Trust relationship between a domain and a workgroup

Posted on 2005-04-21
Last Modified: 2009-06-10
         is it possible to create a trust relationship between a domain and a workgroup that are connected over vpn, we can only see the other offices computers if we do a search by name, would a trust relationship allow us to see each other and if so, how do you create this realtionship ?.
Question by:eenderle
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Trust relationships are not possible with Workgroups - workgroups have nothing to trust - all systems are independent.  Trusts are between domains only.  Further, trusts are not possible with Small Business Server (if you are using that).
    LVL 95

    Accepted Solution

    If you are using WINS, then the remote systems might be able to set themselves to use the WINS server of the domain.  "Seeing" all systems in Network Neighborhood is a function of the Computer Browser Service.'s_the_microsoft_computer_browser_service.htm
    LVL 3

    Expert Comment

    Modify Hosts file and add Domain Computers
    LVL 6

    Expert Comment

    Hi eenderle,
    You can't trust a workgroup from a domain or vice versa because they are unauthenticated and thus implicitly untrusted.

    eg. you need credentials to be able to print to a device configured on a domain, in the same way you need the appropriate rights to access a restricted or locked down share or directory.

    If you are going to roll out a domain implementation, I recommend you implement the single master domain model.. more on this on the second link below.

    with multiple domains, on the other hand, you are able to create trusts .

    how to configure a trust relationship

    the following page briefly describes each type of trust construct for windows domains with pros/cons.

    Hope this helps you!

    LVL 9

    Expert Comment

    I would setup WINS on yor server and see if that meets your needs.
    LVL 8

    Expert Comment


    Well, since you say you do a search for the name to browse the remote computers, im assuming theres not a large volume of computers there. Depending on the amount of computer that need to be accessed, i would use the HOSTS file and add static entries for each of the computers you access... this will require manual entry, but once completed, it can be copied to all other computers on your local network. all local computers will be able to browse remote computer names simply by typing in the computer name. the remote computers will also show up in the network neighborhood.

    if theres a larger volume of computers at the remote location (30 or more), then i would suggest the WINS route.
    LVL 8

    Expert Comment


    *CORRECTION - You want to add the static mapping to the LMHOSTS file, not HOSTS. I believe this LMHOSTS file is located in the windows system directory, by default its called LMHOSTS.SAM, you will need to rename it to just plain ol' "LMHOSTS" with no extension. open the LMHOSTS file with any text editor, examples are included and will contain all the info you need to get started.
    LVL 7

    Expert Comment

    I have just completed a simular setup, whilst migrating to a green field system, first setup your trust relationship, then to setup a secondry DNS zone on easch domain controler and replicate the zones.  this should allow host on both sides of the network to use split DNS


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now