Solved

AD Trusts

Posted on 2009-04-01
8
248 Views
Last Modified: 2012-05-06
Hey

I have got 2 root domains setup and configured with a forest wide trust. I can ping from each side, Map network drives and assign permissions to users in the other domain, however, I can view the other domain in my network places.

Any ideas please?
0
Comment
Question by:bostonste
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24038225

Do you mean you cannot view the other domain in my network places?

If you do...

Tell us about your WINS configuration? And your how you have your Master Browsers set? I take it each forest is on a separate IP subnet / Broadcast Domain?

Chris
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24038274
Browsing using My Network Places uses NetBIOS, which will in turn rely on WINS if you using multiple subnets.
In order to browse My Network Places across subnets you would need to have a WINS topolgy set up. In order to browse across domains, you would need two WINS servers replicating between each other.
The fact that you can ping and assign permissions across the trust proves that DNS isn't the issue.
http://technet.microsoft.com/en-us/library/cc786754.aspx 
0
 

Author Comment

by:bostonste
ID: 24039074
Hey there,

Im on a test lab here and the domains are on a single subnet! I have got netbios over tcp/ip enabled on both ends.

Cheers
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039131

Check which system is acting as the Master Browser for the subnet, that's the one that supposed to be building a list and providing it to clients for My Network Places.

You'll need / want BrowStat, it installs as part of the Support Tools.

It is the responsibility of each system in the network to announce itself to the Master Browser, which builds the list and gives it to clients on request. That means that the Computer Browser service must be started on all clients, the Firewall, if any, must allow the announcement, and the server must be listening.

You may find there are problems if they fight over who should be master browser, so you might have to statically set one as Browser, and one not to be using the registery keys documented here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=f08d28f3-b835-4847-b810-bb6539362473&DisplayLang=en#overview

Chris
0
 

Author Comment

by:bostonste
ID: 24039404
Hi Chris

Thanks for the replys. I have got two DC's that have the PDC on them and active, so it must be that they are fighting over the role. I guess the fact that im doing my testing on a single subnet is why im having trouble.

Is it safe to disable it on one of them in the registry? and if so do u know which key 2 edit? I really wonna get this working because im playing with ADMT at the min.

Cheers
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24039486

Yep, it's safe. None of this will touch AD at all, this is all old Windows NT level :)

Sorry, I'd put the wrong link in there. Here's the correct one. If present, delete the IsDomainMaster registry value as described below:

http://technet.microsoft.com/en-gb/library/cc959923.aspx

You should end up with just one Master Browser for the subnet, and hopefully it'll start to build an accurate list.

Chris
0
 

Author Comment

by:bostonste
ID: 24039508
That has worked a treat pal.. Thankyou very much for the help..

Lee
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24039509
Yoou change the key on the WINS server you want to become the master:
HKLM\System\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster
Set this value to TRUE. This will mean this server always wins the election. Restart the browser service after making the change and it should win the election.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question