Learn how to a build a cloud-first strategyRegister Now


Mapping drives across domains/forests

Posted on 2006-06-02
Medium Priority
Last Modified: 2008-02-26

I am testing a setup I need to use at one of my sites.

I have two forests, one with an outgoing trust to the other. Users from the trusted forest need to be able to login to PC's in the trusting forest and be presented with their normal mapped network drives etc.

In AD Users and Computers I had the user account configured to map the home drive to \\servername\home\username.

Of course this didn't work when a user logged into the other forest because \\servername is not a FQDN and so could not be resolved. I got round this by entering \\servername.domain.com\home\username in the home drive properties and this works OK since the full DNS name of the server is now present.

Is this the "right" way of doing it and normal practice for this kind of scenario, or is there a better way of sorting this out, I've thought of perhaps adding an extra DNS suffix in the client DNS properties but this can't be assigned by DHCP afaik, so how do people work round this?
Question by:richardwhit
  • 2
  • 2
  • 2
LVL 48

Expert Comment

ID: 16815454
Hi richardwhit,

what happens if you load a secondary zone from the DNS server in the remote domain

Author Comment

ID: 16815493
I'm using a stub zone at the moment. I'm not sure that loading a seconday zone would make any difference -  the client is not querying for a name in the other domain unless the correct suffix is specified. I'll give it a go anyway though.
LVL 48

Expert Comment

ID: 16815500
fair call - was just a quick thought
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 16815544

We use a mixture of the two, if there's a great deal of integration between the two networks then Suffixes are added to the clients. If it's only for a user or two then FQDN's are used instead.

> I've thought of perhaps adding an extra DNS suffix in the client DNS properties but this can't be assigned by
> DHCP afaik, so how do people work round this?

Scripts or Group Policy.

Group Policy only works with Windows XP or Windows 2003 Server so scripts are really common. It's set in Computer Configuration, Administrative Templates, Network and DNS Client. The policy is called "DNS Suffix Search List".

If you prefer the scripting approach this bit of VbScript demonstrates how to set the value using WMI:

Const SEARCH_LIST = "domain1.com,domain2.com,domain3.com"
Const REG_HKLM = &H80000002

Set objShell = CreateObject("WScript.Shell")
Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv")

strKeyPath = "System\CurrentControlSet\Services\TCPIP\Parameters"
objRegistry.SetStringValue REG_HKLM, strKeyPath, "SearchList", SEARCH_LIST

objShell.Run "ipconfig /renew", 7, True



Author Comment

ID: 16815558
Excellent answer, thanks for your help!
LVL 71

Expert Comment

by:Chris Dent
ID: 16816982

Pleasure :)


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question