Jump to content

A simple one...?

Guest Jake

By Guest Jake
in Windows 2003 Server

 Share

Recommended Posts

Guest Jake

Guest Jake

Posted
Posted

Hi,

 

We have two domains, DomainA.local and DomainB.local on different

w2003r2 domain controllers and separated subnets.

 

When I take a workstation which is a member of DomainA.local and connect

it to DomainB.local and try to login with a_valid_username@DomainB.local

it complains that the domain (DomainB.local) is not available.

 

It thought that a computer account would be created the first time this

workstation logs in to DomainB.local and its user should get access

according to the DomainB.local user account used.

 

What am I missing in this scenario?

 

jake

  • Replies 9
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Danny Sanders

Guest Danny Sanders

Posted
Posted

Re: A simple one...?

 

First a computer can not be a member of 2 domains. You would have remove it

from the domain it's in by adding it to a workgroup, then add it to the new

domain.

> it complains that the domain (DomainB.local) is not available.

 

This is usually a symptom that the computer is not pointed to the DNS server

for the domain you are trying to join it to.

 

hth

DDS

 

"Jake" <jake44@gmail.com> wrote in message

news:ujPNeC9OIHA.4136@TK2MSFTNGP03.phx.gbl...

> Hi,

>

> We have two domains, DomainA.local and DomainB.local on different w2003r2

> domain controllers and separated subnets.

>

> When I take a workstation which is a member of DomainA.local and connect

> it to DomainB.local and try to login with a_valid_username@DomainB.local

> it complains that the domain (DomainB.local) is not available.

>

> It thought that a computer account would be created the first time this

> workstation logs in to DomainB.local and its user should get access

> according to the DomainB.local user account used.

>

> What am I missing in this scenario?

>

> jake

Guest Jake

Guest Jake

Posted
Posted

Re: A simple one...?

 

Danny Sanders wrote:

> First a computer can not be a member of 2 domains. You would have remove it

> from the domain it's in by adding it to a workgroup, then add it to the new

> domain.

 

So it is impossible to temporarily log on to DomainB (if the user has an

account there) if the workstation is actually a member of DomainA?

 

rgds jake

Guest Danny Sanders

Guest Danny Sanders

Posted
Posted

Re: A simple one...?

 

> So it is impossible to temporarily log on to DomainB (if the user has an

> account there) if the workstation is actually a member of DomainA?

 

Usually if a user in one domain needs resources in another domain a trust is

setup between the two domains. Example: a user logs onto a computer in

domain A, there is a trust between domain A and domain B. Because of the

trust the user can access the resources in domain B. But at no time does the

user have to log onto domain B.

 

hth

DDS

 

"Jake" <jake56@gmail.com> wrote in message

news:e2tRHfDPIHA.4808@TK2MSFTNGP05.phx.gbl...

> Danny Sanders wrote:

>> First a computer can not be a member of 2 domains. You would have remove

>> it from the domain it's in by adding it to a workgroup, then add it to

>> the new domain.

>

> So it is impossible to temporarily log on to DomainB (if the user has an

> account there) if the workstation is actually a member of DomainA?

>

> rgds jake

Guest Jake

Guest Jake

Posted
Posted

Re: A simple one...?

 

Danny Sanders wrote:

>> So it is impossible to temporarily log on to DomainB (if the user has an

>> account there) if the workstation is actually a member of DomainA?

>

> Usually if a user in one domain needs resources in another domain a trust is

> setup between the two domains. Example: a user logs onto a computer in

> domain A, there is a trust between domain A and domain B. Because of the

> trust the user can access the resources in domain B. But at no time does the

> user have to log onto domain B.

>

 

OK.

 

Does this also apply when the domains are on physically separate

subnets? This is my case....

 

Two separate nets, each with their own DCs.

 

Thanks again for comments

 

jake

Guest Danny Sanders

Guest Danny Sanders

Posted
Posted

Re: A simple one...?

 

Yes

 

 

hth

DDS

 

"Jake" <jake056@gmail.com> wrote in message

news:eXtJ5yIPIHA.1204@TK2MSFTNGP03.phx.gbl...

> Danny Sanders wrote:

>>> So it is impossible to temporarily log on to DomainB (if the user has an

>>> account there) if the workstation is actually a member of DomainA?

>>

>> Usually if a user in one domain needs resources in another domain a trust

>> is setup between the two domains. Example: a user logs onto a computer in

>> domain A, there is a trust between domain A and domain B. Because of the

>> trust the user can access the resources in domain B. But at no time does

>> the user have to log onto domain B.

>>

>

> OK.

>

> Does this also apply when the domains are on physically separate subnets?

> This is my case....

>

> Two separate nets, each with their own DCs.

>

> Thanks again for comments

>

> jake

Guest Jake

Guest Jake

Posted
Posted

Re: A simple one...?

 

Danny Sanders wrote:

> Yes

 

Good. Does this mean in practice that at a given time I need to connect

the DCs for DomainA and DomainB together and establish a trust between

DomainA to DomainB (and not vice versa). So can I disconnect the DCs

and reconnect them to their subnets. Then will DomainB's DC

authenticate the workstation and user from DomainA despite that DomainB

has no current connection to DomainA?

 

What about logon scripts. I want the DomainA user run a DomainB logon

script when logging on. Is this possible?

 

Thanks again ;-)

 

jake

 

>

> "Jake" <jake056@gmail.com> wrote in message

> news:eXtJ5yIPIHA.1204@TK2MSFTNGP03.phx.gbl...

