Multiple domains on a computer

[jim_patterson]

I have a laptop user who is going to another site with MS domain
controller. And they currently want to make his computer part of that
domain. This is XP and I was wondering if it will allow the computer
to be apart of 2 different domains or once he comes back will I have to
set him back up on this domain so that he can login.

Basically I'm concerned that when he comes back and tries to login,
will he have a drop down window that says
domain <thiscomputer>
<domain1>
<domain2>

I do realize that <User1><Domain1> and <User1><Domain2> are completely
different users, but that's another problem. What they want to do is
give him limited access in <domain2>.

 

[Colin Nash [MVP]]

I have a laptop user who is going to another site with MS domain
controller. And they currently want to make his computer part of that
domain. This is XP and I was wondering if it will allow the computer
to be apart of 2 different domains or once he comes back will I have to
set him back up on this domain so that he can login.

Basically I'm concerned that when he comes back and tries to login,
will he have a drop down window that says
domain <thiscomputer>
<domain1>
<domain2>

I do realize that <User1><Domain1> and <User1><Domain2> are completely
different users, but that's another problem. What they want to do is
give him limited access in <domain2>.

No, a computer can only be a member of one domain at a time. Once it is
removed, the old domain should disappear from the login dropdown box. (It's
possible to have many domains listed in that box: it will show the domain
that the computer is a member of as well as the domains that are trusted by
that domain.)

Strictly speaking, his system doesn't need to be a member of the other
site's domain for him to access resources on that domain. In most cases he
can just map a drive letter to the share on their server and check the box
to "connect using a different user name" and then provide the name and
password of the user account that the site IT gives to him. Even though he
would have no connectivity to the home domain, he could still log in to the
laptop with the same account due to cached credentials (unless this has been
disabled by policy.) Joining a computer to a domain is really a way of
saying that you want that domain's administrators to manage the computer.
By joining it, group policy settings and software installations may take
place that will not necessarily be reversed when he comes back home.

 

[Shenan Stanley]

I have a laptop user who is going to another site with MS domain
controller. And they currently want to make his computer part of
that domain. This is XP and I was wondering if it will allow the
computer to be apart of 2 different domains or once he comes back
will I have to set him back up on this domain so that he can login.

Basically I'm concerned that when he comes back and tries to login,
will he have a drop down window that says
domain <thiscomputer>
<domain1>
<domain2>

I do realize that <User1><Domain1> and <User1><Domain2> are
completely different users, but that's another problem. What they
want to do is give him limited access in <domain2>.

Have them create him a user in their domain, create and hand him a script
that allows him to *utilize* said domain resources without logging into the
domain other than to pass on his domain credentials when asked for them
(their domain credentials that is.)

Or you could do the same for him with your domain if they are not capable of
composing such a script.

The simple fact is that unless they have some pretty high-end restrictions
going on - you do not need your computer to actually be a member of a domain
in order to access that domain's shared resources.