?
Solved

Trust Relationship between two Windows 2003 server

Posted on 2005-03-10
15
Medium Priority
?
376 Views
Last Modified: 2008-02-01
I have 2 domain

1st domain : mycompany.com (Head Office)
2nd domain: othercomany.com (Satellite Office)

We have a IPSec VPN connection between the two sites.

How can I creat a trust Relationship between the two domains?

I have user who travel from the Head office to the satellite office; are they going to be able to get authenticated by my domain when they are at the satellite office?

Thanks
0
Comment
Question by:polycorjsp
  • 8
  • 7
15 Comments
 
LVL 4

Expert Comment

by:neisner
ID: 13510029
Open your Active Directory Domains and Trusts console.  Open Properties for your domain, and then go to the Trust tab.  Click on the New Trust button to start up the New Trust Wizard.  When going through the interview to set up the trust, choose the option to create a two-way trust, and choose the option to let it create both sides.  The rest is pretty straighforward...

If you want me to go through it step by step, let me know...

And yes, once you get this going users from both offices should be able to authenticate to their domain regardless of where they are at.
0
 

Author Comment

by:polycorjsp
ID: 13510073
I've try this and I'm always getting an error message???

Do I have to do some things in the DNS section?

My network IP is 192.168.10.XXX
(my PDC : 192.168.10.2 = SRV2K3-MAIN)

The other Network is 192.168.1.xxx
(Other PDC 192.168.1.254 = SRV2K3-OTHER)

The error message said that the name specified is not a valid Domain Name?
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510134
Yes, each side needs to be able to resolve the names of domain controllers on the other side.  The quickest way to do this if you aren't already, is to set up the DNS servers for mycompany.com as secondaries for othercompany.com, and vice versa.

The problem you are having is almost always DNS related in my experience...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:polycorjsp
ID: 13510182
Can you guide me on this one...  I'm kind of new with this.  I've build up DNS zone for my web and exchange but never done that for trust relationship...
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510309
Sure thing...

Open your DNS manager console for mycompany.com.  Find the Forward Lookup Zone for mycompany.com and open its properties page.  Go to the Name Servers tab and add the DNS server for othercompany.com.  Next go to the Zone Transfers tab and make sure that zone transfers are allowed to servers listed under the Name Servers tab.  Click OK.
Then open the DNS manager console for othercompany.com.  Right-click on the Forward Lookup Zone container and choose New Zone.  Choose the option to create a Secondary zone.  Enter mycompany.com for the name of the zone.  Enter the IP address of the primary mycompany.com DNS server.  Next, next, finish, blah blah...

Repeat the process for the other side (start in the DNS manager console for othercompany.com).  Once this is all done, make sure the zones transfer properly.
0
 

Author Comment

by:polycorjsp
ID: 13510624
It worked at one site only???

At othercompany.com, the zone transfer was successfull

But at mycompany; it didn't work..

Her's what I've done:
At my site (mycompany.com)
Right Click mycompany.com Forwared Lookup Zone, Properties
Name Server Tab
I add srv2k3-1.othercompany.com 192.168.1.254

In the Transfert Zone Tab,
I've selected the Only the Server list in the Name Server Tab

I've created a Secondery Zone
othercompny.com
I've enter the IP adress 192.168.1.254

At the other company, it's not hosting any web site and there were no DNS entry
I've created two DNS1 and DNS2 with the external IP adress (ex.:67.84.125.15)
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510693
You're saying there were no entries in the othercompany.com zone?
0
 

Author Comment

by:polycorjsp
ID: 13510801
Yes and No!!!??

At the othercomany.com, there's entry for:
The computers on the network 192.1687.1.XXX
SOA and NS record with the Private IP :  192.168.1.254

0
 

Author Comment

by:polycorjsp
ID: 13510839
Ok... Sorry...  It' works!
0
 
LVL 4

Expert Comment

by:neisner
ID: 13510845
Alright, good...  :)

Were you able to create the trust now?
0
 

Author Comment

by:polycorjsp
ID: 13510964
No....?

The two site DNS zone was transfered successfully...

I've double click on active directory domain and Trust, right-click my company.com, select properties

Clique the new trust button

enter srv2k3-1.othercompany.com and I still get the message that the name that I've specified is not a valid windows domain nam.  I'm wondering if the fact that the other company domain name is like this other_company.com (with the _ between other and company could cause the problem?

Thanks!
0
 
LVL 4

Accepted Solution

by:
neisner earned 2000 total points
ID: 13511002
Wait...srv2k3-1.othercompany.com is the name of a server at your satellite office, correct?  You just need to enter "othercompany.com" as the domain you want to create the trust with.

I *think* the _ won't make a difference.  I'll look into it to make sure though.
0
 

Author Comment

by:polycorjsp
ID: 13512625
Everything is done!

You are good!  Really Good!  Just a last question...  Why i'm I unable to map a printer connected to a computer from Head office to remote office by using the DNS name?  The Trust Relationship is in place and fuctionnal!

Exemple:
I'm connected to my PDC, I'm trying to add a HP4000 Printer situated in the remote office so I've done this:

\\John_s\hp4000 in the add network printer but it can't find it?  If I use the IP of John_s, it works?

Thanks!
0
 
LVL 4

Expert Comment

by:neisner
ID: 13516532
If you are using \\John_s\hp4000, that will query WINS instead of DNS.  You would need to use something like \\John_s.othercompany.com\hp4000 for it to query DNS, and that assumes that there is an alias for the printer in the othercompany.com zone.
0
 

Author Comment

by:polycorjsp
ID: 13516976
Thanks again for all your help
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question