Solved

Logon script does not run on a trusted domain

Posted on 2008-10-28
11
2,098 Views
Last Modified: 2012-06-27
I have two windows 2003 domains in two forests connected via a firewall.  I have established a two way trust between the two domain.  I a able to logon to either domain from either side and I am able to connect to shares on either side.  But when I logon as a user from domain A on a computer in Domain B, (I am able to log on fine and connect to the mailserver in DomainB) my logon script does not run.  Is there anything I am missing?  How do I get my script to Run?

I have all traffic allowed between the two domains except for DHCP traffic.

Thanks for all the Help.

Bilal
0
Comment
Question by:bilalaha
  • 6
  • 5
11 Comments
 
LVL 14

Expert Comment

by:plug1
ID: 22830272
HAs the logon script been replicated to domainB? I would check in %systemroot%\SYSVOL\Domains\Scripts on the DC in domain B, if the scripts not there then it wont run, TBH I dont think it will replicate either, you may have to manually add the scripts.
0
 
LVL 2

Author Comment

by:bilalaha
ID: 22834925
No.  The logon script was not replicated to domain B.  SHouldn't it run across the domains from domain A?  The account does not exist in domain B, so you can not add a script to an account.  Is there an option I should be setting?  
0
 
LVL 14

Expert Comment

by:plug1
ID: 22836863
No, it wont work like this, you need to retink your domain setup mate. Give me a shout or reply here if you need a hand.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 2

Author Comment

by:bilalaha
ID: 22840203
How do I relink my domain setup?
0
 
LVL 14

Expert Comment

by:plug1
ID: 22840310
On a re think Id say your fine tbh, you just need to create the script in domain b as well. Once its there you should be fine. I dont think trusting somains should automatically replicate scripts as I can see it would cause issues.

Just manually create the script and you'll be fine.
0
 
LVL 2

Author Comment

by:bilalaha
ID: 22840742
I am not sure I am following you here!!!!

Here how it is:
I have domain A and Domain B.  There is trust between the two domains, so user from Domain A can log on Domain A when connected to domain B. The account resides in domain A and not Domain B.  When the user log on to Domain A from Domain B, his/ger logon script in Domain A does not run!!!

I can not modify anything on the account or recreate a script for the account in Domain B, since the account exists in Domain A and not in Domain B.
0
 
LVL 14

Expert Comment

by:plug1
ID: 22840778
Sorry, didnt explain myself properly, all you wan to do is on the DC on Domain A copy the contents of \\server\c$\windows\SYSVOL\domain\scripts over to any DC on domain B to the same location. That way the file the account is looking for will be in the place that the account is looking for it.
0
 
LVL 2

Author Comment

by:bilalaha
ID: 22889227
This does not work.  When you logon to domain B in Domain A, it is looking for a logon script in Domain A and not B.  I tried to copy the directory where the scripts are in Domain A to Domain B., but still does not use them.  I would think it needs to lookup the script across the router and that is not happening.

Any other thoughts on this?
0
 
LVL 14

Accepted Solution

by:
plug1 earned 500 total points
ID: 22889674
Its not a problem with it crossing the router I can guarantee that. If there was a problem there then there would be no logon at all. The only other thing would be the permissions on SYSVOL on domain A, domain B needs access to it, can you open sysvol on any DC in domain A from domain B
0
 
LVL 2

Author Comment

by:bilalaha
ID: 22897300
Ok.  Got it.  Added users from Domain A to Users in Domain B and Vise Versa and no logon scrips work from either domain.

Thanks.
0
 
LVL 14

Expert Comment

by:plug1
ID: 22897319
Good stuff, we got there in the end.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question