Solved

Authenticate as user from one domain to another

Posted on 2009-07-09
8
1,043 Views
Last Modified: 2013-11-25
Hi All,
Really struggling (on a live system). We have had PCOUNTER and new network printers installed over the last few days on a domain STUDENTS this allows monitoring of print work etc and is working fine. However the people before us created a second domain called BUSINESS that also need access to these printers.

The printers are shared off a server called VIPER (on the STUDENTS domain) which we can connect to from the BUSINESS domain, however when we try and install the printers as a BUSINESS user we get the "Policy controls do not permit, blah blah"

So far the only way we have got it to print is by connecting to VIPER as an admin, then getting the printer installed, the problem is that then the admin account gets billed for the printing, even if we log off and log back in as a user. I have even set the print security to everyone but it still requires authentication.

If I were to run a VBS script at logon to connect the printer, how could I ensure this authentication between the two domains without using generic IDs and preferably without setting up network maps to VIPER on 80 BUSINESS users machines?

Many thanks in advance, proper headscratcher for me atm.
0
Comment
Question by:Ned Ramsay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 24814377
Have you established the trust between the STUDENTS and BUSINESS domain? Trust is needed when you need to share resources between domains. Unless you are using Internet Printing method which everyone group will allow non domain users to connect to shared network printers.
0
 
LVL 7

Author Comment

by:Ned Ramsay
ID: 24815098
There are no trusts between domains, this is the problem, I have taken over from a complete idiot of an IT manager!
0
 
LVL 7

Author Comment

by:Ned Ramsay
ID: 24815186
Does anyone have a step by step guide to setting up trusts between domains?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:Americom
ID: 24815641
What version of domains are you running? win2k, win2k3, or win2k8?
Here's an example to create a two-way trust(Assuming you can manage both Domain A & B):
DomainA         
Run Active Directory Domains and Trusts->Right Click on the Domain  and select Properties Then click the "Trusts" tab. Then click on New Trust. Provide DNS or NetBIOS name of other domain(DomainB). Here you need an "incoming trusts". If no other specific restriction, do forest trust. When done, you should have DomainB listed on the bottom box of the "Domains that trust this domain(incoming trusts)"

DomainB.
Do the same but the opposite of the above.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24815705
Sorry I have provided you the one-way trust.
Here's the steps for two-way trust:
Scenarios, just an example:
DOMAIN-1--Domain Functional Level and Forest Functional Level is Windows Server 2003
Domain-2--Domain Functional Level is Windows Server 2003 and Forest Functional Level is Windows Server 2003

Note: you can start either on Domain1 or Domain2, the order of creation for the trust doesn't matter.
      
Domain-1         
New Trust-->DNS or NetBIOS name of other domain-->External Trust-->Two-Way-->This Domain only-->Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

Domain-2         
New Trust-->DNS or NetBIOS name of other domain-->Two-Way-->This Domain only--> Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

Note: Domain-Wide authentication above is just an example, you can also do selective authentication. But Domain-wide authentication should be used if you manage both domains.
0
 
LVL 18

Accepted Solution

by:
Americom earned 500 total points
ID: 24815720
More info:
One-way trust--If a one way trust from DomainA trusts-->Domain B. Users in DomainB will be able to access resources(like printer) in DomainA since DomainA is the trusting domain which trusts DomainB, meaning allow DomainB users to access their resources. DomainB then considered the trusted domain as being trusted by DomainA. When Users from DomainA hit "ctrl+Alt+Del" there will be two Domains that they can select to logon from, Which is DomainA and DomainB. This is because when a UserB using a computer that is a member of DomainA, he/she will be able to use the account UserB to logon to DomainB from a computer in DomainA. This computer is considered one type of the resources in addition to web services, file and print services etc.  However, Users in DomainA will not have these available. Like a UserA cannot use a computer which is a member of DomainB to logon to DomainA as the option is not available due to the type of trust, one-way trust from DomainA to DomainB.

Two-Way trust--DomainA trusts DomainB and DomainB also trusts DmainA. This will allow users in both domains to be able to access resources in each other's domain.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24815732
BTW, before you create the turst above, you need to make sure firewall is opened between the two domain.
0
 
LVL 7

Author Comment

by:Ned Ramsay
ID: 24821291
Thanks Americom, ill let you know how I get on.
0

Featured Post

Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question