Accessing resources on another AD domain

Hi guys,

I'm new to AD so apologies in advance for my ignorance.

There are 2 domains in my organisation. Let's just call them A and B.

Domain B trusts A ("non transitive", "outgoing").

But Domain A doesn't trust any domain.

I need to have a colleague with basic "User" permissions to access a shared resource on Domain A from Domain B where he resides. I have set him up on Domain A with the same user account he has on Domain B (ie same username and password). However, when I browse Network Connections on his PC in Domain A, "Entire Network" doesn't appear in the "Other Places" section. Therefore I can't even get to the other domain (A) in order to access it.

How can I have my colleague access the resource on Domain A from his PC on Domain B?

I hope I am being clear.

Many thanks in advance for time,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you need to allow domain A to trust Domain B otherwise you will go in circles
StiofanAuthor Commented:
Hi Jay,

I was hoping not to do that for security reasons.

Interestingly, when I log into the PC in question as the domain B administrator, I can browse the Entire Network; when I attempt to then access a resource on Domain A it prompts me for logon credentials. I just want to be able to do the same for my colleague. Is it therefore a permissions issue?

Even more interestingly, there is another user on Domain B who can access resources on Domain A.I think she might be some kind of administrator (or was, until I took over the job - but I never revoked her permissions).

Does this shed any light?
obliv2k3Business and IT Systems EngineerCommented:
have you tryed using UNC to the other domain?

im assuming your talking about using some sort of shared files so why not use UNC ie: \\Servername\Folder1\Folder2 etc.
If your user gets asked for a password then use the new account you created for the user on the other domain.

You can also save these credentials into windows so that when you access the same resource again providing your passwords are correct you can reaccess the files instantly.
Prehaps make this shared resource a mapped drive in My Computer

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

i think the issue lies in your trusts myself,

the pc in question   is that in domain a or b
StiofanAuthor Commented:
The Pc in question is in domain B.

If it's a trusts issue, how come I can access the other domain(A) on the same PC with the admin account (for Domain B)?

As I said forgive my ignorance - I'm only new to AD.
StiofanAuthor Commented:
Hi guys,

I just tried the UNC route.

It worked - but only when I provided the administrator logon credentials for Domain A (the domain whose resources I want to access).

It didn't want to know when I logged on using my colleagues' username and password that I created on Domain A.

Unfortunately, having my colleague log on with admin rights is out of the question. I'm back to square one - any more ideas?!!!

Thanks again.
obliv2k3Business and IT Systems EngineerCommented:
Check the folder permissions of the target directory. IE if your accessing a resource on the local machine for instance c:\download if the permissions are not set for the collegues username to view the data/folder it will not allow them into it.
on the network accessing the remote machine via UNC the same rules apply, the user must have read/write permission to the target share.

Hope that helps you
StiofanAuthor Commented:
Hi guys,

The UNC thing worked fine in the end.

The reason why it didn't work the first time was because I set my UNC path to the secret admin directory with the "$" in the UNC path - hence it could only be accessed by the administrator.

Before I award the points - can anyone tell me why Active Directory allows my colleague to access stuff on Domain A from Domain B (as i've just done by a)creating an identical account on Domain A as he has on Domain B and b) by UNC'ing to it). I'm puzzled because my AD trusts are configured so that Domain A trusts no one (I'm new to Active Directory).

Many thanks.
obliv2k3Business and IT Systems EngineerCommented:
so i understand, Trusts mean that resources, profiles and permisions from domain B can be used on domain A so long as domain A trusts domain B to use those resources.
maybe this resource will help you with any other queries in AD.
StiofanAuthor Commented:
Thanks obliv2k3,

I've awarded you the points.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.