Solved

Auto Mapping Network Drives Across Different Domains

Posted on 2009-05-06
5
760 Views
Last Modified: 2012-05-06
I need to figure out a way to automatically map a network drive from two separate domains on the same LAN via Active Directory 2003.
Example:  I have an Active Directory user account and this user which is on an XP pro workstation needs to have the drive X automatically mapped to the web server which is not part of our company domain but is a Windows 2003 server.  What should I do to complete this process?

Thanks
0
Comment
Question by:tymccoy
  • 2
  • 2
5 Comments
 

Expert Comment

by:prabir_panda
ID: 24317330
Hi

you need to establish two way transitive trust between the domains before you map the drive using AD policies.

for the purpose the name resolution of both the ADs must be working satisfactorily. you can consider WINS or DNS for the same

 
0
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 24317554
Sorry, prabir_panda, but that's partially overkill and partially incorrect.
A "two way transitive trust" is far from being necessary. All that is required here is a non-transitive, one-way trust in which the "webserver" domain (the "resource" domain) trusts the company domain (the "account" domain); in other words: create an outgoing trust from the "webserver" domain, and an incoming trust in the "company" domain.
The specifics are here, as seen and when running from the "company" domain:
Create a one-way, incoming, external trust for both sides of the trust
http://technet.microsoft.com/en-us/library/cc778696(WS.10).aspx

More general:
Creating External Trusts
http://technet.microsoft.com/en-us/library/cc728307(WS.10).aspx

How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178.aspx

And WINS has absolutely no impact in an AD trust; WINS is only used if an NT4 domain is involved on either side.
What's necessary is that both domains are able to resolve each other's names.
The easiest way to do this is usually through conditional forwarding; open the properties of your DNS server(s) on each domain, go to the Forwarders tab, and add a conditional forward to the respective other domain's DNS servers.
Then create the domain trust as described above.
0
 

Author Comment

by:tymccoy
ID: 24317617
sounds right, but not to sound like an idiot... but do you happen to have any links that gives a good explanation on how this can be done "Preferably with pretty pictures ;-) "
My company has just cut back on IT and I usually only deal with end user software installation, printers, VoIP, and IT purchases. Now the company is having work on stuff that I have not done since college where we only had Windows 2000 and NT.  
0
 

Author Comment

by:tymccoy
ID: 24317777
Thanks oBdA, sounds like I have some work cut out for me...
Hopefully one of these days I can finally sit down and actually go through the active directory training material I have at my desk
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24317801
Don't even start with creating the trust until you can lookup the other domain's name without problems.
Pretty pictures for conditional forwarding are here:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Assuming you have administrative permissions in both domains, the first link above will do it, after you've ensured mutual DNS resolution.
Again: Seen from the "company" domain, what you need is an *incoming* trust, which respectively means that this is an outgoing trust in the "webserver" domain. The webserver domain will trust the company domain.
Lesson 4. Managing Trust Relationships
http://codeidol.com/active-directory/actdir/Installing-and-Managing-Domains,-Trees,-and-Forests/Lesson4.Managing-Trust-Relationships/

Once the trust is established, you'll be able to add groups from the trusted domain either directly to resources in the webserver domain, or to add global groups from the trusted company domain to (domain) local groups in the webserver domain.
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now