Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is it possible to add a user to several domain and if yes, how can I do that?

Posted on 2008-06-11
10
Medium Priority
?
222 Views
Last Modified: 2013-12-05
Hi, I'm working with Windows 2000 server.  Is it possible to have a user belong to several domains, including external domain from a different forest?  If yes, how can I add this user to that external domain?  Thank you.
0
Comment
Question by:lapucca
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:lundholmster
ID: 21765536
It is possible. But the domains must be in a trust for this to work.

Read more here: http://technet2.microsoft.com/windowsserver/en/library/3215e730-c1a7-4918-bc9e-67f343f89e611033.mspx?mfr=true
0
 

Author Comment

by:lapucca
ID: 21765575
Yes, the 2 forests already have the trust setup.  How can add the user to the external domain in a trusted external domain?  Thank you,
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765592
you will need to be domain administrator on the other domain to have enough permissions to create a user account.
Then its a matter of having access to the tools, specifically: Active Directory User and Computers.
Then, there are normally standard policies applicable, like a user template, group membership  or scripts to enabled the desired permissions for that user.

Hope that helps.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 23

Expert Comment

by:debuggerau
ID: 21765611
If the user already exists however, its then a matter of giving the correct permissions to give whatever resources you they wanted access too.
0
 

Author Comment

by:lapucca
ID: 21765671
I'm developing an windows applicaiton and yes I have the domain admin right to our testing external domains.  The user is creatred on my loca domain that has a trust relationship with the external one.  So, you're saying I have to create the same user on the external domain?  But then the 2 users would not have the same objectSid.  That wouldn't make them the same user in my applicaiton.  
i have all the ad snap in, including Active Directory User and Computers. Can you point me to an article on how to do this.  I can then check the differences in the user's objectSid in ldp.exe.  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765690
So you want the same user to access both domains..

The Trust should do that for you, just permission accordingly..
http://help.prtracker.com/CreateDomainUser2000.html
0
 

Author Comment

by:lapucca
ID: 21765751
Thank you and I already know how to create users and groups...  I thought there is some special process/steps.  So, for the same user to access both domain, what I need to do is just to create 2 users of same first name and last name on both domains?  Is it req. to have first name and last name to be unique in AD?  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21766370
That will give you two separate accounts actually.

Depending on the type of trust you make, the resources can be seen over the trust.
That will allow a user of one domain to access the resources of the other domain.

Are all the Domain Controllers running windows 2000 server? Also, Are they in Windows 2000 Native mode or still in NT4 mode?
 
0
 

Author Comment

by:lapucca
ID: 21770244
My local pc is running windows 2000 server and in mixed mode for Win2000 and pre win2000.  The external domain is running Windows 2000 native and the server is on Win2003 server.  

I need to have the same one user on both domain.  How do I set that up in this scenario?  Thank you.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 2000 total points
ID: 21774606
You want to setup a one way trust from the source domain to the external domain to allow access to resources..
a two way trust will pass authentication the other way also.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question