workgroup server trusting a domain without joining it?

[wheelandcog]

Hi,
Can i get a standalone 2k server (no domain or AD) to trust users from my 2k3 AD Domain, without joining it to the domain ?

Background... i got a third party box I'm not allowd to make "major Changes too" whatever that means..

I'd like to make ad-domain\users part of the localmachine\administrators group but cant figure out how....
I've createrd an account on the standalone server and made that account a member of the local administrators group.. I see when adding them to the group that thers an option called locations, but my domain does not appear there, how can i get my domain to appear there so i can add domain users to the local admins without joining it to the domain.


I agree the best way of doing this would be to join it to the domain but we'd lose all support from the vendor if i do that, and my know nothing higher ups willspit the dummy

cheers for any help the community may offer

 

[aftertaf]

without making it a dmoain member, i'm as stumped as you are.....
it might be possible though...

Aftertaf

"Resolve is never stronger than the night before it was never weaker

 

[wheelandcog]

I'm sure theres a way , I'll let you know what happens

 

[moorethan]

Depending on how many users want access and how IT literate they are. Create accounts with the same username as AD accounts and synchronise passwords. The only problem is password changing day. Either they TS to the server and change password or write them a little batch file that changes the password on the server.

 

[gurner]

not poss, for a start the trusts are between Active Directory domains and for that you need a DC

S'pose in theory somesort of LDAP jobbie could do it, AD is a Directory Service conforming to LDAP, but never tried it.

wouldn't know where to start, probably end up writing your own directory service

you would be able to have TCP/IP access so probably best to use RDP?

Gurner

http://www.harryontheboat.co.uk