Announcement

Collapse
No announcement yet.

Trust Between Domains In Forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trust Between Domains In Forest

    Environment:

    new active directory forest

    empty root domain: x.tld (functional level: Windows 2008 )
    domain: prod.x.tld (functional level: Windows 2008 )
    domain: office.x.tld (functional level: Windows 2003, because we're going to import existing Windows 2003 domain controllers from our current Active Directory, ad.xsys.tld)

    All domain controllers in the new forest are Windows 2008 R2.

    User accounts reside in office.x.tld

    A two-way transitive trust exists between prod.x.tld and office.x.tld

    I can configure the domain controllers in prod.x.tld to accept office.x.tld credentials for Remote Desktop.

    But when I try to configure members servers in prod.x.tld to accept office.x.tld credentials for Remote Desktop login, I get the following:
    Name Not Found
    An object name "robertr" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection.
    What else should I be looking at?


    UPDATED TO ADD: From the console of memberserver.prod.x.tld, I can log in with my office.x.tld credentials. I just can't add office.x.tld users to Remote Desktop Users on memberserver.prod.x.tld. This makes me suspect it's more of a Remote Desktop/GPO issue than a Trust issue.
    Attached Files
    Last edited by Robert R.; 22nd March 2011, 00:21.

  • #2
    Re: Trust Between Domains In Forest

    Try this, create (AD)domain local security group, make it a member of Remote desktop users group (local member server)

    Now add users from office.x.tld to domain local security group (prod.x.tld)
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: Trust Between Domains In Forest

      v-2nas,

      Thanks. That worked.

      The issue I'm having now is when I log in to a PROD member server using OFFICE credentials, it takes about 10+ minutes:

      ~ 2 minutes at the "Welcome" screen
      ~ 2 minutes at the "Please wait for the User Profile Service" screen
      ~ 7 minutes at the "Applying user settings" screen


      At first I thought this might be related to creating the user profile for the first time, but it happens when I use the same credentials over and over.

      This is not an issue when logging in as [email protected] -- that only takes a few seconds.

      Currently, the x.tld, office.x.tld, and prod.x.tld domain controllers are all in the same physical location (they're VMware virtual machines on the same hardware).
      Attached Files

      Comment


      • #4
        Re: Trust Between Domains In Forest

        Hi,

        Do you have a gpo setting enabled for wait for network to become ready before logo.

        Try disabling that, otherwise we need to check narrow down which gpo is causing the issue, are clients picking out of site dc, or dns needs to be tweaked.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: Trust Between Domains In Forest

          "dns needs to be tweaked"

          One of the network administrators came to me today saying that DNS lookups, while resolving, were taking an unusually long time -- although he didn't quantify it for me.

          What tools do you recommend for troubleshooting Windows DNS performance issues? For many years, DNS has been administered by our Unix admins, so using Windows DNS is something that's relatively new for our organization.

          Thanks.

          Comment


          • #6
            Re: Trust Between Domains In Forest

            Hi,

            basically some understanding of how dns works, nslookup, and it's output, then you need to check how you have your dns setup and how is resolving, using forwarders, stub zones, conditional forwarders, root hit.

            I am windows guy so not sure about how unix is doing it. Probably you can check with unix consultant and tell to take a look into it.

            Advance troubleshooting would taking a dns trace and checking for the queries why it's taking so long to response.
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: Trust Between Domains In Forest

              Long story short (leaving out a lot of details):

              Rather than using forwarders, I set up the DNS zones to replicate across the entire forest, not just within their domains and then relying on forwarders to resolve between domains.

              It seemed to have worked.

              Since DNS that is something that was handled by the Unix group for many years, moving to Windows-based DNS servers and having to take on this responsibility has definitely been a learning experience.

              Comment

              Working...
              X