?
Solved

Adding non-domain users to active directory

Posted on 2011-03-03
4
Medium Priority
?
455 Views
Last Modified: 2012-05-11
We currently have a small windows 2003 domain setup where all the users are internal employees. We are looking to create a new class of user accounts that are external customers. This group of accounts would be held under active directory for maintenance only. (Another application will pull the account info from here using ldap). In other words, these accounts would have no access to any internal domain resources.  

I'm not sure how to procede with this. Should this all take place on a seperate server on a completely different domain or could I somehow intergrate these accounts into our  current envirionment ?

Thanks,
Bill


0
Comment
Question by:billmx
3 Comments
 
LVL 3

Accepted Solution

by:
IamTheMorsa earned 2000 total points
ID: 35027517
You can create an OU for those accounts, create the accounts, don't put them in group memberships and then change their default membership to something other than domain users.  You could create a group call "external users" and then assign those users to that group as their default group.

You could create a whole new AD domain, but that might be over kill for what you are trying to do.  It really depends on your needs and what is required.
0
 

Author Comment

by:billmx
ID: 35346846
Creating a new OU worked perfectly. It keeps those accounts seperate from our internal accounts so the distiction is clear. Thanks !
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37433043
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question