>> Danny Sanders wrote:

>>>> So it is impossible to temporarily log on to DomainB (if the user has an

>>>> account there) if the workstation is actually a member of DomainA?

>>> Usually if a user in one domain needs resources in another domain a trust

>>> is setup between the two domains. Example: a user logs onto a computer in

>>> domain A, there is a trust between domain A and domain B. Because of the

>>> trust the user can access the resources in domain B. But at no time does

>>> the user have to log onto domain B.

>>>

>> OK.

>>

>> Does this also apply when the domains are on physically separate subnets?

>> This is my case....

>>

>> Two separate nets, each with their own DCs.

>>

>> Thanks again for comments

>>

>> jake

>

>

Guest Danny Sanders

Guest Danny Sanders

Posted
Posted

Re: A simple one...?

 

> Good. Does this mean in practice that at a given time I need to connect

> the DCs for DomainA and DomainB together and establish a trust between

> DomainA to DomainB (and not vice versa). So can I disconnect the DCs and

> reconnect them to their subnets. Then will DomainB's DC authenticate the

> workstation and user from DomainA despite that DomainB has no current

> connection to DomainA?

 

 

You set up a trust and leave it in place. You MUST have a connection between

the tow domains in order to set up a trust. You do not disconnect the DCs

from their domains to do this.

 

See:

http://support.microsoft.com/kb/325874/en-us

 

hth

DDS

 

"Jake" <jake056@gmail.com> wrote in message

news:%23PSqGFOPIHA.4584@TK2MSFTNGP03.phx.gbl...

> Danny Sanders wrote:

>

>> Yes

>

> Good. Does this mean in practice that at a given time I need to connect

> the DCs for DomainA and DomainB together and establish a trust between

> DomainA to DomainB (and not vice versa). So can I disconnect the DCs and

> reconnect them to their subnets. Then will DomainB's DC authenticate the

> workstation and user from DomainA despite that DomainB has no current

> connection to DomainA?

>

> What about logon scripts. I want the DomainA user run a DomainB logon

> script when logging on. Is this possible?

>

> Thanks again ;-)

>

> jake

>

>

>>

>> "Jake" <jake056@gmail.com> wrote in message

>> news:eXtJ5yIPIHA.1204@TK2MSFTNGP03.phx.gbl...

>>> Danny Sanders wrote:

>>>>> So it is impossible to temporarily log on to DomainB (if the user has

>>>>> an account there) if the workstation is actually a member of DomainA?

>>>> Usually if a user in one domain needs resources in another domain a

>>>> trust is setup between the two domains. Example: a user logs onto a

>>>> computer in domain A, there is a trust between domain A and domain B.

>>>> Because of the trust the user can access the resources in domain B. But

>>>> at no time does the user have to log onto domain B.

>>>>

>>> OK.

>>>

>>> Does this also apply when the domains are on physically separate

>>> subnets? This is my case....

>>>

>>> Two separate nets, each with their own DCs.

>>>

>>> Thanks again for comments

>>>

>>> jake

>>

Guest Jake

Guest Jake

Posted
Posted

Re: A simple one...?

 

Danny Sanders skrev:

>> Good. Does this mean in practice that at a given time I need to connect

>> the DCs for DomainA and DomainB together and establish a trust between

>> DomainA to DomainB (and not vice versa). So can I disconnect the DCs and

>> reconnect them to their subnets. Then will DomainB's DC authenticate the

>> workstation and user from DomainA despite that DomainB has no current

>> connection to DomainA?

>

>

> You set up a trust and leave it in place. You MUST have a connection between

> the tow domains in order to set up a trust. You do not disconnect the DCs

> from their domains to do this.

 

They *are* disconnected, two posts up I asked for a confirmation: "Does

this also apply when the domains are on physically separate subnets?

This is my case.... Two separate nets, each with their own DCs. "

 

*There is no connection between the two* subnets / domains. This is why

I assumed that I needed to temporarily connect them together to

establish the trust, but honestly I did not believe that the trust

solution was possible unless we had some kind of continous connection

between the two domains.

 

regards jake

Guest Danny Sanders

Guest Danny Sanders

Posted
Posted

Re: A simple one...?

 

If they both have internet connections you can set up a VPN tunnel between

the two domains and create the trust through the VPN tunnel.

 

hth

 

DDS

 

"Jake" <jake056@gmail.com> wrote in message

news:ub3tOQQPIHA.4684@TK2MSFTNGP02.phx.gbl...

> Danny Sanders skrev:

>>> Good. Does this mean in practice that at a given time I need to connect

>>> the DCs for DomainA and DomainB together and establish a trust between

>>> DomainA to DomainB (and not vice versa). So can I disconnect the DCs

>>> and reconnect them to their subnets. Then will DomainB's DC

>>> authenticate the workstation and user from DomainA despite that DomainB

>>> has no current connection to DomainA?

>>

>>

>> You set up a trust and leave it in place. You MUST have a connection

>> between the tow domains in order to set up a trust. You do not disconnect

>> the DCs from their domains to do this.

>

> They *are* disconnected, two posts up I asked for a confirmation: "Does

> this also apply when the domains are on physically separate subnets? This

> is my case.... Two separate nets, each with their own DCs. "

>

> *There is no connection between the two* subnets / domains. This is why I

> assumed that I needed to temporarily connect them together to establish

> the trust, but honestly I did not believe that the trust solution was

> possible unless we had some kind of continous connection between the two

> domains.

>

> regards jake

 Share
Go to topic listing
×
×
  • Create New...