Users Guide
106 Using Microsoft
®
Active Directory
®
(Server Administrator Products sys1 and sys2). Sys1 and sys2 are in different domains. You can use any
existing Users or Groups that you have in Active Directory. Figure 8-4 shows how to set up the Server
Administrator Active Directory objects for this example.
Figure 8-4. Setting Up Server Administrator Active Directory Objects in Multiple Domains
To set up the objects for this multiple domain scenario, perform the following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003 mode.
2
Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects in
Domain1.
3
Create two Server Administrator Products, sys1 and sys2, to represent the two systems. Sys1 is in
Domain1 and sys2 is in Domain2.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and
Priv2 has Login privileges.
5
Group sys2 into Group1. The group scope of Group1 must be universal.
6
Add user1 and user2 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and
both sys1 and Group1 as Products in AO1.
7
Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege object in AO2, and Group1
as a Product in AO2.
Note that neither of the Association objects needs to be of Universal scope in this case.
AO1 AO2
Priv2Priv1Group1
Group1sys1User3User2User1 sys2
domain 1 domain 2