Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to create a domain relationship for 2 different domains

Posted on 2010-01-11
8
Medium Priority
?
261 Views
Last Modified: 2012-05-08
Hello,
our company has 2 different sites and each site has a different doamin.
Both sites are connected via VPN, so I can reach the servers and workstations from the other site.

But now user A from site A travels to site B. But user A needs to be connected to the DC of site A.
And of course visa verse for the user B at site A.

How can I solve this issue ?
0
Comment
Question by:Eprs_Admin
8 Comments
 
LVL 7

Accepted Solution

by:
himvy earned 2000 total points
ID: 26286771
0
 
LVL 5

Expert Comment

by:ZJORZ
ID: 26286980
different AD domains in the same AD forest or different AD forests?
 
if the first then DNS should already be setup and you could enhance authentication performanace by placing a local DC.
 
if the latter, then make sure, DNS is setup in a way so that the user's computer can find DCs for its own AD domain. If you want the user to be able to logon to a computer in AD domain B using the user account from AD domain A, then you need to setup a trust. Depending on the access directions, you need to configure a one-way or two-way trust
0
 
LVL 18

Expert Comment

by:Americom
ID: 26287282
Depending on your existing enviornment and what security restrictions are you looking at which will determine the type of trust(external or forest trust) recommended
But to share resource between two separate domains will first required trust.
If users between domains do not share PC, they do not have to logon to each other's machine.
If you have a lot of open shares configured on your file or apps server that you do not want any user from any domain to have access once trust is created, then you need to either configured external trust or close all your open shares first. Open shares meaning configiured to allow access for the everyone group or authenticated group.  
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:Americom
ID: 26287374
Correction, the reason for external is because of security concern by default. What was mention regarding open shares was a different between selective authentication rather than external trust as the authentication method is availablein either external or forest trust
0
 
LVL 7

Expert Comment

by:ARK-DS
ID: 26288820
Hi,

As all others have said, you need a trust between the domains. A trust is nothing but a medium through which a user from another domain can authenticated in another domain. This happend with the help of TDO objects.
Please refer this to understand trusts and to know how to create them:
http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

Regards,

Arun
0
 

Author Comment

by:Eprs_Admin
ID: 26290923
Hello,

these both domains are completly seperatly installed with its own ADS.
So I think I have 2 different forests , correct ?
0
 
LVL 18

Expert Comment

by:Americom
ID: 26293191
Correct and in general the domain name has nothing to do with each other.
You can also verify if any trust is setup between these two domain by simply running the "Active Directory Domains and Trusts" and right click on the domain name and select properties then click on the tab Trust. Verify on both domains and see if any trust is created. This is where you also setup the trust.
So, if you don't find any trust configuration from either domain then there's your answer, you need to create trust before resources can be shared between the two domains.
0
 

Author Comment

by:Eprs_Admin
ID: 26294785
Hi, I did it now. Thanks for the help.
I used the DNS instruction and the trust instaruction
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question