Stiofan
asked on
Accessing resources on another AD domain
Hi guys,
I'm new to AD so apologies in advance for my ignorance.
There are 2 domains in my organisation. Let's just call them A and B.
Domain B trusts A ("non transitive", "outgoing").
But Domain A doesn't trust any domain.
I need to have a colleague with basic "User" permissions to access a shared resource on Domain A from Domain B where he resides. I have set him up on Domain A with the same user account he has on Domain B (ie same username and password). However, when I browse Network Connections on his PC in Domain A, "Entire Network" doesn't appear in the "Other Places" section. Therefore I can't even get to the other domain (A) in order to access it.
How can I have my colleague access the resource on Domain A from his PC on Domain B?
I hope I am being clear.
Many thanks in advance for time,
Stiofan
I'm new to AD so apologies in advance for my ignorance.
There are 2 domains in my organisation. Let's just call them A and B.
Domain B trusts A ("non transitive", "outgoing").
But Domain A doesn't trust any domain.
I need to have a colleague with basic "User" permissions to access a shared resource on Domain A from Domain B where he resides. I have set him up on Domain A with the same user account he has on Domain B (ie same username and password). However, when I browse Network Connections on his PC in Domain A, "Entire Network" doesn't appear in the "Other Places" section. Therefore I can't even get to the other domain (A) in order to access it.
How can I have my colleague access the resource on Domain A from his PC on Domain B?
I hope I am being clear.
Many thanks in advance for time,
Stiofan
Jay_Jay70
you need to allow domain A to trust Domain B otherwise you will go in circles
ASKER
Hi Jay,
I was hoping not to do that for security reasons.
Interestingly, when I log into the PC in question as the domain B administrator, I can browse the Entire Network; when I attempt to then access a resource on Domain A it prompts me for logon credentials. I just want to be able to do the same for my colleague. Is it therefore a permissions issue?
Even more interestingly, there is another user on Domain B who can access resources on Domain A.I think she might be some kind of administrator (or was, until I took over the job - but I never revoked her permissions).
Does this shed any light?
I was hoping not to do that for security reasons.
Interestingly, when I log into the PC in question as the domain B administrator, I can browse the Entire Network; when I attempt to then access a resource on Domain A it prompts me for logon credentials. I just want to be able to do the same for my colleague. Is it therefore a permissions issue?
Even more interestingly, there is another user on Domain B who can access resources on Domain A.I think she might be some kind of administrator (or was, until I took over the job - but I never revoked her permissions).
Does this shed any light?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i think the issue lies in your trusts myself,
the pc in question is that in domain a or b
the pc in question is that in domain a or b
ASKER
The Pc in question is in domain B.
If it's a trusts issue, how come I can access the other domain(A) on the same PC with the admin account (for Domain B)?
As I said forgive my ignorance - I'm only new to AD.
If it's a trusts issue, how come I can access the other domain(A) on the same PC with the admin account (for Domain B)?
As I said forgive my ignorance - I'm only new to AD.
ASKER
Hi guys,
I just tried the UNC route.
It worked - but only when I provided the administrator logon credentials for Domain A (the domain whose resources I want to access).
It didn't want to know when I logged on using my colleagues' username and password that I created on Domain A.
Unfortunately, having my colleague log on with admin rights is out of the question. I'm back to square one - any more ideas?!!!
Thanks again.
I just tried the UNC route.
It worked - but only when I provided the administrator logon credentials for Domain A (the domain whose resources I want to access).
It didn't want to know when I logged on using my colleagues' username and password that I created on Domain A.
Unfortunately, having my colleague log on with admin rights is out of the question. I'm back to square one - any more ideas?!!!
Thanks again.
Check the folder permissions of the target directory. IE if your accessing a resource on the local machine for instance c:\download if the permissions are not set for the collegues username to view the data/folder it will not allow them into it.
on the network accessing the remote machine via UNC the same rules apply, the user must have read/write permission to the target share.
Hope that helps you
on the network accessing the remote machine via UNC the same rules apply, the user must have read/write permission to the target share.
Hope that helps you
ASKER
Hi guys,
The UNC thing worked fine in the end.
The reason why it didn't work the first time was because I set my UNC path to the secret admin directory with the "$" in the UNC path - hence it could only be accessed by the administrator.
Before I award the points - can anyone tell me why Active Directory allows my colleague to access stuff on Domain A from Domain B (as i've just done by a)creating an identical account on Domain A as he has on Domain B and b) by UNC'ing to it). I'm puzzled because my AD trusts are configured so that Domain A trusts no one (I'm new to Active Directory).
Many thanks.
The UNC thing worked fine in the end.
The reason why it didn't work the first time was because I set my UNC path to the secret admin directory with the "$" in the UNC path - hence it could only be accessed by the administrator.
Before I award the points - can anyone tell me why Active Directory allows my colleague to access stuff on Domain A from Domain B (as i've just done by a)creating an identical account on Domain A as he has on Domain B and b) by UNC'ing to it). I'm puzzled because my AD trusts are configured so that Domain A trusts no one (I'm new to Active Directory).
Many thanks.
so i understand, Trusts mean that resources, profiles and permisions from domain B can be used on domain A so long as domain A trusts domain B to use those resources.
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
maybe this resource will help you with any other queries in AD.
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
maybe this resource will help you with any other queries in AD.
ASKER
Thanks obliv2k3,
I've awarded you the points.
I've awarded you the points.