Setting up the Db2 instance to allow domain users to connect

The Db2® instances are set up to allow domain users to connect.

1. For a multi-domain configuration where the Db2 user belongs to domain B and not domain A, then domain A must trust domain B. Trust relationship is a Windows domain configuration.
2. To discover the Db2 service account, below is a sample of commands that can be used:

   C:>db2ilist
   DB2
   
   C:>sc query state= all | findstr SERVICE_NAME | findstr DB2
   SERVICE_NAME: DB2-0
   
   C:>sc qc DB2-0
   [SC] GetServiceConfig SUCCESS
   
   SERVICE_NAME: DB2-0
   TYPE : 10 WIN32_OWN_PROCESS
   START_TYPE : 3 DEMAND_START
   ERROR_CONTROL : 1 NORMAL
   BINARY_PATH_NAME : C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
   LOAD_ORDER_GROUP :
   TAG : 0
   DISPLAY_NAME : DB2 - DB2COPY1 - DB2
   DEPENDENCIES : LanmanServer
   : +NetBIOSGroup
   SERVICE_START_NAME : A\db2admin

   The value of the attribute SERVICE_START_NAME is the Db2 service account. It is a fully qualified, two part name where the first part is the domain name (A) and the second part is the account name (db2admin). A '.' for the domain name indicates that the account is a local account.

   The service account, A \db2admin, needs to belong to the local administrators' group and the Db2 administrator group, which is by default is DB2ADMNS. The Db2 administrator group can also be a domain group. See the Db2 instance user account section of Required user accounts for installation of Db2 server products (Windows) page for more details.

   The service account local group membership can be verified by using the operating system command net. Members of the local administrators group can be counted using net. In the example below, the output shows that A \db2admin is a member of the administrator group:

   C:>net localgroup administrators
   Administrator
   A\db2admin