Server Domain networking

Tags:
Networking
I have just connected 2 IP networks via a router and can ping both sides but need the seperate domain to be able to show up in the network drop down list and be able to create a trust to the other domain. Any ideas?
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

My guess is that 1, the router is blocking the Windows Browser service so you will not see the other domain until you either enter the domain names in both LMHOSTS files, or if you are running WINS on either or both domains, setup replication or add the WINS server address to the domain not running WINS. Second, until you establish the trust, you won’t have the other network show up in the logon drop down box. Once each side can “see” the other side, you can then establish the trust.

Terrence

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Mortree
    This really is more complex than you seem to think. If these are two independent AD domains -- seperate trees -- then they will not show up in each others Explorer. They are not supposed to. They aren't like workgroups. If one domain is supposed to be a subdomain of the other.... Well it would have been easier to join physical networks first then add the domain controllers for the subordinate DNS domain directly as part of the first (master) DNS domain. But you are in luck there is a special merge tool for merging one domain as a subordinate of another after the fact. Not guaranteed to work by MS, like all their non-recommended circumstance tools. But it seemed to work for me. DOMAIN to DOMAIN trusts are very simple to create but for SECURITY reasons demand that you know the name of each domain, a special domain trust password and full administrator logon info for each account. At least under 2000 may 2003 is different. Also with a simple router connection passing all protocols, you may find that workstations sometimes get confused about where to get D, can't logon etc. Why? Because as soon as the cached info on where they got the last info from expires -- it becomes a race as to which domain server replies first. The simplest solution is to let one domain provide DHCP and supply all the server info. Unfortunately that means one domain won't really be able to automatically register workstations and new severs. Alternatively you can "firewall" the two domains apart except for very carefully selected protocols for logon, data, maybe DNS updates (no WINS, DHCP, etc). You
    0 pointsBadges:
    report
  • Mortree
    Sorry I assumed you meant you had two AD forests that you now wanted some limited communciation between. Two Domain trees or domain forests? If just Trees, one tree's domain controllers should have really been built after connecting the networks -- else you get separate forests by accident. http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/w2kdomar.mspx Note: Scenario 6 seems to be what you said. Do you want to keep it that way? http://technet2.microsoft.com/WindowsServer/en/Library/21fd5afb-c35f-49cf-a02b-358f900eb4ff1033.mspx (I used to keep 3 separate domain forests: production, normal development and wild wooly test -- particularly when neophyte .NET programmers started talking about running scripts against the Active Directory for the first time! And they needed adminstrative rights to make the changes they wanted to test.) See here for 2003 forest to forest trust (not an Explorer function) http://technet2.microsoft.com/WindowsServer/en/Library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx Prerequistes http://technet2.microsoft.com/WindowsServer/en/Library/544d5801-205e-45b0-a1d7-cb9c39a7d7091033.mspx Windows 2000 AD is very similar http://support.microsoft.com/?kbid=228477 If instead you want to merge the two forests fully so users can access all aspects of both ADs... One function of the Active Directory Migration Tool is forest to forest movements (not a peak work time activity) http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&DisplayLang=en Other useful pages http://www.microsoft.com/technet/prodtechnol/exchange/guides/PlanE2k3MsgSys/10b7e26a-b3fa-4010-ab30-9443e3145e83.mspx?mfr=true
    0 pointsBadges:
    report
  • Jld927
    If you ccan ping accross then we must assume that IP is working. Next try to get to another machine using the administrative share C$. use the (IP ADDRESS HERE)c$ with the local administrator and password account. Next you want to create a domain controller and choose the second domain in the same forrest option. This will let you create a totally seperate domain with the second segment. Assuming your IP information is correct ( IP Address, Subnet, and Gateway ) you should see both sides. If you are using DHCP on a Cisco router be sure to include the ip-helper address information on the interface and that will let you get DHCP broadcasts accross the router interfaces to machines on the other side.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: