Granting Dial-In Permissions to Users of a Trusted Domain (155764)

SUMMARY

In order to grant users in an accounts domain Remote Access Service (RAS) dial-in permissions to a server in a resource domain, it is not necessary to add these users (individually or as a group) to the accounts database of the resource domain. It is also not necessary to have a RAS Server running in the Accounts Domain as long as the Resource Domain is configured to trust the Accounts Domain. The accounts domain does not have to trust the resource domain for this configuration to work.

MORE INFORMATION

Take the following steps to grant dial-in permissions to users in the trusted accounts domain for the RAS server in the resource domain:

Either the administrator's account from the resource domain has to be part of accounts domain Administrators group (as per a trust), or while logged on to the Resource Domain, the administrator must

NET USE \\Accounts_PDC\netlogon /u:Accounts\administrator

(Where Accounts_PDC is the Primary Domain Controller (PDC) for the accounts domain) and enter the password for this account in the Accounts Domain when prompted.
After making the above connection, perform the following steps:
1. Start up RASADMIN on the server in the Resource Domain.
2. From the Servers menu, choose Select Domain Or Server.
3. In the Domain field, enter the domain name of the trusted Accounts Domain and press ENTER.
4. If there is no RAS server in the Accounts Domain, the first line of the RASADMIN program display area below the menu displays:
  
  "No Remote Access Servers were found in the selected domain."
  
  Otherwise, it displays the server name of a server that is currently running RAS.
5. From the Users menu, choose Permissions.

All users from the Accounts Domain should now appear in the Users box, and it is possible to choose Grant Dial-in Permission to User per user from the Accounts Domain to dial-in to the Resource Domain's RAS Server.