2-Way Copy Between Windows Domains Without Using Trusts
I need to create a 2-way copy for files and folders between two Windows Domains (one 2k8r2 & one 2k12r2). I'd like to avoid setting up a Trust between them in order to keep these two networks isolated from each other (unless I can be convinced otherwise).
What are some options I have to do this?
I should also mention that I'm not implementing this for another week, so I won't be jumping out to try suggestions today - rather I'm focused on the research but will do the surgery by mid-month.
Thanks for your help.
What are some options I have to do this?
I should also mention that I'm not implementing this for another week, so I won't be jumping out to try suggestions today - rather I'm focused on the research but will do the surgery by mid-month.
Thanks for your help.
You can access shares in non-trusted domains very easily by using the IP address of the server in the UNC you use to access the share, then enter in the creds that are valid for that server's domain. For instance,
ServerA is in Domain A with an IP of 192.168.1.1
Server B is in Domain B with an IP of 192.168.2.1
If you want to copy files from serverB to serverA, you would log on to ServerA and navigate to \\192.168.2.1\sharename at which point you'll be prompted for credentials. Enter a username and password that has access to the share in Domain B, and you'll have the files available. The same is possible for the reverse. You can do it all from one server by opening the destination folder on ServerA and copying the file that needs to go there from server B, then opening the source folder for the file that needs to go to serverB and copy the file from there.
As long as the two servers are able to communicate directly over the network, this will work without issues.
A trust is only necessary if you want to be able to access shares in Domain A with user accounts from Domain B.
Edit: You can simplify this a little by creating stub zones or conditional forwarders in each domain's DNS for the opposite domain, which would allow you to use host names. Just note that you would have to type out the full host name (serverA.domaina.com, as opposed to just serverA) in the UNC when navigating shares in the opposite domain.
ServerA is in Domain A with an IP of 192.168.1.1
Server B is in Domain B with an IP of 192.168.2.1
If you want to copy files from serverB to serverA, you would log on to ServerA and navigate to \\192.168.2.1\sharename at which point you'll be prompted for credentials. Enter a username and password that has access to the share in Domain B, and you'll have the files available. The same is possible for the reverse. You can do it all from one server by opening the destination folder on ServerA and copying the file that needs to go there from server B, then opening the source folder for the file that needs to go to serverB and copy the file from there.
As long as the two servers are able to communicate directly over the network, this will work without issues.
A trust is only necessary if you want to be able to access shares in Domain A with user accounts from Domain B.
Edit: You can simplify this a little by creating stub zones or conditional forwarders in each domain's DNS for the opposite domain, which would allow you to use host names. Just note that you would have to type out the full host name (serverA.domaina.com, as opposed to just serverA) in the UNC when navigating shares in the opposite domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To resolve the permissions, I had to make the User on the second Domain a "Domain Admin", otherwise that script that uses Net Use to pass authentication and robocopy do the trick.
I recommend this over authenticating to Domain2 from a machine in Domain1 or vice versa because then you have complete isolation.
Additionally, the transfer diode node would only have access to the two domains and should specifically be denied access to the Internet except for access to receive OS updates.