Solved

Is it possible to add a user to several domain and if yes, how can I do that?

Posted on 2008-06-11
10
218 Views
Last Modified: 2013-12-05
Hi, I'm working with Windows 2000 server.  Is it possible to have a user belong to several domains, including external domain from a different forest?  If yes, how can I add this user to that external domain?  Thank you.
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:lundholmster
ID: 21765536
It is possible. But the domains must be in a trust for this to work.

Read more here: http://technet2.microsoft.com/windowsserver/en/library/3215e730-c1a7-4918-bc9e-67f343f89e611033.mspx?mfr=true
0
 

Author Comment

by:lapucca
ID: 21765575
Yes, the 2 forests already have the trust setup.  How can add the user to the external domain in a trusted external domain?  Thank you,
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765592
you will need to be domain administrator on the other domain to have enough permissions to create a user account.
Then its a matter of having access to the tools, specifically: Active Directory User and Computers.
Then, there are normally standard policies applicable, like a user template, group membership  or scripts to enabled the desired permissions for that user.

Hope that helps.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 23

Expert Comment

by:debuggerau
ID: 21765611
If the user already exists however, its then a matter of giving the correct permissions to give whatever resources you they wanted access too.
0
 

Author Comment

by:lapucca
ID: 21765671
I'm developing an windows applicaiton and yes I have the domain admin right to our testing external domains.  The user is creatred on my loca domain that has a trust relationship with the external one.  So, you're saying I have to create the same user on the external domain?  But then the 2 users would not have the same objectSid.  That wouldn't make them the same user in my applicaiton.  
i have all the ad snap in, including Active Directory User and Computers. Can you point me to an article on how to do this.  I can then check the differences in the user's objectSid in ldp.exe.  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765690
So you want the same user to access both domains..

The Trust should do that for you, just permission accordingly..
http://help.prtracker.com/CreateDomainUser2000.html
0
 

Author Comment

by:lapucca
ID: 21765751
Thank you and I already know how to create users and groups...  I thought there is some special process/steps.  So, for the same user to access both domain, what I need to do is just to create 2 users of same first name and last name on both domains?  Is it req. to have first name and last name to be unique in AD?  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21766370
That will give you two separate accounts actually.

Depending on the type of trust you make, the resources can be seen over the trust.
That will allow a user of one domain to access the resources of the other domain.

Are all the Domain Controllers running windows 2000 server? Also, Are they in Windows 2000 Native mode or still in NT4 mode?
 
0
 

Author Comment

by:lapucca
ID: 21770244
My local pc is running windows 2000 server and in mixed mode for Win2000 and pre win2000.  The external domain is running Windows 2000 native and the server is on Win2003 server.  

I need to have the same one user on both domain.  How do I set that up in this scenario?  Thank you.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 21774606
You want to setup a one way trust from the source domain to the external domain to allow access to resources..
a two way trust will pass authentication the other way also.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Pop-up allow list 6 41
Enabling flash installation using GPO 2 55
Testrail - Active Directory integration. 4 35
DNS Record Manupluation 11 43
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question