Remoting between domains

Say if domainA.com is a CF server and hosts a database. Can
domainB.com host a SWF that accesses a remoting gateway and makes
calls to a CFC on DomainA? Is there a way to set permissions to
allow select outside domains access?

Google for crossdomain.xml

Similar Messages

Communication issues between domain controllers

Hi everyone,
I am experiencing some problems in communication between domain controllers in our organization
We have three domain controllers, one of them is a Windows 2003 server service pack 2 which is physical (controller A), another which is Windows 2008 Service Pack 2 (controller B), also physical, and a third one (controller C) which is a Windows 2008
service pack 1 and is virtual.
I have problems with this last DC, it won't respond to pings, or DNS query. I can't Access it by remote desktop client even when it is enabled. I cannot update it, it prompts error messages if I try to do so.
This problems are solved if I reboot it, it will work fine some hours or days, but not much longer. I have checked event viewer and I didn't found any message about this.
I read some time ago it would be great to have a DC in a virtual machine, so I did it, but is it right?
Do you know what might be going on with it? would depromoting it and seting it up again the best solución?
Thank you very much.
Best regards.
David.

This sounds like a NIC issue, which is odd since it is a virtual machine. Have you checked the host for any logs about the client?
I think the first thing I would do is destroy the current virtual NIC card and add a new one. Since this has nothing to do with Active Directory I would also suggest you post this in a forum of for the Host (VMWare or Hyper-V).
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.

Remote tuxedo domain rejects connection from client only Tuxedo JCA Adapter

I am trying to use a client only configured Oracle Tuxedo JCA Adapter 11.1.1.2.1 to connect to a remote tuxedo 10.3 domain. The connector is deployed to a JDeveloper 10.1.3.4 embedded OC4J container. The connector is failing silently when attempting to establish a connection with the remote domain. Locally, the JCA Adapter ntrace logs the following:
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]> (ypjspNQ5QIPKmOyk1DlAgw==)
1/20/11:9:41:49 PM:10:DBG[DMLocalAccessPoint,DMLocalAccessPoint]_useSSL = false
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]< return(10)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createLocalAccessPoint]TJA_0233:Info: Default local access point for factory null created, access point id ypjspNQ5QIPKmOyk1DlAgw==.
1/20/11:9:41:49 PM:10:DBG[TuxedoAdapterSupervisor,createLocalAccessPoint]features = 159
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]> ()
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]< (20) return
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_0)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux02
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1b75e54
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux02.
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_1)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux01
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1c0f654
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux01.
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,registerClientSideResourceAdapter]create default import
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]> (*)
1/20/11:9:41:49 PM:10:INFO[,]factory = null
1/20/11:9:41:49 PM:10:INFO[,]name = *
1/20/11:9:41:49 PM:10:INFO[,]iname = *
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]register Default Import
1/20/11:9:41:49 PM:10:TRACE[Route,Route]> (*)
I can't determine if there are any problems from these log entries, but the remote tuxedo domain logs the following in the ULOG:
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1073: ERROR: Unable to obtain remote domain id (ypjspNQ5QIPKmOyk1DlAgw==) information from shared memory
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1509: ERROR: Error occurred during security negotiation - closing connection
My understanding is that the client only configuration should connect to a remote tuxedo domain as an anonymous client instead of a peer tuxedo domain, but the remote tuxedo gateway domain listener is acting like the client has to be configured in its dmconfig file before it will allow the connection request. Is there a different kind of listener the client only configuration should connect to instead of the tuxedo gateway domain listener? How can a remote tuxedo domain accept a connection from an anonymous client if the client must first be specified in the remote domain's dmconfig file? Is this a tuxedo 11g only feature? I'm trying to connect to a tuxedo 10.3 server.
The local ra.xml is reproduced here:
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/connector_1_5.xsd"
version="1.5">
<display-name>Tuxedo JCA Adapter</display-name>
<vendor-name>Oracle</vendor-name>
<eis-type>Tuxedo</eis-type>
<resourceadapter-version>11gR1(11.1.1.2.1)</resourceadapter-version>
<license>
<description>Tuxedo SALT license</description>
<license-required>false</license-required>
</license>
<resourceadapter>
<resourceadapter-class>com.oracle.tuxedo.adapter.TuxedoClientSideResourceAdapter</resourceadapter-class>
<config-property>
<config-property-name>debugConfig</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>traceLevel</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>100000</config-property-value>
</config-property>
<config-property>
<config-property-name>xaAffinity</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>remoteAccessPointSpec</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>//tdtux01:9601/domainId=e1tst_tdtux01,//tdtux02:9601/domainId=e1tst_tdtux02</config-property-value>
</config-property>
<outbound-resourceadapter>
<connection-definition>
<managedconnectionfactory-class>com.oracle.tuxedo.adapter.spi.TuxedoManagedConnectionFactory</managedconnectionfactory-class>
<connectionfactory-interface>javax.resource.cci.ConnectionFactory</connectionfactory-interface>
<connectionfactory-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoConnectionFactory</connectionfactory-impl-class>
<connection-interface>javax.resource.cci.Connection</connection-interface>
<connection-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoJCAConnection</connection-impl-class>
</connection-definition>
<transaction-support>NoTransaction</transaction-support>
<authentication-mechanism>
<authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
<credential-interface>javax.resource.spi.security.PasswordCredential</credential-interface>
</authentication-mechanism>
<reauthentication-support>false</reauthentication-support>
</outbound-resourceadapter>
</resourceadapter>
</connector>
Thanks for any help.
Steve

Looks like this is an RTFM question. From:
[http://download.oracle.com/docs/cd/E18050_01/jca/docs11gr1/users/jca_usersguide.html]
Is the following:
Dynamic RemoteAccessPoint (RAP) Insertion
In order to make default LocalAccessPoint to work, Oracle Tuxedo GWTDOMAIN gateway configuration is required in order to make this simplified /Domain configuration to work.
GWTDOMAIN gateway must be modified to allow Dynamic RemoteAccessPoint (RAP) Registration. If DYNAMIC_RAP is set to YES, it will also update the in-memory database of the status of the connection from those dynamically registered RAP. If the connection from those dynamically registered RAP lost then the information about that RAP will be removed from the SHM database.
GWADM must be modified to process the DM MIB correctly to reflect the connection status of those dynamically registered RAP. When the connection from those dynamically registered RAP lost their entries in the SHM database will also be removed so that the DM MIB query can return the connection status correctly.
The dynamically registered RAP will be added to /DOMAIN configuration permanently. Their existence will only be known when the Session is established. Their existence will be lost when the connection is lost.
The DM_CONNECTION Oracle Tuxedo /Domain DMIB call returns all the connected dynamically registered RemoteAccessPoint. All other dynamically registered RemoteAccessPoint that are not connected will not be shown.
The OPENCONNECTION DMIB request will not be supported to connect to those dynamically registered RAP.
The CLOSECONNECTION Oracle Tuxedo /DMIB request closes the connection and remove the session from those dynamically registered RemoteAccessPoint, and returns its connection status as 'UNKNOWN.
The PERSISTENT_DISCONNECT type of CONNECTION_POLICY will be honored that means when PERSISTENT_DISCONNECT is in effect all connections request from any RAP, whether they are dynamically or non-dynamically registered, will be rejected.
I must have overlooked this section when reading it. Looks like I've got more configuration to do.
Thanks,
Steve

Migrate servers between domains

Hello
We need to plan an AD domain migration to an already existing domain - i.e. not a new domain - for dozens of servers hosting different roles and am looking for some general pointers for what we should be aware of.
We cannot use ADMT (for internal political reasons) and cannot use external tools, e.g. Quest (for cost reasons)
The roles on the servers include:
Domain controllers, IIS, SQL, CRM, VMWare Virtual Center - plus other bespoke applications.
I know there will NOT be a "one size fits all" process for every server (or even every application) but was hoping someone could provide general information for the apps mentioned above.
e.g. should we not even consider moving the server(s) between domains but rather build a new server and reinstall the application ? If rebuilding a server is NOT an option for any reason, CAN we move the application server(s) to the
other domain without issues ?
I realise this is a very complex set of tasks but, as I said, just looking for some general information to give us a starting point.
Thanks

>>>CAN we move the application server(s) to the other domain without issues ?
It depends on your authentication and permission model. Where are the users and groups? ACL on these servers from a different domain?
Please provide more information.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.

What is a maximum remoteness between time capsule and device for having a good wifi signal?

What is a maximum remoteness between time capsule and device for having a good wifi signal?

In open air.. line of sight you should work very well over 100M and most likely still work at 200M.
Unfortunately in houses.. there is almost no way to tell. But you can assume signal on 5ghz will dimish very rapidly.. 2 or 3 walls/floors/major obstacles and nothing left.. 2.4ghz should manage your whole house but you might find signal in far corners unusable. Count the number of walls, floors/ceilings it is going through in a straight path, router to client. You can think of it as a 4" pipe.. and even the angles are important.. if it hits a wall made of brick at acute angle it is twice as thick as hitting it dead on. Mirrors, tinted glass are metal reflectors.. reinforced concrete is both a reflector with metal bars and absorber with concrete.. add a bit of moisture content and it is a great block.

Problem creating external trust between domains

Hello,
When I try to create one-way incoming external trust between 2 domains (to DomainA from DomainB) in separate forests I get this info:
This domain already has a one-way trust relationshp with specified domain.
But I cannot see it on the list of trusts either incoming or outgoing (in both domains).
For sure trust was never setup before.
In DomainA there are several other external not transitive trusts with other domains. But for sure DomainB do not have any incoming or outgoing trusts on list. Name resolution betwen domains is OK. I can ping domain name on both sides.
Any help is welcome.
Darek.

Hi,
Were there error events logged in Event Viewer? Besides, did we open necessary firewall ports for creating external trust?
Regarding firewall ports, the following thread can be referred to for more information.
Creating external trust between domain on different forest
http://social.technet.microsoft.com/Forums/en-US/efe56730-ff95-4d6b-b95c-fc2c01ebd2d3/creating-external-trust-between-domain-on-different-forest?forum=winserverDS
Best regards,
Frank Shen

Bug: _global vars between domains

Hey
I submitted a bug report on _global variables, and i just
wanted to hear your opinions.
Scenario 1
1. MovieA loads MovieB from SAME domain
2 Both MovieA and MovieB contain a _global variable
Comclusion/Result:
Both MovieA and Movie B adapts the _global variables
Scenario 2
1. MovieA loads MovieB from DIFFERENT domain
2. Both MovieA and MovieB uses
System.security.allowDomain("*")
3. Both MovieA and MovieB contains a _global variable
Comclusion/Result:
Both MovieA and MovieB CAN NOT access/read eachothers _global
variable.
The help file says:
quote:
The Flash Player version 7 and later security sandbox
enforces restrictions when accessing global variables from SWF
files loaded from separate security domains For more
information, see Understanding Security.
I clearly read that as , you should be able to control the
usage between domains , (just like any other scripting operating
with domain policy )
It fails nomatter what, even with
System.security.allowDomain("*") AND crossdomain.xml policy file.

Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
"Typical tasks required to manage a messaging bridge using the Administration Console include
Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
Intra-domain—The transaction communication is between servers participating in transactions within the same domain
Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
Hope it helps
Regards,
Mohab

Mails between domains

Hi,
We have a scenerio where we are to use different domains for every new env we create. So using Collabsuite, is it possible to mail from [email protected] to [email protected] ?
I have created xyz in the domain env1 and abc in domain env2, but when I use web client to mail from one to another, the mail is simply lost !
Any pointers as to where/how I can trace this if it is possible to mail between domains.
Thanks
Arvind

That's not a problem, just verify the domains and set the domain purpose as Exchange Online. As those will be in the same Exchange organization, there is no need to configure anything else in order to be able to share calendar or contact information between
users.

