?
Solved

Adding non-domain users to active directory

Posted on 2011-03-03
4
Medium Priority
?
451 Views
Last Modified: 2012-05-11
We currently have a small windows 2003 domain setup where all the users are internal employees. We are looking to create a new class of user accounts that are external customers. This group of accounts would be held under active directory for maintenance only. (Another application will pull the account info from here using ldap). In other words, these accounts would have no access to any internal domain resources.  

I'm not sure how to procede with this. Should this all take place on a seperate server on a completely different domain or could I somehow intergrate these accounts into our  current envirionment ?

Thanks,
Bill


0
Comment
Question by:billmx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
IamTheMorsa earned 2000 total points
ID: 35027517
You can create an OU for those accounts, create the accounts, don't put them in group memberships and then change their default membership to something other than domain users.  You could create a group call "external users" and then assign those users to that group as their default group.

You could create a whole new AD domain, but that might be over kill for what you are trying to do.  It really depends on your needs and what is required.
0
 

Author Comment

by:billmx
ID: 35346846
Creating a new OU worked perfectly. It keeps those accounts seperate from our internal accounts so the distiction is clear. Thanks !
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37433043
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month14 days, 11 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question