Users Guide
124 Using Microsoft
®
Active Directory
®
For Server Administrator or IT Assistant, on the other hand, the users in a single Association can be in
separate domains without needing to be added to a universal group. The following is a very similar
example to show how Server Administrator or IT Assistant systems in separate domains affect the setup
of directory objects. Instead of RAC devices, you’ll have two systems running Server Administrator
(Server Administrator Products sys1 and sys2). Sys1 and sys2 are in different domains. You can use any
existing Users or Groups that you have in Active Directory. Figure 8-4 shows how to set up the Server
Administrator Active Directory objects for this example.
Figure 8-4. Setting Up Server Administrator Active Directory Objects in Multiple Domains
To set up the objects for this multiple domain scenario, perform the following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003 mode.
2
Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects in Domain1.
3
Create two Server Administrator Products, sys1 and sys2, to represent the two systems. Sys1 is in
Domain1 and sys2 is in Domain2.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and
Priv2 has Login privileges.
5
Group sys2 into Group1. The group scope of Group1 must be universal.
AO1 AO2
Priv2Priv1Group1
Group1sys1User3User2User1 sys2
Domain 1 Domain 2