?
Solved

Trust Relationship between two Windows 2003 server

Posted on 2005-03-10
15
Medium Priority
?
374 Views
Last Modified: 2008-02-01
I have 2 domain

1st domain : mycompany.com (Head Office)
2nd domain: othercomany.com (Satellite Office)

We have a IPSec VPN connection between the two sites.

How can I creat a trust Relationship between the two domains?

I have user who travel from the Head office to the satellite office; are they going to be able to get authenticated by my domain when they are at the satellite office?

Thanks
0
Comment
Question by:polycorjsp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 4

Expert Comment

by:neisner
ID: 13510029
Open your Active Directory Domains and Trusts console.  Open Properties for your domain, and then go to the Trust tab.  Click on the New Trust button to start up the New Trust Wizard.  When going through the interview to set up the trust, choose the option to create a two-way trust, and choose the option to let it create both sides.  The rest is pretty straighforward...

If you want me to go through it step by step, let me know...

And yes, once you get this going users from both offices should be able to authenticate to their domain regardless of where they are at.
0
 

Author Comment

by:polycorjsp
ID: 13510073
I've try this and I'm always getting an error message???

Do I have to do some things in the DNS section?

My network IP is 192.168.10.XXX
(my PDC : 192.168.10.2 = SRV2K3-MAIN)

The other Network is 192.168.1.xxx
(Other PDC 192.168.1.254 = SRV2K3-OTHER)

The error message said that the name specified is not a valid Domain Name?
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510134
Yes, each side needs to be able to resolve the names of domain controllers on the other side.  The quickest way to do this if you aren't already, is to set up the DNS servers for mycompany.com as secondaries for othercompany.com, and vice versa.

The problem you are having is almost always DNS related in my experience...
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:polycorjsp
ID: 13510182
Can you guide me on this one...  I'm kind of new with this.  I've build up DNS zone for my web and exchange but never done that for trust relationship...
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510309
Sure thing...

Open your DNS manager console for mycompany.com.  Find the Forward Lookup Zone for mycompany.com and open its properties page.  Go to the Name Servers tab and add the DNS server for othercompany.com.  Next go to the Zone Transfers tab and make sure that zone transfers are allowed to servers listed under the Name Servers tab.  Click OK.
Then open the DNS manager console for othercompany.com.  Right-click on the Forward Lookup Zone container and choose New Zone.  Choose the option to create a Secondary zone.  Enter mycompany.com for the name of the zone.  Enter the IP address of the primary mycompany.com DNS server.  Next, next, finish, blah blah...

Repeat the process for the other side (start in the DNS manager console for othercompany.com).  Once this is all done, make sure the zones transfer properly.
0
 

Author Comment

by:polycorjsp
ID: 13510624
It worked at one site only???

At othercompany.com, the zone transfer was successfull

But at mycompany; it didn't work..

Her's what I've done:
At my site (mycompany.com)
Right Click mycompany.com Forwared Lookup Zone, Properties
Name Server Tab
I add srv2k3-1.othercompany.com 192.168.1.254

In the Transfert Zone Tab,
I've selected the Only the Server list in the Name Server Tab

I've created a Secondery Zone
othercompny.com
I've enter the IP adress 192.168.1.254

At the other company, it's not hosting any web site and there were no DNS entry
I've created two DNS1 and DNS2 with the external IP adress (ex.:67.84.125.15)
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510693
You're saying there were no entries in the othercompany.com zone?
0
 

Author Comment

by:polycorjsp
ID: 13510801
Yes and No!!!??

At the othercomany.com, there's entry for:
The computers on the network 192.1687.1.XXX
SOA and NS record with the Private IP :  192.168.1.254

0
 

Author Comment

by:polycorjsp
ID: 13510839
Ok... Sorry...  It' works!
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510845
Alright, good...  :)

Were you able to create the trust now?
0
 

Author Comment

by:polycorjsp
ID: 13510964
No....?

The two site DNS zone was transfered successfully...

I've double click on active directory domain and Trust, right-click my company.com, select properties

Clique the new trust button

enter srv2k3-1.othercompany.com and I still get the message that the name that I've specified is not a valid windows domain nam.  I'm wondering if the fact that the other company domain name is like this other_company.com (with the _ between other and company could cause the problem?

Thanks!
0
 
LVL 4

Accepted Solution

by:
neisner earned 2000 total points
ID: 13511002
Wait...srv2k3-1.othercompany.com is the name of a server at your satellite office, correct?  You just need to enter "othercompany.com" as the domain you want to create the trust with.

I *think* the _ won't make a difference.  I'll look into it to make sure though.
0
 

Author Comment

by:polycorjsp
ID: 13512625
Everything is done!

You are good!  Really Good!  Just a last question...  Why i'm I unable to map a printer connected to a computer from Head office to remote office by using the DNS name?  The Trust Relationship is in place and fuctionnal!

Exemple:
I'm connected to my PDC, I'm trying to add a HP4000 Printer situated in the remote office so I've done this:

\\John_s\hp4000 in the add network printer but it can't find it?  If I use the IP of John_s, it works?

Thanks!
0
 
LVL 4

Expert Comment

by:neisner
ID: 13516532
If you are using \\John_s\hp4000, that will query WINS instead of DNS.  You would need to use something like \\John_s.othercompany.com\hp4000 for it to query DNS, and that assumes that there is an alias for the printer in the othercompany.com zone.
0
 

Author Comment

by:polycorjsp
ID: 13516976
Thanks again for all your help
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question