Solved

Adding non-domain users to active directory

Posted on 2011-03-03
4
450 Views
Last Modified: 2012-05-11
We currently have a small windows 2003 domain setup where all the users are internal employees. We are looking to create a new class of user accounts that are external customers. This group of accounts would be held under active directory for maintenance only. (Another application will pull the account info from here using ldap). In other words, these accounts would have no access to any internal domain resources.  

I'm not sure how to procede with this. Should this all take place on a seperate server on a completely different domain or could I somehow intergrate these accounts into our  current envirionment ?

Thanks,
Bill


0
Comment
Question by:billmx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
IamTheMorsa earned 500 total points
ID: 35027517
You can create an OU for those accounts, create the accounts, don't put them in group memberships and then change their default membership to something other than domain users.  You could create a group call "external users" and then assign those users to that group as their default group.

You could create a whole new AD domain, but that might be over kill for what you are trying to do.  It really depends on your needs and what is required.
0
 

Author Comment

by:billmx
ID: 35346846
Creating a new OU worked perfectly. It keeps those accounts seperate from our internal accounts so the distiction is clear. Thanks !
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37433043
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question