Add users from other domain RRS feed

  • Question

  • Hello,


    We have 2 domains in our infrastructure (say D1 and D2). D1 and D2 are independent domains, we cannot enable trust between these domains. Machine M1 is in domain D1.  

    For a business reason, we want to add a user of D2 domain to the machine M1.

    The issue is :

    When I try to add the user, try to look up the user, the locations list for user lookup does not list the D2 domain. So, I am unable to add the user. 


    Can anyone suggest how I can solve this issue?  Any pointers will also help.









    Friday, March 7, 2008 12:04 AM

All replies

  •   A machine cannot belong to more than one domain. If you want to join the machine to D2 you will need to unjoin it from D1.


     Getting access to resources is a different matter. A machine can access domain resources without being a domain member. (W98 machines would not be able to access domain resources if this wasn't so, because W98 machines cannot join a domain). What is required is that the username and password must match a valid user account on the domain. With W98 the trick was to put the user in a workgroup with the same name as the domain. If the workgroup/username/password on the W98 matched the domain/username/password of a domain account, the credentials were accepted by the domain server.  


       The user will not be able to access resources in D1 using its D2 credentials without a domain trust. This is because the domain name is part of the credentials offered. That is your stumbling block. If the user is logged on to D2 his/her credentials are D2/username/password and these are only valid in domain D2.   




    Friday, March 7, 2008 3:33 AM
  • Hi.

    I know there is an application that lets you choose domain at startup of the computer. But i'm sorry to say that I can't remember what that applicatons name was. If you get your hands on that application your computer can be member of 2 domains.


    If you want the user to be moved over to the other domain I suggest export the users data and create a new account in the other domain.



    MCSA + Messaging


    Monday, March 10, 2008 10:08 PM
  • Let me rephrase this ques..

    We are not looking at adding machines to two domains.


    M1 is in D1, M2 is in D2.


    I have a windows service to be run on M1. But the service needs credentials un\pwd for a domain account in domain D2.

    So, in services, I ask the service to run as "D2\username".


    How can I do this? Right now I cannot look up the user to configure run as.


    Tuesday, March 11, 2008 3:45 PM
  • As Bill noted, you got to have a trust between the two domains, to be able to look up an account in other domain.


    See also this article: http://support.microsoft.com/kb/925099


    - Duelund



    Wednesday, March 12, 2008 9:42 AM
  • Try to use Novell Client
    Monday, April 29, 2013 11:14 PM
  • Try to use Novell Client

    Irrelevant. The question is based on Microsoft Active Directory domains, trusts and authentication across a trust.

    Besides, this thread is over FIVE years old.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, April 30, 2013 1:19 AM