How Do I Limit Domain Administrator Logins to a Single Domain Controller from Administrators from other Trusted Domains?
Posted on 2007-10-04
In a Windows 2003 trusted multi-domain environment, how do I go about limiting which domain administrators can login to specific domain controllers in different domains? For example, if I have "Domain Controller 1 on Domain 1", "Domain Controller 2 on Domain 2" and "Domain Controller 3 on Domain 3", how do I restrict logins such that Administrator 1 can only login to Domain Controller 1 on Domain 1? Currently, any administrator can login to any domain controller in any domain by using their login credentials and by selecting the appropriate domain that contains their account. For example, currently Administrator 3 from Domain 3 can login to Domain Controller 1 by entering their login credentials and selecting "Domain 3" as the domain upon logon. How do I limit this so that only Administrator 1 can login to Domain Controller 1 on Domain 1 and Administrator 2 can only login to Domain Controller 2 on Domain 2 and so on?