General discussion

Locked

child-parent domain interactive logon

By E.Eliveld ·
Hello,

I have a W2k3 forest (2000 native) with a parent domain (A) and one child domain (B). I want to put my users (from LDAP) into domein A letting them to logon into B and C/D/E etc in future. A is an user-account domain, B a resource domain.

Both DC's are W2k3 in 2000 native. A test user has been created into parent domain A. A Windows XP station is a member of child domain B. When the test user is trying to logon to child domain B using credentials of parent domain A I get a 'user does not exist' respons.

What am I doing wrong here? I'm a bit lost...

Any help welcome ;-)

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to child-parent domain inter ...

Shouldn`t the user change the Domain name in login box before trying to login first.
e.g.
Username: userx
Password: xxxxxxx
Logon to: DomainA

If the user name does not occur in the child domain, they will not be able to login as it actually is on the parent domain.

Collapse -

by E.Eliveld In reply to

erhhh... how do i get the user to login on domainB while account is in DomeinA? (I want to expand the amount of child domeins to use while keeping the users in the top level)

youre not gonna get those hardworked points so easy ;-)

Collapse -

by p.j.hutchison In reply to child-parent domain inter ...

Create another user in DomainB to login to DomainB.

Collapse -

by E.Eliveld In reply to

Off-course...(eureka)..

How do I get 'give' the users in the login script the resources from a specifiek domain? In other words: if a user logs in from a computer member of domein B I want to give him/her only the resources connected to domain B.
If the same user logs in from a computer being a member of domain D he/she would get only the resources of domain D. (does this makes sense??)

I need this contrsuction because or company is going to 'asmimilate' a lot of other companies but does not want to change to a single domain....;-(

Collapse -

by p.j.hutchison In reply to child-parent domain inter ...

Instead of creating another user in the other domain, create some security groups and add users/groups from the other domains to allow access to resources in the other domain. Apply those groups to the resources required.

I forget what type of security group you use Domain Local, Global or Universal? Anyone recommend which one?

Collapse -

by E.Eliveld In reply to

We have a misunderstanding now. Your solution is about giving DomainB resources to accounts in DomeinA. I know how this works, its not a problem ;-)

I still try to find a way to let users login to DomainB while these accounts are in DomainA. The user needs to see domainB in the loging dialog (this part is politics..;-)

If this does not work at all we do have a 'problem' (in politics called a 'crisis') it means that besides the domaname showed in the dialog we also have to find a way to give the user the resources from the intended login domain. Let me clarify: a user coulde be working in severall companies. However when he/she logs in to a computer from companie B he/she would only needs to get the resources from Domain B. When the user goes to companie C only the resources from companie C. I could do this by setting a variable on the machines describing the location. In the loginscript of the parent (domainA) a set of resources would be created made according the physical location.

Did I make myself clear? Sorry for the misunderstanding.

BTW are there some MS docs about what I want to do? I have tried but could not find anything.Probably because I dont know the syntax in English...

About the points: nearly there ;-)

Collapse -

by p.j.hutchison In reply to child-parent domain inter ...

Ahhhh, now I see.
Do computer names follow any specific naming convention? If so you could could examine computer names for the location.
Another alternative, is to set a specific folder name or an env. variable on specific computers to determine location.
Then the login screen can check either the computer name, variable or folder name and run specific location based resources based on that.

Collapse -

by E.Eliveld In reply to

I could use a system variable on the computers. Eg FCTRY-EAST, FCTRY-WEST, create a loginscript which checks these conditions (if sysvar = FCTRY-WEST) and redirects to the location loginscript. This loginscript would give the local domain resources.

Last question:
Are you shure you never heard of a possibility to let a user login to a child domein wile the account is in the parent? (offcourse showing the child domainname in the logon dialog)

Collapse -

by p.j.hutchison In reply to

We use a single domain so I am not experienced with multiple domains. Sorry.

Collapse -

by E.Eliveld In reply to child-parent domain inter ...

This question was closed by the author

Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums