Solved

Auto Mapping Network Drives Across Different Domains

Posted on 2009-05-06
5
775 Views
Last Modified: 2012-05-06
I need to figure out a way to automatically map a network drive from two separate domains on the same LAN via Active Directory 2003.
Example:  I have an Active Directory user account and this user which is on an XP pro workstation needs to have the drive X automatically mapped to the web server which is not part of our company domain but is a Windows 2003 server.  What should I do to complete this process?

Thanks
0
Comment
Question by:tymccoy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Expert Comment

by:prabir_panda
ID: 24317330
Hi

you need to establish two way transitive trust between the domains before you map the drive using AD policies.

for the purpose the name resolution of both the ADs must be working satisfactorily. you can consider WINS or DNS for the same

 
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 24317554
Sorry, prabir_panda, but that's partially overkill and partially incorrect.
A "two way transitive trust" is far from being necessary. All that is required here is a non-transitive, one-way trust in which the "webserver" domain (the "resource" domain) trusts the company domain (the "account" domain); in other words: create an outgoing trust from the "webserver" domain, and an incoming trust in the "company" domain.
The specifics are here, as seen and when running from the "company" domain:
Create a one-way, incoming, external trust for both sides of the trust
http://technet.microsoft.com/en-us/library/cc778696(WS.10).aspx

More general:
Creating External Trusts
http://technet.microsoft.com/en-us/library/cc728307(WS.10).aspx

How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178.aspx

And WINS has absolutely no impact in an AD trust; WINS is only used if an NT4 domain is involved on either side.
What's necessary is that both domains are able to resolve each other's names.
The easiest way to do this is usually through conditional forwarding; open the properties of your DNS server(s) on each domain, go to the Forwarders tab, and add a conditional forward to the respective other domain's DNS servers.
Then create the domain trust as described above.
0
 

Author Comment

by:tymccoy
ID: 24317617
sounds right, but not to sound like an idiot... but do you happen to have any links that gives a good explanation on how this can be done "Preferably with pretty pictures ;-) "
My company has just cut back on IT and I usually only deal with end user software installation, printers, VoIP, and IT purchases. Now the company is having work on stuff that I have not done since college where we only had Windows 2000 and NT.  
0
 

Author Comment

by:tymccoy
ID: 24317777
Thanks oBdA, sounds like I have some work cut out for me...
Hopefully one of these days I can finally sit down and actually go through the active directory training material I have at my desk
0
 
LVL 84

Expert Comment

by:oBdA
ID: 24317801
Don't even start with creating the trust until you can lookup the other domain's name without problems.
Pretty pictures for conditional forwarding are here:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Assuming you have administrative permissions in both domains, the first link above will do it, after you've ensured mutual DNS resolution.
Again: Seen from the "company" domain, what you need is an *incoming* trust, which respectively means that this is an outgoing trust in the "webserver" domain. The webserver domain will trust the company domain.
Lesson 4. Managing Trust Relationships
http://codeidol.com/active-directory/actdir/Installing-and-Managing-Domains,-Trees,-and-Forests/Lesson4.Managing-Trust-Relationships/

Once the trust is established, you'll be able to add groups from the trusted domain either directly to resources in the webserver domain, or to add global groups from the trusted company domain to (domain) local groups in the webserver domain.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
LDAP Setup 6 65
change password for AD retention policy and Citrix 2 87
PowerShell:  foreach where object notmatch? 17 83
Active Directory permissions 5 45
In-place Upgrading Dirsync to Azure AD Connect
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question