This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Learn More

Remove From My Forums

Add users from other domain

Question
0

Sign in to vote

Hello,

We have 2 domains in our infrastructure (say D1 and D2). D1 and D2 are independent domains, we cannot enable trust between these domains. Machine M1 is in domain D1.

For a business reason, we want to add a user of D2 domain to the machine M1.

The issue is :

When I try to add the user, try to look up the user, the locations list for user lookup does not list the D2 domain. So, I am unable to add the user.

Can anyone suggest how I can solve this issue? Any pointers will also help.

Regards

Sh

Friday, March 7, 2008 12:04 AM

All replies

0

Sign in to vote

A machine cannot belong to more than one domain. If you want to join the machine to D2 you will need to unjoin it from D1.

Getting access to resources is a different matter. A machine can access domain resources without being a domain member. (W98 machines would not be able to access domain resources if this wasn't so, because W98 machines cannot join a domain). What is required is that the username and password must match a valid user account on the domain. With W98 the trick was to put the user in a workgroup with the same name as the domain. If the workgroup/username/password on the W98 matched the domain/username/password of a domain account, the credentials were accepted by the domain server.

   The user will not be able to access resources in D1 using its D2 credentials without a domain trust. This is because the domain name is part of the credentials offered. That is your stumbling block. If the user is logged on to D2 his/her credentials are D2/username/password and these are only valid in domain D2.



Friday, March 7, 2008 3:33 AM
0

Sign in to vote

Hi.

I know there is an application that lets you choose domain at startup of the computer. But i'm sorry to say that I can't remember what that applicatons name was. If you get your hands on that application your computer can be member of 2 domains.

If you want the user to be moved over to the other domain I suggest export the users data and create a new account in the other domain.

OHM

MCSA + Messaging

Monday, March 10, 2008 10:08 PM
0

Sign in to vote

Let me rephrase this ques..

We are not looking at adding machines to two domains.

M1 is in D1, M2 is in D2.

I have a windows service to be run on M1. But the service needs credentials un\pwd for a domain account in domain D2.

So, in services, I ask the service to run as "D2\username".

How can I do this? Right now I cannot look up the user to configure run as.

Tuesday, March 11, 2008 3:45 PM
0

Sign in to vote

As Bill noted, you got to have a trust between the two domains, to be able to look up an account in other domain.

See also this article: http://support.microsoft.com/kb/925099

- Duelund

Wednesday, March 12, 2008 9:42 AM
0

Sign in to vote

Try to use Novell Client

Monday, April 29, 2013 11:14 PM
0

Sign in to vote

Try to use Novell Client

Irrelevant. The question is based on Microsoft Active Directory domains, trusts and authentication across a trust.

Besides, this thread is over FIVE years old.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

This post is provided AS-IS with no warranties or guarantees and confers no rights.

Tuesday, April 30, 2013 1:19 AM