Re: Seperate Domain Trusts

From: "Erik Cheizoo" <echeizoo.XenD.nl@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Feb 2007 18:44:22 +0100

You want to have only a single user account, located in one of the two domains, eg DOMAINA/USER1.
Using the trust, you can grant access to resources in DOMAIN2 by adding DOMAIN1/USER1 to the ACL.
Let the user logon to DOMAIN1/USER1.

NOTE: If in DOMAIN2 Global Groups are used to grant access to resources, you cannot add the user from DOMAIN1, as a global group can only contain members of the domain it is located in. You have 3 options: 1) convert the Global group into a universal group, which can hold users from both DOMAIN1 and DOMAIN2 2) convert the Global Group into a Domain Local Group, which can hold users from both DOMAIN1 and DOMAIN2 3) Add the user to the ACLs of resources in DOMAIN2 where he/she needs access to.

--
Kind regards,

Erik Cheizoo
eXcellence & Difference - we keep your business running
============================================
Always test in a non-production environment before implementing
Guidelines for posting: http://support.microsoft.com/?id=555375
============================================

"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:009F4398-815D-473D-BA8C-AEF6A3D62B6A@xxxxxxxxxxxxxxxx

I am running Windows 2003 server. We have two companies here that do
completely different business and use different domains. We have our domain
and domain contollers and they have there's. We have one user that needs to
be able to access applications from both domains. We have two nic's installed
each has an IP address from each domain. If we login to the computer locally,
we can access everything, but like for Outlook, she has to enter her
username, passsword and domain. For the other company, has has to enter the
login and password to connect to the network drive.

We tried to setup a two-way trust using eachothers domain and set up a
password that we both use. We would like the computer to be able to logon to
the main network that she uses but still be able to access the mapped drive
to the other domain.

Is this possible?

Thanks

Prev by Date: Interner explorer issue
Next by Date: Re: DC Offline for 60 days?
Previous by thread: Re: Seperate Domain Trusts
Next by thread: Upgrading an NT4 domain to Windows 2003 AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Trusts between W2k domains in different forests
... >> We wish to grant access to resources in the Corporate Domain (Domain ... particularly web-based resources which are heavily integrated into ... only the FSMO role holders need to be defined in any firewall rulebase ... When a one-way trust ...
(microsoft.public.win2000.security)
Re: Microsoft Security Groups
... resources, ... Global and Domain local groups for the past few ... > When would you use this group over a global group and why? ... > Microsoft recommends that you don't apply any permissions to the user ...
(microsoft.public.security)
Re: Global Groups and What Resources they Give access to
... for other non-distributed resources you need to consult each server ... Are there any utilities within Windows Server 2003 or Active Directory ... User A is a member of the Global group ...
(microsoft.public.windows.server.security)
RE: Can not see users in other domain
... "Grog" wrote: ... when I choose the location windows 2000 domain, I can not browse the domain ... because global group can only have members fromits own domain ... But your problem appears to be otherwise, seems like the trust has been ...
(microsoft.public.windows.server.active_directory)
Re: group membership between different forests
... I do see now what you were trying...trying to add users from another forest to a global group in your domain. ... each other then create a forest trust. ... and an incoming trust on the corporate domain. ...
(microsoft.public.windows.server.active_directory)