Re: Adding user from child domain to Local domain group

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Nick G. (G._at_discussions.microsoft.com)
Date: 10/12/04 

Date: Tue, 12 Oct 2004 09:37:03 -0700

I am using port 389 to read the primary domain and create group,
and port 3268 to get user account info from the child domain.

Can there be a permissions issue for the ID I use ? It has read/write
permission in OU where I created the group, but I am not sure
about its authority in child domains.
 
Paul, thanks a lot for your help.

Nick

"ptwilliams" wrote:

> What port are you using for the sub-domain?
>
> I think (I'm new to this scripting lark too) that you'll need to contact the
> GC for partitions other than the local domain, and will therefore need to
> use 3268 not 389.
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
> ______________________________________
> "Nick G." <Nick G.@discussions.microsoft.com> wrote in message
> news:74D18241-30C5-4069-99FA-7EE36CEAE521@microsoft.com...
> I have a local domain group in Active directory.
> Using VB code users from the primary domain can be added to the group,
> however when trying to add user from child domain I am getting
> Automation Error 80005008.
>
> Dim objGroup As IADsGroup
> Dim objUser As IADsUser
>
> Set objGroup =
> GetObject("LDAP://IPAddressHere:Port/CN=GroupNamehere,OU=OUName,DC=DC1,DC=DC2,DC=DC3")
>
> 'When adding this user automation error is generated
> Set objUser =
> GetObject("LDAP://OtherIPAddress:DifferentPort/CN=UsernameHere,CN=Users,DC=ChildDomain,DC=dc1,DC=dc2,DC=dc3")
>
> objGroup.Add (objUser.ADsPath)
> objGroup.SetInfo
>
> '-------------------------------------------------------------
> I am able to read child domain, LDAP for the user is correct.
>
> Thanks for any help !
>
>
>

Relevant Pages

  • RE: problem browsing active directory resources on remote domains
    ... but you can ping DCNAME.FQDN?? ... Can you telnet to port 135, ... I administer a child domain of an Active Directory forest. ... a VPN tunnel. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adding user from child domain to Local domain group
    ... If you are accessing another partition you will need access to that. ... I am using port 389 to read the primary domain and create group, ... and port 3268 to get user account info from the child domain. ... > Paul Williams ...
    (microsoft.public.windows.server.active_directory)
  • Re: Child domain migrate to primary domain
    ... This is a migration tool to help you ... we have Domain in our country and Child Domain in regional office, now plan ... to migrate the child domain to primary domain due to security reasons. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Design
    ... domain or a Site that is part of the primary domain? ... Each site is connected to the host site via 256K MPLS circuits. ... a child domain but without a second DC at each site I don't think this ... Our central office has ...
    (microsoft.public.win2000.active_directory)
  • User in a child domain cannot login into primary domain - advise please.
    ... For security reasons we have a group of users in the child domain. ... They can login fine to the child domain and they should be issolated from our primary domain. ... We now have a need for some of these users to have the ability to login to the primary domain. ...
    (microsoft.public.windows.server.general)