Microsoft KB Archive/194633

= How to add additional host security domains =

Article ID: 194633

Article Last Modified on 2/22/2007

-

APPLIES TO


 * Microsoft SNA Server 4.0 Service Pack 1
 * Microsoft SNA Server 4.0 Service Pack 4
 * Microsoft Host Integration Server 2000 Standard Edition
 * Microsoft Host Integration Server 2000 Service Pack 1

-



This article was previously published under Q194633



IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.



SUMMARY
When you install the Windows NT Account Synchronization service (the service must be installed on a Primary Domain Controller [PDC]), setup asks for a list of domains in which the Host Account Caches are to exist. Usually, in a single domain model, this will be the domain name of the domain in which the PDC is a member. However, if installing in a Multi- Domain environment, such as a master domain model, the Windows NT Account Synchronization service will be installed on the PDC of the accounts domain and the Host Account Cache service(s) will exist in each resource domain.



MORE INFORMATION
However, it may be necessary to add a resource domain to the list after the service is configured and running. To add additional Host Security Domains without removing and reinstalling the Windows NT Account Synchronization service, you must modify the Windows NT Registry. To do this, perform the following steps:

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it.  Start Registry Editor (Regedt32.exe).  Locate the MdbDomains value under the following subkey in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SnaPMP\Parameters NOTE: The above registry key is one path; it has been wrapped for readability.  On the Edit menu, click Multi String, type on a new line the name of a single resource domain. Press Enter after each new entry, and then click OK. Quit Registry Editor.

The Windows NT Account Synchronization service must be restarted for the change to take effect.

For more information, please see the following Microsoft Knowledge Base article:

194695 How to Configure Host Security for a Multi-Domain Environment

Keywords: kbhowto KB194633

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.