I'm completely new to the Windows Server/AD thing. I'm a linux guy at heart and trying this Windows stuff is mind-boggling.
I have an existing AD domain that I don't manage and is out of my control which I want as the parent domain. I'm trying to create a child domain without having domain admin on the parent, I have a generic account if that helps?.
- Is it possible to do what I want to do?
- Is what I'm trying to do actually the right thing at all? See below for what I want to achieve...
I want to create a new domain that allows existing users of domain A (my proposed parent) to authenticate to machines attached to domain B (proposed child). I also want to be able to add accounts that just exist in domain B. Finally I want to be able to add extra groups to users of domain A that are only effective in domain B. In short: I want to use domain A for password authentication (and some of the existing groups) where possible and have everything else controlled by domain B.
Yeah, I'm a total beginner and I've heard the general concept of what I want to do is totally possible but I've no idea how to or what it's called. I think it might even be a one-way forest trust?
Extra info: My domain controller (domain B) is Windows Server 2016 virtualised on VMWare and is network routable to domain A.
Thanks!