I am a domain admin in Domain A and also Domain admin in domain B
Domain A and B are separate domains with no Trust.
I am using the same user name and password in both domains.
what I don't understand, when I am in a DC in domain A I can use UNC path \\DCofDomainB
and then I can see the shares.
But if I try the UNC to access another computer which is not a DC in the domainB, I get the security window to enter user name and password.
I don't understand where the difference is.
Any idea?
Thanks
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
When you're connecting to a machine that's not a member of the same domain, your current user name and password is sent to the remote machine, trying a pass-through authentication.
If a *LOCAL* account with the same name and password exists on the remote machine, you're allowed access (if you're accessing a DC, the DC will query the AD database).
If there is no matching *LOCAL* account (which is the case on all member servers, if the account is a domain account), the authentication window pops up.
That's why you can access a remote DC with your current account directly, but not a member server.
Business Accounts
Answer for Membership
by: oBdAPosted on 2009-11-07 at 16:31:24ID: 25768822
That's normal; it's because the remote machine will only access its *local* user database when checking credentials that another machine sent that's not in the same domain. For a DC, the "local" user database is the AD user database; for members, you'd need another local account.
"[...]
Windows 2000 behavior:
When a logon attempt is made, three things are specified: the user name, the encrypted password, and the domain name. All fields are optional. The following simplified logic is used by the Net Logon service to process these logon credentials:
1. If no domain is specified, or if the domain that is specified is the local domain (a computer or NetBIOS name for a member server), the local SAM database validates the logon. If an account is found, and the credentials match, the logon proceeds. If no account is found, and the domain is specified, the "account not found" message is returned.
[...]"
Windows NT User Account Database Search Order
http://support.microsoft.c