Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 638
  • Last Modified:

Running an application between domains with no trust relationship

We have seperated our environment into two AD domains on two different subnets.  We have the need to temporarily open Domain A to allow Domain B to access to an application running on Domain A.  Access rules are wide open and can access the server by IP address and all of it's resources.  Have put in an entry into the hosts file to resolve the server by name.  Can get the application to run, but with a slight glitch - it prints to a shared printer on Domain A that has print software which charges for pages printed.  The confirmation box that is supposed to popup to give a total of the job and how many pages does not, but job goes into the queue.

Without knowing how the application works does it appear that a trust is needed between domains even though resources are accessible?  Or is it maybe a DNS issue?

How to setup DNS between the two domains?

Thx
0
Webcc
Asked:
Webcc
2 Solutions
 
LearnctxEngineerCommented:
Looking in the security logs should tell you if you're having access issues. If it is DNS, you could to a zone transfer of Domain A's DNS zone to a DNS server in Domain B. If it is access related maybe look at doing a 1 way selective trust to allow the account in Domain B to access the app in Domain A. Seeing as it is temporary, when you're doing just remove the trust.
0
 
Leon FesterCommented:
For the DNS setup, you only need to setup stub zones.
It's a better option than zone transfers.

http://technet.microsoft.com/en-us/library/cc771898.aspx

Regarding the printing issue.
Your application is most likely using client-server architecture, so it is the Server that is calling the printing to that printer.

I'd go back and look at the setup on one of the workstations in Domain A to confirm if that are any special software installed or printer driver configuration required. Without a domain trust you could be missing the security for the 3rd-party app that does the billing, but printing could still work. Go investigate how it works in Domain A and apply the same to Domain B.
0
 
SteveCommented:
some modern printers have bi-directional support and show fancy popups etc. This can complicate the traffic involved, even through the process of sending the actual print job is fairly straight forward.
there are various ways for this to work so we may not be able to guess it unless we have the same software available to test.

best option is probably to run monitoring software on a machine in domain A that works and see what communication is occurring when printing. You can then assess if you want to allow the same traffic to flow in your temporary setup.
0
 
WebccAuthor Commented:
Thank you.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now