Results 1 to 2 of 2

Thread: Across AD Domain Login

  1. #1
    Join Date
    Oct 2010
    Posts
    1

    Across AD Domain Login

    I have an issue that I am hoping some-one has experience of, the issue is as follows:

    I have 2 Window 2003 Active Directory servers setup in a Forest Trust configuration.

    Both Active directory servers are 2003 Domain and Forest Functional level.

    With a PC I am able to join Domain A for example as the primary domain, but am able as user to logon to both Domain A or Domain B and this has been tested and works.

    For a Mac, I am able to bind to either Domain A or Domain B and a user is able to logon to the primary domain (the domain the Mac is bound to), however I am not able to perform cross domain logon. So with the Mac bound to Domain A the user can logon to Domain A, but the user is unable to log onto Domain B (all be it in a different Forest). If the Mac is unbound from Domain A and bound to Domain B then the User can log onto Domain B in the other Forest.

    My question is with a Mac am I able to do what I am trying to do with my AD's setup in Forest Trust configuration and if so is there some configuration that I am possibly unaware of?
    If this is not possible would changing the AD configuration so that Domain B was the child domain of Domain A in the same forest work?

    Thanks in advance for any help.

  2. #2
    Join Date
    Feb 2009
    Posts
    62

    Re: Across AD Domain Login

    If you are incapable to relegate a domain controller running Windows 2003 Server, you can always migrate to Windows SBS 2008 without elevating the domain functional level and forest. Though, Group Policy settings are not applied appropriately. Later, when you can demote the domain controller running Windows 2003 Server, you must restore Windows SBS 2008 to its accurate state by redirecting the CN = Users and CN = Computers to an OU specified by the administrator. To redirect the CN = Users container to an OU administrator-specified, follow the steps :
    1. Sign in to Windows SBS 2008 as a domain administrator in the area where the container "CN = Users is redirected.
    2. Follow the instructions in the "To raise the domain functional level" to raise the domain functional level to Windows Server 2003.
    3. Open the command window, then move the directory to% systemroot% \ Windows \ System32.
    4. Redirusr.exe run, using the following syntax and replacing DomainExtension Domain and by your domain name and your extension:
      Redirusr OR = SBSUsers, OU = Users, OU = MyBusiness, DC = Domain, DC = DomainExtension

Similar Threads

  1. Very Slow Login to Domain
    By jhawker2010 in forum Active Directory
    Replies: 1
    Last Post: 20-04-2012, 01:41 AM
  2. Cannot login - Domain not available
    By floydtheduck in forum Active Directory
    Replies: 1
    Last Post: 05-01-2012, 03:18 AM
  3. How to login to Domain over VPN
    By Pikachoo in forum Networking & Security
    Replies: 2
    Last Post: 19-02-2009, 02:23 PM
  4. cannot login because the domain not available
    By !Starr! in forum Windows Security
    Replies: 2
    Last Post: 08-10-2008, 02:41 AM
  5. Cannot login to domain controller
    By Susan Bradley in forum Active Directory
    Replies: 3
    Last Post: 21-08-2008, 07:38 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,621,139.33355 seconds with 17 queries