J
John Rosenlof
Hi,
We have a domain (domain1) and wanted to join another domain (domain2) up as
a tree within the forest of domain1. The creation was successful, as well
as the configuration of dns and dhcp servers as well. The DNS zone for
domain 2 is AD integrated and the DNS server has a secondary zone setup to
grab stuff from domain1's DNS zone.
My question is one about the browser and access to domain resources. How do
we set something up so that certain users from domain1 can browse domain2?
Right now here's what we can do. When logged into domain1 from a
workstation in domain1, we can: browse domain1, ping host names and FQDN's
of computers in domain1 and open up shares on a computer in domain1 by
either entering in its host name or FQDN. I know that this is all normal
and as it should be. While logged into domain1 from a workstation in
domain1, to ping a host or open up a share on a computer in the other
domain, we have to enter in the FQDN. But the browser does not show that
there is even another domain or network connected. This changes slightly
when we log into domain2 from a workstation in domain1. The browser shows
that domain1 is there and we can browse it, but it also shows domain2 as
well. However, we cannot browse it. Opening up the computers from the run
command works as normal.
I guess what I'm wondering is how much of this is normal, since I'm not
exactly sure what access you're supposed to be granted to another domain
when you join it up as another tree in the forest. Is there a way to make
it so that if we're logged onto domain1 from a workstation in domain1, that
we can browse the computers in domain2? I know that there is supposed to be
a transitive trust relationship, but what practical things does that
translate into? I'd appreciate any help or enlightenment that could be
offered on this. Thanks!
Regards,
John
We have a domain (domain1) and wanted to join another domain (domain2) up as
a tree within the forest of domain1. The creation was successful, as well
as the configuration of dns and dhcp servers as well. The DNS zone for
domain 2 is AD integrated and the DNS server has a secondary zone setup to
grab stuff from domain1's DNS zone.
My question is one about the browser and access to domain resources. How do
we set something up so that certain users from domain1 can browse domain2?
Right now here's what we can do. When logged into domain1 from a
workstation in domain1, we can: browse domain1, ping host names and FQDN's
of computers in domain1 and open up shares on a computer in domain1 by
either entering in its host name or FQDN. I know that this is all normal
and as it should be. While logged into domain1 from a workstation in
domain1, to ping a host or open up a share on a computer in the other
domain, we have to enter in the FQDN. But the browser does not show that
there is even another domain or network connected. This changes slightly
when we log into domain2 from a workstation in domain1. The browser shows
that domain1 is there and we can browse it, but it also shows domain2 as
well. However, we cannot browse it. Opening up the computers from the run
command works as normal.
I guess what I'm wondering is how much of this is normal, since I'm not
exactly sure what access you're supposed to be granted to another domain
when you join it up as another tree in the forest. Is there a way to make
it so that if we're logged onto domain1 from a workstation in domain1, that
we can browse the computers in domain2? I know that there is supposed to be
a transitive trust relationship, but what practical things does that
translate into? I'd appreciate any help or enlightenment that could be
offered on this. Thanks!
Regards,
John