Users Guide
Using Microsoft Active Directory 121
Figure 9-4. Setting Up Server Administrator Active Directory Objects in Multiple
Domains
To set up the objects for this multiple domain scenario, perform the
following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003
mode.
2
Create two Association Objects, AO1 and AO2, in any domain. The figure
shows the objects in Domain1.
3
Create two Server Administrator Products, sys1 and sys2, to represent the
two systems. Sys1 is in Domain1 and sys2 is in Domain2.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has Login privileges.
5
Group sys2 into Group1. The group scope of Group1 must be universal.
6
Add User1 and User2 as Members in Association Object 1 (AO1), Priv1 as
Privilege Objects in AO1, and both sys1 and Group1 as Products in AO1.
7
Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege
object in AO2, and Group1 as a Product in AO2.
AO1 AO2
Priv2Priv1Group1
Group1sys1User3User2User1 sys2
Domain 1 Domain 2