Solved

Running an application between domains with no trust relationship

Posted on 2014-03-07
4
613 Views
Last Modified: 2014-03-14
We have seperated our environment into two AD domains on two different subnets.  We have the need to temporarily open Domain A to allow Domain B to access to an application running on Domain A.  Access rules are wide open and can access the server by IP address and all of it's resources.  Have put in an entry into the hosts file to resolve the server by name.  Can get the application to run, but with a slight glitch - it prints to a shared printer on Domain A that has print software which charges for pages printed.  The confirmation box that is supposed to popup to give a total of the job and how many pages does not, but job goes into the queue.

Without knowing how the application works does it appear that a trust is needed between domains even though resources are accessible?  Or is it maybe a DNS issue?

How to setup DNS between the two domains?

Thx
0
Comment
Question by:Webcc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 17

Expert Comment

by:Learnctx
ID: 39914305
Looking in the security logs should tell you if you're having access issues. If it is DNS, you could to a zone transfer of Domain A's DNS zone to a DNS server in Domain B. If it is access related maybe look at doing a 1 way selective trust to allow the account in Domain B to access the app in Domain A. Seeing as it is temporary, when you're doing just remove the trust.
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 250 total points
ID: 39917560
For the DNS setup, you only need to setup stub zones.
It's a better option than zone transfers.

http://technet.microsoft.com/en-us/library/cc771898.aspx

Regarding the printing issue.
Your application is most likely using client-server architecture, so it is the Server that is calling the printing to that printer.

I'd go back and look at the setup on one of the workstations in Domain A to confirm if that are any special software installed or printer driver configuration required. Without a domain trust you could be missing the security for the 3rd-party app that does the billing, but printing could still work. Go investigate how it works in Domain A and apply the same to Domain B.
0
 
LVL 27

Accepted Solution

by:
Steve earned 250 total points
ID: 39920759
some modern printers have bi-directional support and show fancy popups etc. This can complicate the traffic involved, even through the process of sending the actual print job is fairly straight forward.
there are various ways for this to work so we may not be able to guess it unless we have the same software available to test.

best option is probably to run monitoring software on a machine in domain A that works and see what communication is occurring when printing. You can then assess if you want to allow the same traffic to flow in your temporary setup.
0
 

Author Closing Comment

by:Webcc
ID: 39929827
Thank you.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question