Solved

Is it possible to add a user to several domain and if yes, how can I do that?

Posted on 2008-06-11
10
217 Views
Last Modified: 2013-12-05
Hi, I'm working with Windows 2000 server.  Is it possible to have a user belong to several domains, including external domain from a different forest?  If yes, how can I add this user to that external domain?  Thank you.
0
Comment
Question by:lapucca
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:lundholmster
ID: 21765536
It is possible. But the domains must be in a trust for this to work.

Read more here: http://technet2.microsoft.com/windowsserver/en/library/3215e730-c1a7-4918-bc9e-67f343f89e611033.mspx?mfr=true
0
 

Author Comment

by:lapucca
ID: 21765575
Yes, the 2 forests already have the trust setup.  How can add the user to the external domain in a trusted external domain?  Thank you,
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765592
you will need to be domain administrator on the other domain to have enough permissions to create a user account.
Then its a matter of having access to the tools, specifically: Active Directory User and Computers.
Then, there are normally standard policies applicable, like a user template, group membership  or scripts to enabled the desired permissions for that user.

Hope that helps.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 23

Expert Comment

by:debuggerau
ID: 21765611
If the user already exists however, its then a matter of giving the correct permissions to give whatever resources you they wanted access too.
0
 

Author Comment

by:lapucca
ID: 21765671
I'm developing an windows applicaiton and yes I have the domain admin right to our testing external domains.  The user is creatred on my loca domain that has a trust relationship with the external one.  So, you're saying I have to create the same user on the external domain?  But then the 2 users would not have the same objectSid.  That wouldn't make them the same user in my applicaiton.  
i have all the ad snap in, including Active Directory User and Computers. Can you point me to an article on how to do this.  I can then check the differences in the user's objectSid in ldp.exe.  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765690
So you want the same user to access both domains..

The Trust should do that for you, just permission accordingly..
http://help.prtracker.com/CreateDomainUser2000.html
0
 

Author Comment

by:lapucca
ID: 21765751
Thank you and I already know how to create users and groups...  I thought there is some special process/steps.  So, for the same user to access both domain, what I need to do is just to create 2 users of same first name and last name on both domains?  Is it req. to have first name and last name to be unique in AD?  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21766370
That will give you two separate accounts actually.

Depending on the type of trust you make, the resources can be seen over the trust.
That will allow a user of one domain to access the resources of the other domain.

Are all the Domain Controllers running windows 2000 server? Also, Are they in Windows 2000 Native mode or still in NT4 mode?
 
0
 

Author Comment

by:lapucca
ID: 21770244
My local pc is running windows 2000 server and in mixed mode for Win2000 and pre win2000.  The external domain is running Windows 2000 native and the server is on Win2003 server.  

I need to have the same one user on both domain.  How do I set that up in this scenario?  Thank you.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 21774606
You want to setup a one way trust from the source domain to the external domain to allow access to resources..
a two way trust will pass authentication the other way also.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question