted on 2006-06-28
17
176 Views
Last Modified: 2010-05-18
Hey everyone,

I'm not sure the best way to go about this...but I know it has to be the Microsoft way...and not some round about way of doing this.  Here is the setup.

Inside Active Directory Users and Computers you would see: 1 Forest with 2 Domains

Europe - default users
Asia - A group called Sales

How do I add the default users to the Asia domain so that they can have security set on their profiles?

Thanks,
inverted
0
Comment
Question by:inverted_2000
  • 5
  • 5
  • 4
  • +1
17 Comments
 
LVL 7

Expert Comment

by:ingetic
ID: 17004644
not easy to understand your question..
0
 
LVL 21

Accepted Solution

by:
mcsween earned 250 total points
ID: 17004841
The way I understand this is..

you have a Forest and beneth it you have a domain called Asia and a domain called Europe?

To add users from the Asia domain to a group in the Europe domain or vice versa you would have to use either a Global Group or a Universal Group.  If this is for security I suggest using a Universal group, except if you will be changing the group membership a lot.  If you will be chaning the group membership a lot then use a Global group to cut down on replication.  It might take slightly longer to authenticate with a global group if there isn't a DC for each domain at the site the user is at.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17005092
Why would you want to do that?  A user from either domain can log into a computer from either domain, with roaming profiles they are still the same user account.

If a user from Europe wanted to use a computer in Asia, he/she simply has to use the dropdown to select the Europe domain then log in.  They can also use their full account logon name - joe.smith@europe.com on the Asia computer.

Either logon method will get them their own profile.  The only issue is if it's on a server in the location and it will take time to load.  You can get around this using DFS and Sites.

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17006125
It was a question on my 290 exam that I know I missed because I didn't understand why they would want me to do that...but none the less...they did.

So in AD I had both Euope and Asia listed as domains.  There was a group called Sales in the Asia Users bucket.  I needed to add the users from the Europe domain to have the same permissions and resources as the Asia domain's users that where in the Sales OU...

I didn't think it would be hard...but they took out a bunch of options and I couldn't simply add the Users OU from the Europe domain to the Asia domain...
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 17006180
Well, for starters, you can't add a Global Group from one domain into a Global Group from another.

The correct method is to add a Global Group from Europe into a Domain Local Group in Asia.

or

Create a Universal Group, place Global Groups from each domain containing the users from each domain that you want to affect, then add the UG to the domain local group that has access to the resources.

UGs require both domains to be in Native mode and have a 2 way trust between Forest Root DCs.

Global groups do not require Native mode, but do require the 2 way trust.

Anything there look familiar in the answers?
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17006455
Well I didn't get the answers via MS...but let me kick it around and I'll award you the correct reponse if my mentors at school verify it....it looks to me that both would sufice...but we all know how that is.   Thanks and I'll be back in a day or two (o:
0
 
LVL 21

Expert Comment

by:mcsween
ID: 17009519
I wasn't suggesting you add a global group from asia into a global group in Europe.  I was saying you can add the USERS from one domain into a global group in another domain.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 21

Expert Comment

by:mcsween
ID: 17009531
Oops, typing waaay to fast.  I mean Domain Local Group, not Global Group...sorry :(
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17009555
I wasn't suggesting you were - I was simply making a statement.

Let's see what his prof has to say.  Should I gas up the grill now!! :o)

0
 
LVL 21

Expert Comment

by:mcsween
ID: 17009802
LOL, Gas it up!!
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17012742
The professor is on vacation...me have to figure this one out with you guys (o:
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17020774
Okay...here goes my suggestion.

Create a new universal group in the Europe domain and add all of the users in the Europe domain to the new group...lets call it EupUni.

Place the new group EupUni into the built-in Users group for the Asia domain.

This would allow the users of the Europe domain access to the resources of the Asia domain.

Can we agree on that?

Thanks a lot

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17020797
Are both Forests in Native mode?

0
 
LVL 2

Author Comment

by:inverted_2000
ID: 17034580
I don't know...should they be and how do I check?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17036573
This article tells you how to raise the levels - therefore, you can also use it to see what levels you are currently at:

http://support.microsoft.com/kb/322692/en-us

You must be running in Native mode to use Universal Groups.

0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now