Re: Trusts
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/11/04
- Next message: wpavd_at_hetnet.nl: "winuser32.exe"
- Previous message: Joe Richards [MVP]: "Re: delegation of Control"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Trusts"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 May 2004 15:08:41 -0400
The NT4 user will never be a domain admin on the 2K domain, it is an
impossibility, the closest you could get would be to create an ID on the 2K
system that has the same password and hope for the best.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net anonymous@discussions.microsoft.com wrote: > I use an application on the NT40 domain that needs Domain > admin rights. This same user on the NT40 domain (we'll > call it ADMIN01) needs domain admin rights on the WIndows > 2000 domain. I cannot set up another user cause the > application can only use one main domain admin account. > > Is this possible? > > > >>-----Original Message----- >>You can't only trust one user, once you establish the > > trust it applies to the > >>entire domain, anything that isn't properly secured (i.e. > > anything that doesn't > >>have a specific group for it instead of everyone or > > authenticated users, etc) > >>will be open to everyone in that domain. >> >>Also Domain Users is a global group. A global group can > > only have users from the > >>domain the group exists in. I.E. If I have a domain > > called DomX, I can only put > >>users from DomX into Domx\Domain Admins. >> >>The way you need to do this is set up the user with a > > userid in the 2K domain. > >>Being a domain admin, that user should easily be able to > > understand how to use > >>that ID without a trust. >> >> joe >> >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory > > Services > >>www.joeware.net >> >> >> >>LarryP wrote: >> >>>I have a Windows 2000 domain running AD and a NT40 > > domain. > >>>As the Windows 2000 domain, I want to be able to trust >>>only one user from the NT40 domain and add him to the >>>Domain Admins group on the Windows 2000 domain. >>> >>>On the NT40 domain I added the 2000 domain as a > > TrustING > >>>domain. And on the Windows 2000 domain I added the > > NT40 > >>>domain under TRUSTED domain. >>> >>>When I got to the Windows 2000 domain (AD users and >>>Computers), I am able to add the user to the Builtin >>>Administrators group, however when I go to the > > properties > >>>of Domain Admins under USERS, I am unable to see my > > NT40 > >>>Domain to add the NT40user. Why? >> >>. >>
- Next message: wpavd_at_hetnet.nl: "winuser32.exe"
- Previous message: Joe Richards [MVP]: "Re: delegation of Control"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Trusts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
