Is it possible to have a Win XP machine join more than one domain?
I know how to list all the domains in the logon box (registry entry) but it doesn't let me authenticate even with cached credentials. Anybody know the work around for this?
Printable View
Is it possible to have a Win XP machine join more than one domain?
I know how to list all the domains in the logon box (registry entry) but it doesn't let me authenticate even with cached credentials. Anybody know the work around for this?
From memory this is not possible as the PC registers with the domain controll or active directory server for authentication. You would have access to other domains if a trust has been set up between them
Golam
You can't belong to 2 domains at one time, but you can set up multiple accounts on your machine that belong to different domains.
Not sure if thats the info you are looking for, but hope it helps.
Thats exactly what I want to do. I don't want to be joined all at the same time. I would like to be able to choose which domain I can log into. I do work for 3 different companies and I use my own laptop and would like to be able to select the domain I need to logon.. How could I get around to doing that?
You need to have the domain admin of each company add your laptop to their domain.
Once an account for your laptop in each domain has been created, you should see the 3 options in the login screen.
You will also need an ID and password for each domain
Golam
If i am not wrong, there is a software out there that allows you to do that. I remember I saw someone using it some time back but it wasnt on XP. So I dont know if it will work on XP.
I also could be wrong about the software. Let me try to contact the person and see if it realy works the way u want it to.
Anyway, if it is not possible, u could just log in to the system locally and the connect to whatever you want in the domain you are working on and type the domain id and password when connecting. Although that might be more work than joining multiple domains.
I check on the info and let u know.
Shouldn't my laptop already exist in Users and Computers since I already logged into the domain or do we have to physically add the laptop in the users and computers?
Thanks r8Devil
Someone correct me if I'm wrong but you cannot be added to the users and computers group unless you are part of the domain. And once connected to a domain, you cannot be part of another domain unless there is a trust realtionship between the 2 domains. Then the access rights can be assigned across the domains.
Chris, some of the guys replied to me and they cant seem to remember the software also. Anyway, I'll PM you if I get any other replies with the information you need.
cool... thanks r8devil
golam hit it on the head. I am a consultant and do a great deal of work on-site with Windows 2000 and Windows XP laptops. Once I added the machines to each of the domains, they all show up under my log in screen (just make sure you don't use the log in screen, you have to use the dialog box-style log in). All I do when I log on is choose the domain, enter the correct credentials, and I'm up and running.
AJ
So I register my laptop in AD, join it to the domain, logon with the correct credentials and I should see it? I've tried that but I only get the domain I'm using and local logon..
Chris
A computer can only be a member of one domain at a time. There is a major difference between computer accounts and user accounts.
The only way you can give a domain account access to a machine is for that particular machine to be a member of that domain, or the domain account has to be in a domain that is trusted by the domain your computer is in, ie. it is in the same AD forest. If you are working in an AD forest that has multiple domains you will be able to tell because you will be able to select every possibly domain you can authenticate with at login by using the dropdown domain select box.
There is no way to have a computer that is in domain A authenticate an account from domain B without a trust existing between the two. So you cannot take a computer that is a member of domain A and has permissions for users in domain A and log in with an account from domain B. Win2k, XP Win2k3 only has the ability to read data(authentication) from 1 active directory domain controller at a time.
If you want to get your authentication from a different AD forest you would have to join the new forest which would delete the computer account SID from the first forest. Windows natively does not have the ability to hold multiple computer account SIDs which is the reason it will not allow you to join multiple forests.
Also, in case you were not aware. You do not have to use the dropdown box if you now the name of the domain. For instance. If I have account johndoe in domain abc I could type abc\johndoe as the user name and it will automatically go to the proper domain. You can also use johndoe@abc to the same effect. It is possible to turn of these different domain designations so in some cases this may not work for you.
I'm sure that there is software available to switch your machine between domains as it is possible to control domain membership programatically.
http://support.microsoft.com/default...b;en-us;170620
So you could create a computer account in each of the different domains that you need access to and then change the domain membership of the machine as needed. However, you cannot authenticate to multiple domains without making a change on the computer you are using.
Yet another thought on this matter. Since the computer account password changes automatically, and there is no real way, other than brute force hacking to get the password, you will have to take the information presented in this article into consideration. Resetting the password is easy, but you will need to know the password in order to re-join a domain. That is if you want to try and program this yourself.
http://www.windows2000faq.com/Articl...rticleID=15373
Yet another article of interest about the netdom command line tool.
http://www.windows2000faq.com/Articl...rticleID=13524
OK i had this exact same problem not long ago.
And funny enough though, i found that the program (PC ANYWHERE) worked.......
U actually dont need any credentials u just gotta know the passwords that are used to log onto that particular computer that u are trying to access.
Any how cheers hopped this info might help