Announcement

Collapse
No announcement yet.

Logging into another child domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logging into another child domain

    Is it possible to belong to a specifc child domain and log into another child domain using your child domain credentials? I understand things like cross forest trusts, but I dont think this works like that? So I assume I have to have an account in the other child domain I am trying to access?

  • #2
    Re: Logging into another child domain

    If you mean "access resources in the child domain" you can do this without any special trusts as long as your account has permissions in the other domain.

    All domains in a forest have inherent trusts, but you can also create "shortcut trusts" to reduce the time taken to check the trust relationships.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Logging into another child domain

      So if I have an account in ABC.domain.com and I need to rdp to a server in XYZ.domina.com, I can do this? Where do you go to setup these permissions for your account to have access to another domain? Just the Member of tab and make myself a domain admin in XYZ.domain.com?

      Comment


      • #4
        Re: Logging into another child domain

        assuming both read "domain.com" and the "domina" is a typo, yes

        You should be able to add permissions in the normal way (NTFS) just change to a different domain when you search -- domain admin is possible, but a bit excessive!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Logging into another child domain

          Ya well.....we all know the best practices....but when your the guy that maintains that domain...kinda need permissions to do so.

          Comment


          • #6
            Re: Logging into another child domain

            In that case, yes, just make your a.domain.com account a member of domain admins in b.domain.com
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Logging into another child domain

              Well that didnt work....it says I dont have permissions.

              Comment


              • #8
                Re: Logging into another child domain

                A domain admin in b.domain.com will need to do it -- sorry if I didn't make that clear
                You can't bootstrap yourself!
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Logging into another child domain

                  so how would this person do this? Browse to my account in a.domain.com and then modify my member of tab to include me into b.domain.com domain admins?

                  Comment


                  • #10
                    Re: Logging into another child domain

                    No, go into domain admins group in b.domain.com, go to members tab, then add account
                    In the find account dialog there is an option to choose the domain to look in -- change to a.domain.com and find your user account

                    http://www.windowsitpro.com/article/...d-by-kerberos-
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Logging into another child domain

                      Well now this is weird...when I get my remote user (Domain Admin) to follow this process, they only have the option of "contacts", or "other objects". They cannot select another types of objects, like accounts.

                      Comment

                      Working...
                      X