Shared between domains

Hi,
I need an exchange online infrastructure with three different authoritative domains and i want to share calendar and contacts between domains.
Is possible?
Thanks.
Riuda

That's not a problem, just verify the domains and set the domain purpose as Exchange Online. As those will be in the same Exchange organization, there is no need to configure anything else in order to be able to share calendar or contact information between
users.

ACCESS DATA BETWEEN DOMAINS

Good day!! Sorry if it isn't the right translation, but I try to get some codes for my patients in a web page of an Insurance company, but at the end of the process, after hitting the GENERATE CODE button, appears the messsage (ment for Windows, I suppose): "go to the section about HAVING ACCESS TO DATA ORIGIN BETWEEN DOMAINS", or so..
Hoy can I fix it???

See if you'd said it works with windows . . . try changing the user agent by using the Develop menu in Safari, pick some Windows agent, and see if that works. In Safari's preferences, check the show develop menu under advanced. If that doesn't work, then you'll need a windows computer to do this work or you'll need to talk to the people running the system to get them to fix the problem.

JMS on Remote WLS Domain

Hi,
I have been using Foreign JMS/Message Bridge to access the JMS Queues from Remote WLS domain.
Is there any way to access JMS queue from remote domain (Same Weblogic version 10.3) without using Foreign JMS/Message Bridge.
Thanks in Advance !!

See the [url http://download.oracle.com/docs/cd/E14571_01/web.1111/e13727/interop.htm#JMSPG553]Integrating Remote JMS Providers FAQ.

Difference between Domain member and standalone server with AD binding

Hi all,
Can anyone explain the difference between:
A) Setting up a MacOSX server as Windows domain member server using Server Manager;
B) Setting up a MacsOSX server as Windows standalone server and joining the Active Directory using Directory Access;
My setup:
====================
We have a Windows 2003 A.D. running, all users are set up in the A.D.
Also we have two MacOSX servers, which provide file services (both AFP and SMB/CIFS) for Mac and Windows clients, while using the A.D. for user authentication.
One of the MacOSX servers is configured as a domain member server, the other is configured as Windows standalone server. The latter is bound to the A.D. using Directory Access.
Following the Apple manuals one should think that the first setup (domain member) is the best.
As for Open Directory: both servers are running as Standalone.
How my setup behaves
====================
Official Apple guidelines are to set up the Mac server as domain member. Reality is another thing though.
For AFP both servers perform equal: users are authenticated against the A.D. and get access to their shares. File/Folder permissions are as expected.
For Windows clients things aren't the same.
The server setup as Windows Domain member acts strange. Windows clients don't have single signon experience.
Every file/folder's owner shared on this server is <<unknown>> to the client. Also, when a Windows user creates a file/folder the owner is <<unknown>>.
Sometimes the Samba server just stops authentication. A relaunch of the Samba service fixes this.
The server setup as a standalone server performs as expected. Windows clients have single signon experience, there are no issues with file/folder owner. Also authentication never stops.
Several kinds of Mac Mac OS X (10.4.9)

Hi all,
Can anyone explain the difference between:
A) Setting up a MacOSX server as Windows domain member server using Server Manager;
B) Setting up a MacsOSX server as Windows standalone server and joining the Active Directory using Directory Access;
My setup:
====================
We have a Windows 2003 A.D. running, all users are set up in the A.D.
Also we have two MacOSX servers, which provide file services (both AFP and SMB/CIFS) for Mac and Windows clients, while using the A.D. for user authentication.
One of the MacOSX servers is configured as a domain member server, the other is configured as Windows standalone server. The latter is bound to the A.D. using Directory Access.
Following the Apple manuals one should think that the first setup (domain member) is the best.
As for Open Directory: both servers are running as Standalone.
How my setup behaves
====================
Official Apple guidelines are to set up the Mac server as domain member. Reality is another thing though.
For AFP both servers perform equal: users are authenticated against the A.D. and get access to their shares. File/Folder permissions are as expected.
For Windows clients things aren't the same.
The server setup as Windows Domain member acts strange. Windows clients don't have single signon experience.
Every file/folder's owner shared on this server is <<unknown>> to the client. Also, when a Windows user creates a file/folder the owner is <<unknown>>.
Sometimes the Samba server just stops authentication. A relaunch of the Samba service fixes this.
The server setup as a standalone server performs as expected. Windows clients have single signon experience, there are no issues with file/folder owner. Also authentication never stops.
Several kinds of Mac Mac OS X (10.4.9)

