Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Manage other server via Active Directory

Status
Not open for further replies.

CrimeScene

IS-IT--Management
Jul 5, 2003
59
Hello all.

Sorry for such a vague question, but what is the best (proper) way to do the following:

I have a DC with Active Directory. I want to take my other two servers and have them "controlled" by the main DC / Active Directory.

In other words, my users authenticate to the main DC. Once in, I want AD to dictate which other server(s) they can access .. and which they cannot. This way, the main DC is a "gateway" so I don't have to add users /trusts to BOTH the main DC -and- these other servers.

Thank you.
 
you can set something like child-1, child-2, then depending on how you want to assign the users, given them rights to either child domain in the site and trust admin tool

XM
 
Would someone kindly elaborate on the steps needed to make this happen?

Also, where might I find that "site and trust admin tool"?

My main goal is to be able to create user accounts from one, central location (my main DC running Active Directory) and give those users the ability to get to one or more other servers.

Thanks!
 
In other words, my users authenticate to the main DC. Once in, I want AD to dictate which other server(s) they can access .. and which they cannot. This way, the main DC is a "gateway" so I don't have to add users /trusts to BOTH the main DC -and- these other servers.

If by the above you mean you want to be able to control what resources users can have access to on the non-domain controllers you can control this simply by creating some domain groups and adding the user accounts to these as appropriate and assigning the groups appropriate rights to the resources on these servers. You can also use logon scripts to map drive letters to the resources each user gets if you like. This often makes life easier for them and you.
 
AndyE45, yes, the others are non-DC servers. My goal is two-fold: (1) only manage one list of user accounts preferably on my Win2003 server active directory. (2) assign rights to resources on the non-DC servers by referencing defined Active Directory groups.

Does your suggestion fit this scenario? If so, please elaborate on "creating some domain groups and adding user accounts". Are you referring to Active Directory on my DC? Also, how do I tell my Win2003 DC that these other servers are to be managed via AD? I am thinking I need to establish trusts, but am not certain this is the proper path.

Thank you.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top