Re: How to add a user from a trusted domain to a domain local group?
- From: "1337squirrel" <1337squirrel@xxxxxxxxx>
- Date: 14 Sep 2006 15:47:59 -0700
Greg Bartholomew wrote:
Hi,
Would anyone know how to add a user from a trusted domain to a domain local
group? I can do it using the GUI but when I try the following script, I
get:
D:\>group.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
D:\group.vbs(3, 1) (null): There is no such object on the server.
group.vbs:
Set objGroup =
GetObject("LDAP://CN=Engineering-Home1,OU=Groups,OU=Engineering,OU=Schools,DC=AC,DC=SIUE,DC=Edu";)
' objGroup.Add "LDAP://CN=Gregory L. Bartholomew,OU=Users,OU=Computer
Science,OU=Departments,OU=Engineering,OU=Schools,DC=ac,DC=siue,DC=edu"
objGroup.Add "LDAP://CN=gbartho,OU=Staff,OU=SIUE
Users,DC=campus,DC=siue,DC=edu"
For each objMember in objGroup.Members
Wscript.Echo objMember.Name
Next
The "Domain Local" group is in the ac.siue.edu domain.
I can successfully add an account from ac.siue.edu but I get the "There is
no such object on the server" error when I try to add an account from
campus.siue.edu.
I have tried runing the script with accounts from both domains but get the
same error.
The server that the script is running on is in the ac.siue.edu domain.
The trust relationship is one-way ac.siue.edu trusts campus.siue.edu.
I'm sure the DistinguishedName is correct, I got it by doing a search and
using copy & paste.
Any help would be greatly apreciated.
Also, I would like to be able to connect to the domain by specifing the
username & password inside the script rather than running the script as a
different user if anyone knows how.
Thanks,
Gregory Bartholomew
CS System Support
SIUE
I'm wondering why you have a one-way trust between two domains that,
from appearances, are probably in the same forest? If they are part of
the same forest, you have implicit two-way trusts between the two
domains. If not, then the one-way trust is going to be just part of
your problem. The issue is that you're trying to add a user in the
CAMPUS domain to a Domain Local Group in the AC Domain. Domain Local
groups only allow user membership within their OWN domain.
Remember the preferred method/strategy for implementing Groups between
multiple domains is:
A- Accounts (go into...)
G- Global Groups (go into...)
U- Universal Groups (go into...)
DL- Domain Local Groups (are given...)
P- Permissions to access the resource(s)
The only downside to this method is that the Universal Group Membership
is stored in the Global Catalog, which has to be replicated to every
other domain in the forest. However, if you're using this method,
you're making changes to the Global Groups by adding/removing users.
As long as you get all of your Global Groups and Universal Groups in
order beforehand, replication should be minimal.
I think I would need a little more explanation of the two domains. Are
they BOTH Windows Active Directory domains? If so, what domain and
forest functional level are they at? What is the nature/purpose of the
one-way trust? The way you use your Groups is dependent on this.
Hope I've answered at least part of your question. I don't have the
time to look up the use of username/password in the script. But since
you're using WSH, look up something along the lines of
"WMI.ImpersonationLevel". It's a Windows Management Instrumentation
hook-in. Good luck!
.
- Follow-Ups:
- Re: How to add a user from a trusted domain to a domain local group?
- From: Greg Bartholomew
- Re: How to add a user from a trusted domain to a domain local group?
- References:
- How to add a user from a trusted domain to a domain local group?
- From: Greg Bartholomew
- How to add a user from a trusted domain to a domain local group?
- Prev by Date: Re: writing text from variable to file
- Next by Date: Re: writing text from variable to file
- Previous by thread: How to add a user from a trusted domain to a domain local group?
- Next by thread: Re: How to add a user from a trusted domain to a domain local group?
- Index(es):
Relevant Pages
|
