Solved

2-Way Copy Between Windows Domains Without Using Trusts

Posted on 2016-09-07
4
25 Views
Last Modified: 2016-09-18
I need to create a 2-way copy for files and folders between two Windows Domains (one 2k8r2 & one 2k12r2). I'd like to avoid setting up a Trust between them in order to keep these two networks isolated from each other (unless I can be convinced otherwise).

What are some options I have to do this?

I should also mention that I'm not implementing this for another week, so I won't be jumping out to try suggestions today - rather I'm focused on the research but will do the surgery by mid-month.

Thanks for your help.
0
Comment
Question by:Tessando
  • 2
4 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41788144
Why not create accounts in both domains with appropriate access to the destinations and have an isolated, workgroup machine acting as a transfer diode node between the two domains?  It would authenticate and map a drive, M: to Domain1 and authenticate and map a drive, P: to Domain2.  It would then run the copy operation through it, but never actually store any of the data on its own storage.

I recommend this over authenticating to Domain2 from a machine in Domain1 or vice versa because then you have complete isolation.

Additionally, the transfer diode node would only have access to the two domains and should specifically be denied access to the Internet except for access to receive OS updates.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41789116
You can access shares in non-trusted domains very easily by using the IP address of the server in the UNC you use to access the share, then enter in the creds that are valid for that server's domain. For instance,

ServerA is in Domain A with an IP of 192.168.1.1
Server B is in Domain B with an IP of 192.168.2.1

If you want to copy files from serverB to serverA, you would log on to ServerA and navigate to \\192.168.2.1\sharename at which point you'll be prompted for credentials. Enter a username and password that has access to the share in Domain B, and you'll have the files available. The same is possible for the reverse. You can do it all from one server by opening the destination folder on ServerA and copying the file that needs to go there from server B, then opening the source folder for the file that needs to go to serverB and copy the file from there.

As long as the two servers are able to communicate directly over the network, this will work without issues.

A trust is only necessary if you want to be able to access shares in Domain A with user accounts from Domain B.

Edit: You can simplify this a little by creating stub zones or conditional forwarders in each domain's DNS for the opposite domain, which would allow you to use host names. Just note that you would have to type out the full host name (serverA.domaina.com, as opposed to just serverA) in the UNC when navigating shares in the opposite domain.
0
 

Accepted Solution

by:
Tessando earned 0 total points
ID: 41794785
I found a decent combination between net use and robocopy that, in theory, make sense.

I know it's old school, but this *might* do the trick. If I keep going with this, do you think a batch file like this might work?

net use \\server1\g$ /user:domain1\user1 [password]
net use \\server2\g$ /user:domain2\user2 [password]
robocopy \\server1\G$\testdir\%3 \\server2\g$\uploads

Open in new window


So far, I'm getting "System error 53 occurred" as in "Network Path Not Found" when it comes to Domain2. Hopefully someone has a useful suggestion for that error. Thanks again for your help!
0
 

Author Closing Comment

by:Tessando
ID: 41803591
To resolve the permissions, I had to make the User on the second Domain a "Domain Admin", otherwise that script that uses Net Use to pass authentication and robocopy do the trick.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now