[ActiveDir] non-trusted forest administration

[Rich Milburn]

Does anyone know how to run ADUC on a member of domain A to connect to domain B which is in a separate, non-trusted forest on Win2K?   More details: Help Desk is in Forest A, domain A.  There is a DC/DNS server with its own forest and Domain B, and it will be for external user authentication (simplified a little).  If we can avoid a trust, that would be preferable to help isolate it.  However, the Help Desk needs to reset passwords and modify user accounts in Domain B.  DNS issues have been resolved (conditional forwarding – this is all Win2K3).  With XP I can store logon info for that domain, and a customized mmc comes up nicely.  Win2K is a different story though.  If you open ADUC on Win2K, it points to your default context (Domain A).  If you try to connect to Domain B, authentication fails (but it doesn’t bother to ask).  If you try to Run As, ADUC won’t come up because Domain B credentials are invalid for ADUC coming up in the default context.  We’re about to create a one-way external trust, but what would avoid that is something that would function like: hlpdskaduc.msc /domain:domainB /user:[EMAIL PROTECTED]   Is there a better way to do this, or does someone know how to run the above?  I know I could use command-line tools, but we’re talking about the help desk here.   Thanks Rich   -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.