We help IT Professionals succeed at work.

Accessing resources on another AD domain

Stiofan
Stiofan asked
on
Medium Priority
245 Views
Last Modified: 2011-04-14
Hi guys,

I'm new to AD so apologies in advance for my ignorance.

There are 2 domains in my organisation. Let's just call them A and B.

Domain B trusts A ("non transitive", "outgoing").

But Domain A doesn't trust any domain.


I need to have a colleague with basic "User" permissions to access a shared resource on Domain A from Domain B where he resides. I have set him up on Domain A with the same user account he has on Domain B (ie same username and password). However, when I browse Network Connections on his PC in Domain A, "Entire Network" doesn't appear in the "Other Places" section. Therefore I can't even get to the other domain (A) in order to access it.

How can I have my colleague access the resource on Domain A from his PC on Domain B?

I hope I am being clear.

Many thanks in advance for time,
Stiofan
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
you need to allow domain A to trust Domain B otherwise you will go in circles

Author

Commented:
Hi Jay,

I was hoping not to do that for security reasons.

Interestingly, when I log into the PC in question as the domain B administrator, I can browse the Entire Network; when I attempt to then access a resource on Domain A it prompts me for logon credentials. I just want to be able to do the same for my colleague. Is it therefore a permissions issue?

Even more interestingly, there is another user on Domain B who can access resources on Domain A.I think she might be some kind of administrator (or was, until I took over the job - but I never revoked her permissions).

Does this shed any light?
Business and IT Systems Engineer
Commented:
have you tryed using UNC to the other domain?

im assuming your talking about using some sort of shared files so why not use UNC ie: \\Servername\Folder1\Folder2 etc.
If your user gets asked for a password then use the new account you created for the user on the other domain.

You can also save these credentials into windows so that when you access the same resource again providing your passwords are correct you can reaccess the files instantly.
Prehaps make this shared resource a mapped drive in My Computer

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2006

Commented:
i think the issue lies in your trusts myself,

the pc in question   is that in domain a or b

Author

Commented:
The Pc in question is in domain B.

If it's a trusts issue, how come I can access the other domain(A) on the same PC with the admin account (for Domain B)?

As I said forgive my ignorance - I'm only new to AD.

Author

Commented:
Hi guys,

I just tried the UNC route.

It worked - but only when I provided the administrator logon credentials for Domain A (the domain whose resources I want to access).

It didn't want to know when I logged on using my colleagues' username and password that I created on Domain A.

Unfortunately, having my colleague log on with admin rights is out of the question. I'm back to square one - any more ideas?!!!

Thanks again.
obliv2k3Business and IT Systems Engineer

Commented:
Check the folder permissions of the target directory. IE if your accessing a resource on the local machine for instance c:\download if the permissions are not set for the collegues username to view the data/folder it will not allow them into it.
on the network accessing the remote machine via UNC the same rules apply, the user must have read/write permission to the target share.

Hope that helps you

Author

Commented:
Hi guys,

The UNC thing worked fine in the end.

The reason why it didn't work the first time was because I set my UNC path to the secret admin directory with the "$" in the UNC path - hence it could only be accessed by the administrator.

Before I award the points - can anyone tell me why Active Directory allows my colleague to access stuff on Domain A from Domain B (as i've just done by a)creating an identical account on Domain A as he has on Domain B and b) by UNC'ing to it). I'm puzzled because my AD trusts are configured so that Domain A trusts no one (I'm new to Active Directory).

Many thanks.
obliv2k3Business and IT Systems Engineer

Commented:
so i understand, Trusts mean that resources, profiles and permisions from domain B can be used on domain A so long as domain A trusts domain B to use those resources.

http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
maybe this resource will help you with any other queries in AD.

Author

Commented:
Thanks obliv2k3,

I've awarded you the points.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.