Re: Child Domain access
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Sun, 24 Jul 2005 15:39:36 +0100
What this means is that when you logon to a machine in the child domain you
must choose the parent domain from the domain drop down box (or just use a
UPN). This means that you logon with your account in a domain that trusts
your domain.
You don't need to duplicate any accounts. If you want to be able to do
things in the child domain you do one of the following:
Add your user, or a group in which that user is a member, to a group in the
child domain. For example, add a global group from the parent into a domain
local in the child. This will allow you to have access to whatever that
domain local has access to. You would generally delegate permissions and
grant access to resources using the domain local.
Set/ grant permissions on child objects to principals from the parent domain
(fine, but generally not recommended. The domain local is the recommended
way).
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- References:
- Child Domain access
- From: Pscyime via WinServerKB.com
- Re: Child Domain access
- From: Mike Brannigan [MSFT]
- Re: Child Domain access
- From: Pscyime via WinServerKB.com
- Child Domain access
- Prev by Date: Re: Logon scripts won't run.
- Next by Date: Re: Connecting two servers via ADSL?
- Previous by thread: Re: Child Domain access
- Next by thread: Re: Child Domain access
- Index(es):
Loading
