Solved

Is it possible to add a user to several domain and if yes, how can I do that?

Posted on 2008-06-11
10
219 Views
Last Modified: 2013-12-05
Hi, I'm working with Windows 2000 server.  Is it possible to have a user belong to several domains, including external domain from a different forest?  If yes, how can I add this user to that external domain?  Thank you.
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 5

Expert Comment

by:lundholmster
ID: 21765536
It is possible. But the domains must be in a trust for this to work.

Read more here: http://technet2.microsoft.com/windowsserver/en/library/3215e730-c1a7-4918-bc9e-67f343f89e611033.mspx?mfr=true
0
 

Author Comment

by:lapucca
ID: 21765575
Yes, the 2 forests already have the trust setup.  How can add the user to the external domain in a trusted external domain?  Thank you,
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765592
you will need to be domain administrator on the other domain to have enough permissions to create a user account.
Then its a matter of having access to the tools, specifically: Active Directory User and Computers.
Then, there are normally standard policies applicable, like a user template, group membership  or scripts to enabled the desired permissions for that user.

Hope that helps.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 23

Expert Comment

by:debuggerau
ID: 21765611
If the user already exists however, its then a matter of giving the correct permissions to give whatever resources you they wanted access too.
0
 

Author Comment

by:lapucca
ID: 21765671
I'm developing an windows applicaiton and yes I have the domain admin right to our testing external domains.  The user is creatred on my loca domain that has a trust relationship with the external one.  So, you're saying I have to create the same user on the external domain?  But then the 2 users would not have the same objectSid.  That wouldn't make them the same user in my applicaiton.  
i have all the ad snap in, including Active Directory User and Computers. Can you point me to an article on how to do this.  I can then check the differences in the user's objectSid in ldp.exe.  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21765690
So you want the same user to access both domains..

The Trust should do that for you, just permission accordingly..
http://help.prtracker.com/CreateDomainUser2000.html
0
 

Author Comment

by:lapucca
ID: 21765751
Thank you and I already know how to create users and groups...  I thought there is some special process/steps.  So, for the same user to access both domain, what I need to do is just to create 2 users of same first name and last name on both domains?  Is it req. to have first name and last name to be unique in AD?  Thank you.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 21766370
That will give you two separate accounts actually.

Depending on the type of trust you make, the resources can be seen over the trust.
That will allow a user of one domain to access the resources of the other domain.

Are all the Domain Controllers running windows 2000 server? Also, Are they in Windows 2000 Native mode or still in NT4 mode?
 
0
 

Author Comment

by:lapucca
ID: 21770244
My local pc is running windows 2000 server and in mixed mode for Win2000 and pre win2000.  The external domain is running Windows 2000 native and the server is on Win2003 server.  

I need to have the same one user on both domain.  How do I set that up in this scenario?  Thank you.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 21774606
You want to setup a one way trust from the source domain to the external domain to allow access to resources..
a two way trust will pass authentication the other way also.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question