Moving SP2013 and SQL2008R2 to new domain - no trusts between domain

Hello,
I'm looking to move a customized installation of SharePoint 2013 (Microsoft server 2012 std VM) and it's db (SQL 2008 r2 VM) from one domain to another domain. There will be no trust between the domains and assume that no users or service accounts will be
migrated. Has anyone performed a similar operation? If so, can you provide guidance as to the best way to tackle this situation. Currently we plan on exporting the SP2013 VM from the old domain, importing (re-creating) that VM in the new domain and importing
the DB to an existing SQL server in the new domain. My concern is being able to log in to Central Admin afterwards because the domain accounts are no longer valid. Should we change all accounts to local admins first, detach the db and change those accounts
as well? Or would a totally different approach make more sense? Any help would be appreciated..
Thanks in advance,
Alex

You need to build a new SharePoint farm, changing SharePoint server's domain membership isn't supported.
What you'll do is build a new farm, create the Web Application(s), etc. and then restore SQL database backups from the old farm into the new farm.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Remotely add Domain User to local group

I've been playing with this for some time, and I seem to be missing something. I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
groups. I would like to be able to run this from a management workstation.
I've been working from these two posts.
http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally. I have not been able to figure out any format that allows me to get the information remotely. So I figured I would use Invoke-Command
to execute the two lines of code remotely.
Invoke-Command -ComputerName RemoteServer {
$de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
$de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
(I am trying it first with fixed, valid values - change to variables when I get things figured out.) That gave me the error:
Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
+CategoryInfo :NotSpecified: (:) [], MethodInvocationException
+FullyQualifiedErrorID :DotNetMethodTargetInvocation
+PSComputerName :RemoteServer
I need help on what to try next.
Thanks.
. : | : . : | : . tim

I've been playing with this for some time, and I seem to be missing something. I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
groups. I would like to be able to run this from a management workstation.
I've been working from these two posts.
http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally. I have not been able to figure out any format that allows me to get the information remotely. So I figured I would use Invoke-Command
to execute the two lines of code remotely.
Invoke-Command -ComputerName RemoteServer {
$de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
$de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
(I am trying it first with fixed, valid values - change to variables when I get things figured out.) That gave me the error:
Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
+CategoryInfo :NotSpecified: (:) [], MethodInvocationException
+FullyQualifiedErrorID :DotNetMethodTargetInvocation
+PSComputerName :RemoteServer
I need help on what to try next.
Thanks.
. : | : . : | : . tim
The ADSI commands work remotely as long as you are an administrator on the domain.
Invoke-Command only works on systems set up for WinRM remoting and if you are an Administrator on the domain.
Normally we would use AD and GP to add users to local groups.
Your script is also incorrect. Thisis the correct template.
$remotepc='somepc'
$de=[ADSI]"WinNT://$remotepc/Administrators,Group"
$de.Add("WinNT://Domain/User")
You should never the user to the admin group. It is a formula for disaster.
¯\_(ツ)_/¯

Difference between domain controllers and group policy objects in GPMC

Hello,
Am in confusion, someone can tel me the difference between
1.Domain controllers>default domain controller policy and
2.Group policy object>default domain controller policy
In Group policy management console and also i would like know where to define these categories. I normally use second option.
I have attached screenshot for your information.
regards,
Dharanesh,

This first/upper item is a link to the GPO, the second/lower item is the actual GPO.
(notice the link, has a shortcut arrow showing)
by default, when you double-click on a link, a message will display which says "you have clicked on a link....." and the messagbox offers a checkbox for "do not display this message again..."
Effectively they are equivalent to a shortcut-to-a-file vs. the actual file.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Remoting between domains

Similar Messages

Maybe you are looking for