IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk.
To set up simple maps between multiple domains, you first have to configure the primary Windows and NIS domain mapping in the Windows Services for UNIX administration tool. After you have defined the primary domain pair, you can edit the registry to specify additional Windows or NIS domain pairs.
To configure multiple Windows or NIS domain pairs, run regedt32.exe, and then locate the following registry entry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MapSvc\CurrentVersion
Value: AdditionalMapDefinitions
Data Type: REG_MULTI_SZ
To specify the Windows or NIS domain pairs you want to map, use the following format:
Windows_domain~NIS_domain:[NIS_server]
Windows_domain is the Windows domain with the accounts to be mapped to the NIS domain accounts in the domain specified by NIS_domain. NIS_domain is the NIS domain with the accounts to be mapped to the Windows domain accounts in the domain specified by Windows_domain. NIS_server specifies a primary (master) or secondary (slave) server for the NIS domain specified by NIS_domain.
Specify the NIS_server value if the NIS_domain master is not on the same TCP/IP subnet as the server running the User Name Mapping component. The colon (:) separator is always required, even if you do not specify a value for NIS_server.
For example, to map accounts in the Windows domain "MktgDomain" to accounts in the NIS domain "NISMktg", where "MktgServer" is the NIS master and it exists in a different TCP/IP subnet than the User Name Mapping server, make the following entry in the registry on the Windows Services for UNIX-based computer:
MktgDomain~NISMktg:MktgServer
To map accounts in the Windows domain "SalesDomain" to accounts in the NIS domain "NISSales", whose master server is located in the same subnet as the server running User Name Mapping, in the multi-string editor, type
SalesDomain~NISSales:NOTE: The preceding input has a trailing colon (:).
Additional Information
After you make the preceding changes, you must restart User Name Mapping server or change the following registry value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MapSvc\ReadConfig
All Windows domains mapped to NIS domains must have a trust relationship with the domain to which User Name Mapping server belongs, and Server for NFS Authentication must be running on all domain controllers in those domains.
You must use the regedt32.exe program to specify the domain pairs. (The regedit.exe program does not support editing multiple-string values.)
When matching a particular user or group account, the User Name Mapping component traverses the list of additional domain pairs in the reverse order in which they are displayed in the multi-string editor, followed by the domain pair specified in Windows Services for UNIX Administration, then the component uses the first match it locates.
If any of the domain pairs contains an error (for example, an NIS domain on a different subnet is specified without an NIS server), the User Name Mapping component ignores the primary and additional domain pairs and uses the previous mappings.