[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Auto Mapping Network Drives Across Different Domains

Posted on 2009-05-06
5
Medium Priority
?
800 Views
Last Modified: 2012-05-06
I need to figure out a way to automatically map a network drive from two separate domains on the same LAN via Active Directory 2003.
Example:  I have an Active Directory user account and this user which is on an XP pro workstation needs to have the drive X automatically mapped to the web server which is not part of our company domain but is a Windows 2003 server.  What should I do to complete this process?

Thanks
0
Comment
Question by:tymccoy
  • 2
  • 2
5 Comments
 

Expert Comment

by:prabir_panda
ID: 24317330
Hi

you need to establish two way transitive trust between the domains before you map the drive using AD policies.

for the purpose the name resolution of both the ADs must be working satisfactorily. you can consider WINS or DNS for the same

 
0
 
LVL 86

Accepted Solution

by:
oBdA earned 1000 total points
ID: 24317554
Sorry, prabir_panda, but that's partially overkill and partially incorrect.
A "two way transitive trust" is far from being necessary. All that is required here is a non-transitive, one-way trust in which the "webserver" domain (the "resource" domain) trusts the company domain (the "account" domain); in other words: create an outgoing trust from the "webserver" domain, and an incoming trust in the "company" domain.
The specifics are here, as seen and when running from the "company" domain:
Create a one-way, incoming, external trust for both sides of the trust
http://technet.microsoft.com/en-us/library/cc778696(WS.10).aspx

More general:
Creating External Trusts
http://technet.microsoft.com/en-us/library/cc728307(WS.10).aspx

How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178.aspx

And WINS has absolutely no impact in an AD trust; WINS is only used if an NT4 domain is involved on either side.
What's necessary is that both domains are able to resolve each other's names.
The easiest way to do this is usually through conditional forwarding; open the properties of your DNS server(s) on each domain, go to the Forwarders tab, and add a conditional forward to the respective other domain's DNS servers.
Then create the domain trust as described above.
0
 

Author Comment

by:tymccoy
ID: 24317617
sounds right, but not to sound like an idiot... but do you happen to have any links that gives a good explanation on how this can be done "Preferably with pretty pictures ;-) "
My company has just cut back on IT and I usually only deal with end user software installation, printers, VoIP, and IT purchases. Now the company is having work on stuff that I have not done since college where we only had Windows 2000 and NT.  
0
 

Author Comment

by:tymccoy
ID: 24317777
Thanks oBdA, sounds like I have some work cut out for me...
Hopefully one of these days I can finally sit down and actually go through the active directory training material I have at my desk
0
 
LVL 86

Expert Comment

by:oBdA
ID: 24317801
Don't even start with creating the trust until you can lookup the other domain's name without problems.
Pretty pictures for conditional forwarding are here:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Assuming you have administrative permissions in both domains, the first link above will do it, after you've ensured mutual DNS resolution.
Again: Seen from the "company" domain, what you need is an *incoming* trust, which respectively means that this is an outgoing trust in the "webserver" domain. The webserver domain will trust the company domain.
Lesson 4. Managing Trust Relationships
http://codeidol.com/active-directory/actdir/Installing-and-Managing-Domains,-Trees,-and-Forests/Lesson4.Managing-Trust-Relationships/

Once the trust is established, you'll be able to add groups from the trusted domain either directly to resources in the webserver domain, or to add global groups from the trusted company domain to (domain) local groups in the webserver domain.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question