Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Is it possible to add a user to several domain and if yes, how can I do that?

Posted on 2008-06-11
10
Medium Priority
?
223 Views
Last Modified: 2013-12-05
Hi, I'm working with Windows 2000 server.  Is it possible to have a user belong to several domains, including external domain from a different forest?  If yes, how can I add this user to that external domain?  Thank you.
0
Comment
Question by:lapucca
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:lundholmster
ID: 21765536
It is possible. But the domains must be in a trust for this to work.

Read more here: http://technet2.microsoft.com/windowsserver/en/library/3215e730-c1a7-4918-bc9e-67f343f89e611033.mspx?mfr=true
0
 

Author Comment

by:lapucca
ID: 21765575
Yes, the 2 forests already have the trust setup.  How can add the user to the external domain in a trusted external domain?  Thank you,
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765592
you will need to be domain administrator on the other domain to have enough permissions to create a user account.
Then its a matter of having access to the tools, specifically: Active Directory User and Computers.
Then, there are normally standard policies applicable, like a user template, group membership  or scripts to enabled the desired permissions for that user.

Hope that helps.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 23

Expert Comment

by:debuggerau
ID: 21765611
If the user already exists however, its then a matter of giving the correct permissions to give whatever resources you they wanted access too.
0
 

Author Comment

by:lapucca
ID: 21765671
I'm developing an windows applicaiton and yes I have the domain admin right to our testing external domains.  The user is creatred on my loca domain that has a trust relationship with the external one.  So, you're saying I have to create the same user on the external domain?  But then the 2 users would not have the same objectSid.  That wouldn't make them the same user in my applicaiton.  
i have all the ad snap in, including Active Directory User and Computers. Can you point me to an article on how to do this.  I can then check the differences in the user's objectSid in ldp.exe.  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765690
So you want the same user to access both domains..

The Trust should do that for you, just permission accordingly..
http://help.prtracker.com/CreateDomainUser2000.html
0
 

Author Comment

by:lapucca
ID: 21765751
Thank you and I already know how to create users and groups...  I thought there is some special process/steps.  So, for the same user to access both domain, what I need to do is just to create 2 users of same first name and last name on both domains?  Is it req. to have first name and last name to be unique in AD?  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21766370
That will give you two separate accounts actually.

Depending on the type of trust you make, the resources can be seen over the trust.
That will allow a user of one domain to access the resources of the other domain.

Are all the Domain Controllers running windows 2000 server? Also, Are they in Windows 2000 Native mode or still in NT4 mode?
 
0
 

Author Comment

by:lapucca
ID: 21770244
My local pc is running windows 2000 server and in mixed mode for Win2000 and pre win2000.  The external domain is running Windows 2000 native and the server is on Win2003 server.  

I need to have the same one user on both domain.  How do I set that up in this scenario?  Thank you.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 2000 total points
ID: 21774606
You want to setup a one way trust from the source domain to the external domain to allow access to resources..
a two way trust will pass authentication the other way also.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question