polycorjsp
asked on
Trust Relationship between two Windows 2003 server
I have 2 domain
1st domain : mycompany.com (Head Office)
2nd domain: othercomany.com (Satellite Office)
We have a IPSec VPN connection between the two sites.
How can I creat a trust Relationship between the two domains?
I have user who travel from the Head office to the satellite office; are they going to be able to get authenticated by my domain when they are at the satellite office?
Thanks
1st domain : mycompany.com (Head Office)
2nd domain: othercomany.com (Satellite Office)
We have a IPSec VPN connection between the two sites.
How can I creat a trust Relationship between the two domains?
I have user who travel from the Head office to the satellite office; are they going to be able to get authenticated by my domain when they are at the satellite office?
Thanks
ASKER
I've try this and I'm always getting an error message???
Do I have to do some things in the DNS section?
My network IP is 192.168.10.XXX
(my PDC : 192.168.10.2 = SRV2K3-MAIN)
The other Network is 192.168.1.xxx
(Other PDC 192.168.1.254 = SRV2K3-OTHER)
The error message said that the name specified is not a valid Domain Name?
Do I have to do some things in the DNS section?
My network IP is 192.168.10.XXX
(my PDC : 192.168.10.2 = SRV2K3-MAIN)
The other Network is 192.168.1.xxx
(Other PDC 192.168.1.254 = SRV2K3-OTHER)
The error message said that the name specified is not a valid Domain Name?
Yes, each side needs to be able to resolve the names of domain controllers on the other side. The quickest way to do this if you aren't already, is to set up the DNS servers for mycompany.com as secondaries for othercompany.com, and vice versa.
The problem you are having is almost always DNS related in my experience...
The problem you are having is almost always DNS related in my experience...
ASKER
Can you guide me on this one... I'm kind of new with this. I've build up DNS zone for my web and exchange but never done that for trust relationship...
Sure thing...
Open your DNS manager console for mycompany.com. Find the Forward Lookup Zone for mycompany.com and open its properties page. Go to the Name Servers tab and add the DNS server for othercompany.com. Next go to the Zone Transfers tab and make sure that zone transfers are allowed to servers listed under the Name Servers tab. Click OK.
Then open the DNS manager console for othercompany.com. Right-click on the Forward Lookup Zone container and choose New Zone. Choose the option to create a Secondary zone. Enter mycompany.com for the name of the zone. Enter the IP address of the primary mycompany.com DNS server. Next, next, finish, blah blah...
Repeat the process for the other side (start in the DNS manager console for othercompany.com). Once this is all done, make sure the zones transfer properly.
Open your DNS manager console for mycompany.com. Find the Forward Lookup Zone for mycompany.com and open its properties page. Go to the Name Servers tab and add the DNS server for othercompany.com. Next go to the Zone Transfers tab and make sure that zone transfers are allowed to servers listed under the Name Servers tab. Click OK.
Then open the DNS manager console for othercompany.com. Right-click on the Forward Lookup Zone container and choose New Zone. Choose the option to create a Secondary zone. Enter mycompany.com for the name of the zone. Enter the IP address of the primary mycompany.com DNS server. Next, next, finish, blah blah...
Repeat the process for the other side (start in the DNS manager console for othercompany.com). Once this is all done, make sure the zones transfer properly.
ASKER
It worked at one site only???
At othercompany.com, the zone transfer was successfull
But at mycompany; it didn't work..
Her's what I've done:
At my site (mycompany.com)
Right Click mycompany.com Forwared Lookup Zone, Properties
Name Server Tab
I add srv2k3-1.othercompany.com 192.168.1.254
In the Transfert Zone Tab,
I've selected the Only the Server list in the Name Server Tab
I've created a Secondery Zone
othercompny.com
I've enter the IP adress 192.168.1.254
At the other company, it's not hosting any web site and there were no DNS entry
I've created two DNS1 and DNS2 with the external IP adress (ex.:67.84.125.15)
At othercompany.com, the zone transfer was successfull
But at mycompany; it didn't work..
Her's what I've done:
At my site (mycompany.com)
Right Click mycompany.com Forwared Lookup Zone, Properties
Name Server Tab
I add srv2k3-1.othercompany.com 192.168.1.254
In the Transfert Zone Tab,
I've selected the Only the Server list in the Name Server Tab
I've created a Secondery Zone
othercompny.com
I've enter the IP adress 192.168.1.254
At the other company, it's not hosting any web site and there were no DNS entry
I've created two DNS1 and DNS2 with the external IP adress (ex.:67.84.125.15)
You're saying there were no entries in the othercompany.com zone?
ASKER
Yes and No!!!??
At the othercomany.com, there's entry for:
The computers on the network 192.1687.1.XXX
SOA and NS record with the Private IP : 192.168.1.254
At the othercomany.com, there's entry for:
The computers on the network 192.1687.1.XXX
SOA and NS record with the Private IP : 192.168.1.254
ASKER
Ok... Sorry... It' works!
Alright, good... :)
Were you able to create the trust now?
Were you able to create the trust now?
ASKER
No....?
The two site DNS zone was transfered successfully...
I've double click on active directory domain and Trust, right-click my company.com, select properties
Clique the new trust button
enter srv2k3-1.othercompany.com and I still get the message that the name that I've specified is not a valid windows domain nam. I'm wondering if the fact that the other company domain name is like this other_company.com (with the _ between other and company could cause the problem?
Thanks!
The two site DNS zone was transfered successfully...
I've double click on active directory domain and Trust, right-click my company.com, select properties
Clique the new trust button
enter srv2k3-1.othercompany.com and I still get the message that the name that I've specified is not a valid windows domain nam. I'm wondering if the fact that the other company domain name is like this other_company.com (with the _ between other and company could cause the problem?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Everything is done!
You are good! Really Good! Just a last question... Why i'm I unable to map a printer connected to a computer from Head office to remote office by using the DNS name? The Trust Relationship is in place and fuctionnal!
Exemple:
I'm connected to my PDC, I'm trying to add a HP4000 Printer situated in the remote office so I've done this:
\\John_s\hp4000 in the add network printer but it can't find it? If I use the IP of John_s, it works?
Thanks!
You are good! Really Good! Just a last question... Why i'm I unable to map a printer connected to a computer from Head office to remote office by using the DNS name? The Trust Relationship is in place and fuctionnal!
Exemple:
I'm connected to my PDC, I'm trying to add a HP4000 Printer situated in the remote office so I've done this:
\\John_s\hp4000 in the add network printer but it can't find it? If I use the IP of John_s, it works?
Thanks!
If you are using \\John_s\hp4000, that will query WINS instead of DNS. You would need to use something like \\John_s.othercompany.com\
ASKER
Thanks again for all your help
If you want me to go through it step by step, let me know...
And yes, once you get this going users from both offices should be able to authenticate to their domain regardless of where they are at.