Solved

AD Trusts

Posted on 2009-04-01
8
250 Views
Last Modified: 2012-05-06
Hey

I have got 2 root domains setup and configured with a forest wide trust. I can ping from each side, Map network drives and assign permissions to users in the other domain, however, I can view the other domain in my network places.

Any ideas please?
0
Comment
Question by:bostonste
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24038225

Do you mean you cannot view the other domain in my network places?

If you do...

Tell us about your WINS configuration? And your how you have your Master Browsers set? I take it each forest is on a separate IP subnet / Broadcast Domain?

Chris
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24038274
Browsing using My Network Places uses NetBIOS, which will in turn rely on WINS if you using multiple subnets.
In order to browse My Network Places across subnets you would need to have a WINS topolgy set up. In order to browse across domains, you would need two WINS servers replicating between each other.
The fact that you can ping and assign permissions across the trust proves that DNS isn't the issue.
http://technet.microsoft.com/en-us/library/cc786754.aspx 
0
 

Author Comment

by:bostonste
ID: 24039074
Hey there,

Im on a test lab here and the domains are on a single subnet! I have got netbios over tcp/ip enabled on both ends.

Cheers
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039131

Check which system is acting as the Master Browser for the subnet, that's the one that supposed to be building a list and providing it to clients for My Network Places.

You'll need / want BrowStat, it installs as part of the Support Tools.

It is the responsibility of each system in the network to announce itself to the Master Browser, which builds the list and gives it to clients on request. That means that the Computer Browser service must be started on all clients, the Firewall, if any, must allow the announcement, and the server must be listening.

You may find there are problems if they fight over who should be master browser, so you might have to statically set one as Browser, and one not to be using the registery keys documented here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=f08d28f3-b835-4847-b810-bb6539362473&DisplayLang=en#overview

Chris
0
 

Author Comment

by:bostonste
ID: 24039404
Hi Chris

Thanks for the replys. I have got two DC's that have the PDC on them and active, so it must be that they are fighting over the role. I guess the fact that im doing my testing on a single subnet is why im having trouble.

Is it safe to disable it on one of them in the registry? and if so do u know which key 2 edit? I really wonna get this working because im playing with ADMT at the min.

Cheers
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24039486

Yep, it's safe. None of this will touch AD at all, this is all old Windows NT level :)

Sorry, I'd put the wrong link in there. Here's the correct one. If present, delete the IsDomainMaster registry value as described below:

http://technet.microsoft.com/en-gb/library/cc959923.aspx

You should end up with just one Master Browser for the subnet, and hopefully it'll start to build an accurate list.

Chris
0
 

Author Comment

by:bostonste
ID: 24039508
That has worked a treat pal.. Thankyou very much for the help..

Lee
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24039509
Yoou change the key on the WINS server you want to become the master:
HKLM\System\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster
Set this value to TRUE. This will mean this server always wins the election. Restart the browser service after making the change and it should win the election.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question