Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

Accessing resources on another AD domain

Hi guys,

I'm new to AD so apologies in advance for my ignorance.

There are 2 domains in my organisation. Let's just call them A and B.

Domain B trusts A ("non transitive", "outgoing").

But Domain A doesn't trust any domain.


I need to have a colleague with basic "User" permissions to access a shared resource on Domain A from Domain B where he resides. I have set him up on Domain A with the same user account he has on Domain B (ie same username and password). However, when I browse Network Connections on his PC in Domain A, "Entire Network" doesn't appear in the "Other Places" section. Therefore I can't even get to the other domain (A) in order to access it.

How can I have my colleague access the resource on Domain A from his PC on Domain B?

I hope I am being clear.

Many thanks in advance for time,
Stiofan
0
Stiofan
Asked:
Stiofan
  • 5
  • 3
  • 2
1 Solution
 
Jay_Jay70Commented:
you need to allow domain A to trust Domain B otherwise you will go in circles
0
 
StiofanAuthor Commented:
Hi Jay,

I was hoping not to do that for security reasons.

Interestingly, when I log into the PC in question as the domain B administrator, I can browse the Entire Network; when I attempt to then access a resource on Domain A it prompts me for logon credentials. I just want to be able to do the same for my colleague. Is it therefore a permissions issue?

Even more interestingly, there is another user on Domain B who can access resources on Domain A.I think she might be some kind of administrator (or was, until I took over the job - but I never revoked her permissions).

Does this shed any light?
0
 
obliv2k3Commented:
have you tryed using UNC to the other domain?

im assuming your talking about using some sort of shared files so why not use UNC ie: \\Servername\Folder1\Folder2 etc.
If your user gets asked for a password then use the new account you created for the user on the other domain.

You can also save these credentials into windows so that when you access the same resource again providing your passwords are correct you can reaccess the files instantly.
Prehaps make this shared resource a mapped drive in My Computer
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jay_Jay70Commented:
i think the issue lies in your trusts myself,

the pc in question   is that in domain a or b
0
 
StiofanAuthor Commented:
The Pc in question is in domain B.

If it's a trusts issue, how come I can access the other domain(A) on the same PC with the admin account (for Domain B)?

As I said forgive my ignorance - I'm only new to AD.
0
 
StiofanAuthor Commented:
Hi guys,

I just tried the UNC route.

It worked - but only when I provided the administrator logon credentials for Domain A (the domain whose resources I want to access).

It didn't want to know when I logged on using my colleagues' username and password that I created on Domain A.

Unfortunately, having my colleague log on with admin rights is out of the question. I'm back to square one - any more ideas?!!!

Thanks again.
0
 
obliv2k3Commented:
Check the folder permissions of the target directory. IE if your accessing a resource on the local machine for instance c:\download if the permissions are not set for the collegues username to view the data/folder it will not allow them into it.
on the network accessing the remote machine via UNC the same rules apply, the user must have read/write permission to the target share.

Hope that helps you
0
 
StiofanAuthor Commented:
Hi guys,

The UNC thing worked fine in the end.

The reason why it didn't work the first time was because I set my UNC path to the secret admin directory with the "$" in the UNC path - hence it could only be accessed by the administrator.

Before I award the points - can anyone tell me why Active Directory allows my colleague to access stuff on Domain A from Domain B (as i've just done by a)creating an identical account on Domain A as he has on Domain B and b) by UNC'ing to it). I'm puzzled because my AD trusts are configured so that Domain A trusts no one (I'm new to Active Directory).

Many thanks.
0
 
obliv2k3Commented:
so i understand, Trusts mean that resources, profiles and permisions from domain B can be used on domain A so long as domain A trusts domain B to use those resources.

http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
maybe this resource will help you with any other queries in AD.
0
 
StiofanAuthor Commented:
Thanks obliv2k3,

I've awarded you the points.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now