Multiple Domains on a Single Server

Is it possible to have Multiple domains setup on a single server?

I have a 3rd party app that can distinguish users by domain and user name. I would like some way to segment my users. To do that I would like to create a domain for each user group.

Am I going to need a separate computer for each domain? I have seen the word SubDomain. Would that work a a real domain as far a logging in goes?

Also, my computers are on my work network that has a domain that I can not mess with. Will setting up these domains conflict with my real work domain?

Thanks for any comments.

Edit: I think I am talking about Active Directory Domains here. Something users enter in to a log in screen. Ie enter username, domain and password.

Edit2: To give a little back ground. I am using a 3rd party tool to secure about 600 windows mobile devices. (These are/will be used by people around the nation with NO access to my work domain.)

The tool handles the securing part well, but offloads the authentication part. It uses windows to authenticate against. So I made a machine that has all the users automatically setup as local users on the box. The users log in on the device and the software calls back to the server and checks to see if the users exist on the box. (Note that these users have no rights on anything).

The problem is that the users around the nation are separate contract organizations. I don't really want one organization to be able to unlock the device from another organization.

Hence my domain question. I would like to make a domain for each organization (there are about 100) and add the appropriate users to each domain. However, I don't have 100 spare machines setting around (or resources for that many VMs) so I was wondering if you can have more than one domain on a single machine.


Solution 1:

One computer can only be a domain controller for one Active Directory domain.

However, you can have whichever domain suffix you want on your user accounts - there is no problem using [email protected] and [email protected] in the same Active Directory domain. It's just a GUI limitation that this function isn't exposed too well.

The "[email protected]" is called User Principal Name, or UPN for short. Your old-style DOMAIN\Username is called SAMAccountName or NT4-logonname. These are two different and unrelated usernames for the same user. Basically, every user in an Active Directory domain has two usernames, one UPN and one SamAccountName.

If you implement this, here's how it will look to users: On a WinXP/2000/2003 system, there are three logon "fields"; username, password and domain. When using this type of logon, you are in fact using your SamAccountName to log on. To use UPN, simply write your full UPN (including @ sign) at the logon. As you'll see, when you type in the "@", the Domain field is greyed out and Windows figures out that you're using a UPN logon type.

SO: Domain is always domain, whichever logon type you use.