Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't authenticate to trusted domain

Posted on 2011-09-13
5
Medium Priority
?
743 Views
Last Modified: 2012-08-14
I have a forest with two domains - D1 and D2; functional level is 2003.  I built a new domain in a new forest - NewD; functional level is 2008.  I need to be able to authenticate D1 users in NewD.  DNS is set up with secondary zones for the other domain in each domain, and zone transfers are working.  I made a two-way domain trust (NOT a forest trust) between the two domains, and it validated.  My problem:  I can authenticate in D1 with NewD users, but when I go to NewD, the D1 domain does not show up in the list of available domains, so I can't authenticate D1 users in the NewD domain.

Two questions:  can I use stub zones instead of  secondary zones in the DNS?  and do I need to do a two-way FOREST trust for the authentication to work?  Or maybe there is just some setting I am missing in my 2008 DCs that will allow the D1 domain to be seen.  Any help is much appreciated.

Tracy
0
Comment
Question by:laugle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 4

Expert Comment

by:AnthonyHamon
ID: 36531286
Question 1:
Yes, you can use stub zones in DNS rather than secondary zones.

Question 2:
There is no reason to use a forest trust, I would expect the external domain trust that you have configured to work.  Although the D1 domain is not in the domain list when logging onto a workstation in the NewD domain, it may be possible to authenticate a D1 user by specifying the username as <username>@D1, where D1 is the FQDN of the domain (not the NetBIOS name).
0
 

Author Comment

by:laugle
ID: 36531375
Would that work in setting permissions for resources as well?  In both GPO and AD Users & Computers, I need to set permissions for administrators and users, and I haven't been able to because of the issue where the domain will not show up.
0
 

Author Comment

by:laugle
ID: 36531546
I cannot set permissions using groups without NewD active directory being able to see D1.  Without that, I can't log in using my admin account from D1, and I can't administer the domain with my D1 credentials.  Any idea why the AD can't see the D1 domain?
0
 

Accepted Solution

by:
laugle earned 0 total points
ID: 36537826
Found the answer - the 2008 domain was not running WINS.  Domain to domain trusts use WINS, forest trusts use DNS.
0
 

Author Closing Comment

by:laugle
ID: 36558778
This was the way I got it to work - I couldn't use a forest trust because I have other domains that we don't want to involve in this trust.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question