Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1054
  • Last Modified:

Authenticate as user from one domain to another

Hi All,
Really struggling (on a live system). We have had PCOUNTER and new network printers installed over the last few days on a domain STUDENTS this allows monitoring of print work etc and is working fine. However the people before us created a second domain called BUSINESS that also need access to these printers.

The printers are shared off a server called VIPER (on the STUDENTS domain) which we can connect to from the BUSINESS domain, however when we try and install the printers as a BUSINESS user we get the "Policy controls do not permit, blah blah"

So far the only way we have got it to print is by connecting to VIPER as an admin, then getting the printer installed, the problem is that then the admin account gets billed for the printing, even if we log off and log back in as a user. I have even set the print security to everyone but it still requires authentication.

If I were to run a VBS script at logon to connect the printer, how could I ensure this authentication between the two domains without using generic IDs and preferably without setting up network maps to VIPER on 80 BUSINESS users machines?

Many thanks in advance, proper headscratcher for me atm.
0
Ned Ramsay
Asked:
Ned Ramsay
  • 5
  • 3
1 Solution
 
AmericomCommented:
Have you established the trust between the STUDENTS and BUSINESS domain? Trust is needed when you need to share resources between domains. Unless you are using Internet Printing method which everyone group will allow non domain users to connect to shared network printers.
0
 
Ned RamsayAuthor Commented:
There are no trusts between domains, this is the problem, I have taken over from a complete idiot of an IT manager!
0
 
Ned RamsayAuthor Commented:
Does anyone have a step by step guide to setting up trusts between domains?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
AmericomCommented:
What version of domains are you running? win2k, win2k3, or win2k8?
Here's an example to create a two-way trust(Assuming you can manage both Domain A & B):
DomainA         
Run Active Directory Domains and Trusts->Right Click on the Domain  and select Properties Then click the "Trusts" tab. Then click on New Trust. Provide DNS or NetBIOS name of other domain(DomainB). Here you need an "incoming trusts". If no other specific restriction, do forest trust. When done, you should have DomainB listed on the bottom box of the "Domains that trust this domain(incoming trusts)"

DomainB.
Do the same but the opposite of the above.
0
 
AmericomCommented:
Sorry I have provided you the one-way trust.
Here's the steps for two-way trust:
Scenarios, just an example:
DOMAIN-1--Domain Functional Level and Forest Functional Level is Windows Server 2003
Domain-2--Domain Functional Level is Windows Server 2003 and Forest Functional Level is Windows Server 2003

Note: you can start either on Domain1 or Domain2, the order of creation for the trust doesn't matter.
      
Domain-1         
New Trust-->DNS or NetBIOS name of other domain-->External Trust-->Two-Way-->This Domain only-->Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

Domain-2         
New Trust-->DNS or NetBIOS name of other domain-->Two-Way-->This Domain only--> Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

Note: Domain-Wide authentication above is just an example, you can also do selective authentication. But Domain-wide authentication should be used if you manage both domains.
0
 
AmericomCommented:
More info:
One-way trust--If a one way trust from DomainA trusts-->Domain B. Users in DomainB will be able to access resources(like printer) in DomainA since DomainA is the trusting domain which trusts DomainB, meaning allow DomainB users to access their resources. DomainB then considered the trusted domain as being trusted by DomainA. When Users from DomainA hit "ctrl+Alt+Del" there will be two Domains that they can select to logon from, Which is DomainA and DomainB. This is because when a UserB using a computer that is a member of DomainA, he/she will be able to use the account UserB to logon to DomainB from a computer in DomainA. This computer is considered one type of the resources in addition to web services, file and print services etc.  However, Users in DomainA will not have these available. Like a UserA cannot use a computer which is a member of DomainB to logon to DomainA as the option is not available due to the type of trust, one-way trust from DomainA to DomainB.

Two-Way trust--DomainA trusts DomainB and DomainB also trusts DmainA. This will allow users in both domains to be able to access resources in each other's domain.
0
 
AmericomCommented:
BTW, before you create the turst above, you need to make sure firewall is opened between the two domain.
0
 
Ned RamsayAuthor Commented:
Thanks Americom, ill let you know how I get on.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now