Setting up one user for multiple locations in Active Directory.

By ez_1putt ·
This should be fairly simple but I can't determine the best route.


I have a user that will be working at multiple locations (old location/new location)for 6 months or so. Eventually that user will work permanently from the new location.

What is the best practice to use to set up that user in the new location as far as Active Directory goes? Both locations have separate servers and separate email addresses. The login script determines home server by group membership. Both locations share a Global Address Book. I don't want this person to appear twice in the address book if possible. (confusion,etc..)

Is it best to rename the user's old location object name? Is it possible to get email from each user object to one mailbox? I use firstinitial.lastname for usernames.

Thanks for any suggestions

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

is the site a child domain?

by CG IT In reply to Setting up one user for m ...

If not and you have a single forest, single domain structure, with multiple sites and there are DCs with the global catalog role at the sites [even if there aren't any]there's really nothing you need to worry about. AD replication will ensure that the user can log on.

With child domains in the same contiguous namespace have an inherent two way trust between parent and child. They should be able to log in the child domain using the authenticated users security group.

Collapse -

thanks but...

by ez_1putt In reply to is the site a child domai ...

Single forest,single domain. Different OU's which represent different companies.

The problem is though, this user belongs under a different OU (different company) (different title)(different email address) at the new location. They will be working from their old location off and on. So how can two objects with the same name co-exist happily?

I think im just going to setup the user in the new OU with a different login name. They use their old login at the old site, new login at the new site. The new object will just share the exchange mailbox from the old object. ~:) ??

Collapse -

it shouldn't make a difference

by CG IT In reply to thanks but...

single forest, single domain even different OUs isn't going to create a login problem.

how can they have 2 different email addresses if it's single forest single domain? DNS will be for the single domain. So where's the other address come from?

OUs are containers for collecting users and computers in which to apply Group Policy. They are not security boundries in the sense of a domain is a security boundry. To create such a boundry you would need a child domain.

So I still don't see why the user will have problems logging in to the domain with only 1 set of credentials [user name and password].

Collapse -

if I understand it correctly

by lowlands In reply to thanks but...

you would like the same user to appear in two different OU's.

Unfortunately that will not work. Microsofts AD does not use the context (whatever OU a user is in) in the naming convention. So this means that a user ID can only exist once in AD. Your option to create a seperate account in the other OU does sound like the best option.
Or you could use Novell NDS :)

Collapse -

you got it.

by ez_1putt In reply to if I understand it correc ...

I thought perhaps I was missing something but you confirm my initial thinking.

I'll just create a separate object with a similar but different user ID. That way the security groups stay separate so the drives get mapped correctly and the user works from the correct server at each location

I thought maybe there was a procedure for this kind of scenario... besides using Novell. :) thx

Collapse -

What about this?

by Whatme? In reply to you got it.

I have the same as you. A single doamin spanned across several sites. My users travel also. If user from site A goes to Site B, they can log in OK but their policies are dictated by their OU membership. For the most part, this is OK since really only they need to do is install a printer etc. If a user goes to Site B for an extended period, I simply move that user to the Site A OU where they pick up all the policies for that site. This is easy and quick and no complaints from the user because he/she is still the same user with the same password.

Related Discussions

Related Forums