General discussion

Locked

Login onto DomainB with DomainA account

By chris ·
If I created domain A and added 2 child domains B & C would a user from domain A be able to log into the child domain B or C by selecting the drop down box at login?

Domain A would be UK
Domain B would be Spain
Domain C would be USA

They want to look at placing all of the accounts onto Domain A then depending where they are in the world they want to be able to log into that location.

Subdomins are required so that if any changes are made to any GPO's then it won't effect the other domains.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to Login onto DomainB with D ...

No, they will only be allowed to login in the domain where there account is. Since domains can be trusted, there would be no need as you can add users from other domains to the groups in the other other domains to access resources.

In AD, GPOs can be applied to different OUs, only the Default Domain Policy would apply to everyone and that tends to be for account/password polices. This does not apply to
NT4 domains though.

Collapse -

by brandonhinton In reply to

Are you saying that a user in domain A cannot logon to another domain B in the same forest with trusts? So for each domain they needed to logon they would have to have a seperate user account ?

Collapse -

by p.j.hutchison In reply to

That is correct. But you only need to do that if they need to use something very specific in that domain.
Since domains are trusted you can select the domain to login with on the login screen.
If a user needs access to resources on a different domain, you can configure ACLs to include users from other domains and write login scripts to map drives or printers etc from other domains.
I can see that technicians may need a username in each of the domains but not users.

Collapse -

by fredy.kuhn In reply to

"Writing login scripts" in which domains GPO's?

Being admin of domain C, my GPO's would never be applied, because the %logonserver% is domain A (on which I have no access, and which is not aware of the specifics of domain C)

From the point of view of domain C, the only trick would be to write here a GPO using the 'loopback' feature, which would execute the GPO based on computer selection. I call it a trick, because half of the GPO power is lost (to assign GPOs based on user groups).

I'm looking forward to a good solution, too.

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums