Improve company productivity with a Business Account.Sign Up

x
?
Solved

Auto Mapping Network Drives Across Different Domains

Posted on 2009-05-06
5
Medium Priority
?
803 Views
Last Modified: 2012-05-06
I need to figure out a way to automatically map a network drive from two separate domains on the same LAN via Active Directory 2003.
Example:  I have an Active Directory user account and this user which is on an XP pro workstation needs to have the drive X automatically mapped to the web server which is not part of our company domain but is a Windows 2003 server.  What should I do to complete this process?

Thanks
0
Comment
Question by:tymccoy
  • 2
  • 2
5 Comments
 

Expert Comment

by:prabir_panda
ID: 24317330
Hi

you need to establish two way transitive trust between the domains before you map the drive using AD policies.

for the purpose the name resolution of both the ADs must be working satisfactorily. you can consider WINS or DNS for the same

 
0
 
LVL 86

Accepted Solution

by:
oBdA earned 1000 total points
ID: 24317554
Sorry, prabir_panda, but that's partially overkill and partially incorrect.
A "two way transitive trust" is far from being necessary. All that is required here is a non-transitive, one-way trust in which the "webserver" domain (the "resource" domain) trusts the company domain (the "account" domain); in other words: create an outgoing trust from the "webserver" domain, and an incoming trust in the "company" domain.
The specifics are here, as seen and when running from the "company" domain:
Create a one-way, incoming, external trust for both sides of the trust
http://technet.microsoft.com/en-us/library/cc778696(WS.10).aspx

More general:
Creating External Trusts
http://technet.microsoft.com/en-us/library/cc728307(WS.10).aspx

How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178.aspx

And WINS has absolutely no impact in an AD trust; WINS is only used if an NT4 domain is involved on either side.
What's necessary is that both domains are able to resolve each other's names.
The easiest way to do this is usually through conditional forwarding; open the properties of your DNS server(s) on each domain, go to the Forwarders tab, and add a conditional forward to the respective other domain's DNS servers.
Then create the domain trust as described above.
0
 

Author Comment

by:tymccoy
ID: 24317617
sounds right, but not to sound like an idiot... but do you happen to have any links that gives a good explanation on how this can be done "Preferably with pretty pictures ;-) "
My company has just cut back on IT and I usually only deal with end user software installation, printers, VoIP, and IT purchases. Now the company is having work on stuff that I have not done since college where we only had Windows 2000 and NT.  
0
 

Author Comment

by:tymccoy
ID: 24317777
Thanks oBdA, sounds like I have some work cut out for me...
Hopefully one of these days I can finally sit down and actually go through the active directory training material I have at my desk
0
 
LVL 86

Expert Comment

by:oBdA
ID: 24317801
Don't even start with creating the trust until you can lookup the other domain's name without problems.
Pretty pictures for conditional forwarding are here:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Assuming you have administrative permissions in both domains, the first link above will do it, after you've ensured mutual DNS resolution.
Again: Seen from the "company" domain, what you need is an *incoming* trust, which respectively means that this is an outgoing trust in the "webserver" domain. The webserver domain will trust the company domain.
Lesson 4. Managing Trust Relationships
http://codeidol.com/active-directory/actdir/Installing-and-Managing-Domains,-Trees,-and-Forests/Lesson4.Managing-Trust-Relationships/

Once the trust is established, you'll be able to add groups from the trusted domain either directly to resources in the webserver domain, or to add global groups from the trusted company domain to (domain) local groups in the webserver domain.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question