Hi, I manage two independant domains, A and B (no domain approbations). I want a user from domain A to be able to reboot all the servers (using shutdown /m \\machine_name), although he's not machine admin, nor domain admin. I created on domain B the same account name, same password that the one on domain A. I gave him the required privileges (shutdown server, and force shutdown from remote). But when I run the shutdown /m command against the domain B server, in a session opened by the user from domain A, I get an error 5 - access denied. If I use the same process, but against a remote workgroup server and a local user account, it works, though. My servers are running Windows 2008. So, is it normal that there is a difference between domain-to-domain and domain-to-workgroup ? And if the answer is yes, how can I achieve my goal : user from domain A, no administrator, must be able to reboot servers from A and B domains, and no approval between A and B ? Thanks for your help.

Hi, Thanks for posting in Microsoft TechNet forums. Even if we create two user accounts in two independent domains with the same user name and password, they are actually two different user accounts. Their GUIDs are different. When we open in a session by using the user from domain A, that user account in domain A cannot be recognized by the domain B. That's why the access denied error is received. Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi Kevin, Thanks for your answer. I understand your point, although it is a mystery to me why it should work in a domain-to-workgroup relationship, but not in a domain-to-domain one. However, what is the recommended way then when you have to remotely reboot a server belonging to another domain (I can't use psexec because the user cannot be admin) ? Regards

Hi, If we need to restart the server in another domain, we will have to logon to it directly or we will have to use shutdown.exe tool and provide the necessary credential. As we can see in the article below, membership in the Administrators group, or equivalent, on the remote computer is the minimum required to complete this procedure by using shutdown /m. Restart or Shut Down a Remote Computer and Document the Reason http://technet.microsoft.com/en-us/library/cc770416.aspx Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, If we need to restart the server in another domain, we will have to logon to it directly or we will have to use shutdown.exe tool and provide the necessary credential. As we can see in the article below, membership in the Administrators group, or equivalent, on the remote computer is the minimum required to complete this procedure by using shutdown /m. Restart or Shut Down a Remote Computer and Document the Reason http://technet.microsoft.com/en-us/library/cc770416.aspx Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, Just checking to see how is the troubleshooting going. Please feel free to let us know if you would like further assistance. Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, As this thread has been quiet for a while, we will mark it as Answered as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, Well, in fact I am kind of stuck : 1) I still don't understand why the same user/same password trick works when the target is in a workgroup, and does not work when the target is in a domain 2) I still don't know how I can manage to allow a user in domain A to reboot a server in domain B, without being administrator Regards