Two trusted domains with same username in both - can we merge?

We have 2 domains (A,B) in our environment.

Whenever someone joins the company, his account will be created in domain A. If someone has to work in a particular department, an account will be created for him in domain B. Both accounts have same username and domain B has a trust relationship with Domain A.

The department using domain B has many applications/software/servers (300+ Windows and Linux machines) and around 150 active users. Now the company wants us to make users use their Domain A account in all the domain B servers.

Is there a way to achieve this?


That's what a domain trust is for - it allows you to add users from domain A to security groups in domain B.

Just add the relevant users to the departmental groups they need to be in.


You can use a trust relationship (either forest or domain trust) to allow access to resources in domain B to domain A accounts. With a forest trust, you can allow all accounts to authenticate from A into B, or you can enable selective authentication, which will require each resource server in domain B to specifically allow accounts from domain A to be able to authenticate.

If your organization is talking about actually moving to domain B as the primary account location, you would find the Active Directory Migration Tool (ADMT) to be useful because it can actually migrate user accounts from one domain (or forest) to another. On top of that, it can merge accounts if they exist for the same user in both forest and it can even preserve the SID history of these users, which makes managing ACL's on shared resources (share permissions, NTFS permissions, etc) much easier to continue managing.

As stated in one of the comments above, it sounds like you may want to get some additional input from a local resource. This isn't an extremely complicated setup, but certainly is more advanced than a typical AD environment.