locked
Add users from other domain RRS feed

  • Question

  • Hello,

     

    We have 2 domains in our infrastructure (say D1 and D2). D1 and D2 are independent domains, we cannot enable trust between these domains. Machine M1 is in domain D1.  

    For a business reason, we want to add a user of D2 domain to the machine M1.

    The issue is :

    When I try to add the user, try to look up the user, the locations list for user lookup does not list the D2 domain. So, I am unable to add the user. 

     

    Can anyone suggest how I can solve this issue?  Any pointers will also help.

     

    Regards

    Sh

     

     

     

     

     

    Friday, March 7, 2008 12:04 AM

All replies

  •   A machine cannot belong to more than one domain. If you want to join the machine to D2 you will need to unjoin it from D1.

     

     Getting access to resources is a different matter. A machine can access domain resources without being a domain member. (W98 machines would not be able to access domain resources if this wasn't so, because W98 machines cannot join a domain). What is required is that the username and password must match a valid user account on the domain. With W98 the trick was to put the user in a workgroup with the same name as the domain. If the workgroup/username/password on the W98 matched the domain/username/password of a domain account, the credentials were accepted by the domain server.  

     

       The user will not be able to access resources in D1 using its D2 credentials without a domain trust. This is because the domain name is part of the credentials offered. That is your stumbling block. If the user is logged on to D2 his/her credentials are D2/username/password and these are only valid in domain D2.   

     

      

     

    Friday, March 7, 2008 3:33 AM
  • Hi.

    I know there is an application that lets you choose domain at startup of the computer. But i'm sorry to say that I can't remember what that applicatons name was. If you get your hands on that application your computer can be member of 2 domains.

     

    If you want the user to be moved over to the other domain I suggest export the users data and create a new account in the other domain.

     

    OHM

    MCSA + Messaging

     

    Monday, March 10, 2008 10:08 PM
  • Let me rephrase this ques..

    We are not looking at adding machines to two domains.

     

    M1 is in D1, M2 is in D2.

     

    I have a windows service to be run on M1. But the service needs credentials un\pwd for a domain account in domain D2.

    So, in services, I ask the service to run as "D2\username".

     

    How can I do this? Right now I cannot look up the user to configure run as.

     

    Tuesday, March 11, 2008 3:45 PM
  • As Bill noted, you got to have a trust between the two domains, to be able to look up an account in other domain.

     

    See also this article: http://support.microsoft.com/kb/925099

     

    - Duelund

     

     

    Wednesday, March 12, 2008 9:42 AM
  • Try to use Novell Client
    Monday, April 29, 2013 11:14 PM
  • Try to use Novell Client

    Irrelevant. The question is based on Microsoft Active Directory domains, trusts and authentication across a trust.

    Besides, this thread is over FIVE years old.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, April 30, 2013 1:19 AM