Workgroup server authenticate external AD account

%3CLINGO-SUB%20id%3D%22lingo-sub-2836707%22%20slang%3D%22en-US%22%3EWorkgroup%20server%20authenticate%20external%20AD%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2836707%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20security%20and%20infrastructure%20reasons%2C%20I%20got%20a%20server%20which%20has%20to%20stay%20in%20a%20%22workgroup%22%20domain%2C%20not%20integrated%20in%20an%20active%20directory.%26nbsp%3B%3C%2FP%3E%3CP%3EMeanwhile%2C%20I%20have%20a%20list%20of%2015%20users%20of%20my%20Active%20Directory%20who%20have%20to%20log%20on%20this%20server%20through%20TSE%2FRDP%20Cals.%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20for%20a%20server%20not%20in%20my%20AD%20to%20authenticate%20%22external%22%20(from%20another%20AD)%20users%20and%20to%20open%20a%20session%20on%20the%20server%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2836707%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%20external%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2837657%22%20slang%3D%22en-US%22%3ERe%3A%20Workgroup%20server%20authenticate%20external%20AD%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2837657%22%20slang%3D%22en-US%22%3EIf%20you%20put%20this%20server%20in%20workgroup%20for%20security%20reasons%2C%20do%20not%20try%20to%20authenticate%20using%20Active%20Directory%20-%20it%20would%20defeat%20the%20purpose%20of%20isolating%20your%20server%2C%20and%20you'll%20need%20to%20decrease%20the%20security%20of%20the%20whole%20forest%20for%20that%20(not%20counting%20security%20issues%20with%20logged%20on%20accounts).%3CBR%20%2F%3EUse%20local%20accounts%20instead.%3CBR%20%2F%3EBut%20you%20mention%20users%20from%20your%20Active%20Directory%2C%20then%20users%20from%20another%20Active%20Directory%2C%20that's%20confusing.%20What%20are%20you%20trying%20to%20accomplish%20there%20%3F%3C%2FLINGO-BODY%3E
New Contributor

Hello.

 

For security and infrastructure reasons, I got a server which has to stay in a "workgroup" domain, not integrated in an active directory. 

Meanwhile, I have a list of 15 users of my Active Directory who have to log on this server through TSE/RDP Cals.

Is there any way for a server not in my AD to authenticate "external" (from another AD) users and to open a session on the server ?

 

Thank you.

2 Replies
If you put this server in workgroup for security reasons, do not try to authenticate using Active Directory - it would defeat the purpose of isolating your server, and you'll need to decrease the security of the whole forest for that (not counting security issues with logged on accounts).
Use local accounts instead.
But you mention users from your Active Directory, then users from another Active Directory, that's confusing. What are you trying to accomplish there ?

@Alban1999 Thanks for your reply. Forget the security reasons, this is not a good reason. 

- Let's name my active directory "stephAD".

- My server is hosted in a datacenter we can't manage. And our "hosting partner" don't autorize us to integrate the server in an Active Directory Domain.

- On this server, there is an application and some users have to log on the server to launch a local tool to manage the application.

- We plan to install some RDP CALs to support multiple simultaneous connections. 

- Is this possible for the server to autorize connections for users from our active directory domain 'stephAD' ?

 

Thanks you.