Solved

AD Trusts

Posted on 2009-04-01
8
245 Views
Last Modified: 2012-05-06
Hey

I have got 2 root domains setup and configured with a forest wide trust. I can ping from each side, Map network drives and assign permissions to users in the other domain, however, I can view the other domain in my network places.

Any ideas please?
0
Comment
Question by:bostonste
  • 3
  • 3
  • 2
8 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24038225

Do you mean you cannot view the other domain in my network places?

If you do...

Tell us about your WINS configuration? And your how you have your Master Browsers set? I take it each forest is on a separate IP subnet / Broadcast Domain?

Chris
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24038274
Browsing using My Network Places uses NetBIOS, which will in turn rely on WINS if you using multiple subnets.
In order to browse My Network Places across subnets you would need to have a WINS topolgy set up. In order to browse across domains, you would need two WINS servers replicating between each other.
The fact that you can ping and assign permissions across the trust proves that DNS isn't the issue.
http://technet.microsoft.com/en-us/library/cc786754.aspx
0
 

Author Comment

by:bostonste
ID: 24039074
Hey there,

Im on a test lab here and the domains are on a single subnet! I have got netbios over tcp/ip enabled on both ends.

Cheers
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24039131

Check which system is acting as the Master Browser for the subnet, that's the one that supposed to be building a list and providing it to clients for My Network Places.

You'll need / want BrowStat, it installs as part of the Support Tools.

It is the responsibility of each system in the network to announce itself to the Master Browser, which builds the list and gives it to clients on request. That means that the Computer Browser service must be started on all clients, the Firewall, if any, must allow the announcement, and the server must be listening.

You may find there are problems if they fight over who should be master browser, so you might have to statically set one as Browser, and one not to be using the registery keys documented here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=f08d28f3-b835-4847-b810-bb6539362473&DisplayLang=en#overview

Chris
0
 

Author Comment

by:bostonste
ID: 24039404
Hi Chris

Thanks for the replys. I have got two DC's that have the PDC on them and active, so it must be that they are fighting over the role. I guess the fact that im doing my testing on a single subnet is why im having trouble.

Is it safe to disable it on one of them in the registry? and if so do u know which key 2 edit? I really wonna get this working because im playing with ADMT at the min.

Cheers
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24039486

Yep, it's safe. None of this will touch AD at all, this is all old Windows NT level :)

Sorry, I'd put the wrong link in there. Here's the correct one. If present, delete the IsDomainMaster registry value as described below:

http://technet.microsoft.com/en-gb/library/cc959923.aspx

You should end up with just one Master Browser for the subnet, and hopefully it'll start to build an accurate list.

Chris
0
 

Author Comment

by:bostonste
ID: 24039508
That has worked a treat pal.. Thankyou very much for the help..

Lee
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24039509
Yoou change the key on the WINS server you want to become the master:
HKLM\System\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster
Set this value to TRUE. This will mean this server always wins the election. Restart the browser service after making the change and it should win the election.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now