Announcement

Collapse
No announcement yet.

Trust problem or something else

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trust problem or something else

    Hello,

    my network has 2 domains

    1: NT 4 domanin - which I'll refer to it as OLD
    2: Active Directory - which I'll refer to it as NEW

    I've created a 2 way trust relationship between these two domains and evereything worked fine till about 3 weeks ago. The problem is an annoing messge box that says "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.
    Disconnect all previous connections to the server or shared resource and try again" when I try to conect to computers logged in the OLD (NT4) domain, using administrative shares, from a computer that is logged on to the NEW (AD) domain. I get this message box when I enter an admin acount name and password from the OLD domain.
    What cand I do to gain access trough administrative share to the computers from tho OLD domain ?
    I'll provide any other info if it's required.
    If I didn't make myself clear, I'll try to rephrase it.
    I've tried resseting the trust but it did not solve the problem...

    Thank you very much,
    Alex

  • #2
    Re: Trust problem or something else

    This is by design and quite normal. You are not allowed to have 2 personalities when running under single security context.

    The alternative is to use Run As.

    just run in the command prompt:
    Code:
    runas /user:OLD\administrator cmd
    This will open you a command prompt which runs under security context of OLD\administrator and will let you do what you want and lounch applications under OLD\administrator account

    P.S.: depending on the security configuration of your hosts, you might need to grant permissions to OLD\administrator (or whatever account you are using) on the workstation in the NEW domain.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: Trust problem or something else

      thank you very much for the clarification! I followed your advice with runas and it worked but I can't start windows explorer with alternate credentials. if I type explorer it doesen't even start, only if iI type explorer.scf but then, it's runnig with the credentials of the current logged on usser. I've stumbled uppon CPAU that is an replacement for runas and I'll try to investigate further. The reason I need to open explorer with alternate credentials is to allow my boss to access administrative shares in the old domain as she's not so technicly inclined to use NET use ...

      Once again THANKS and sorry for my bad english

      Alex
      Last edited by alexban; 15th February 2006, 13:50.

      Comment


      • #4
        Re: Trust problem or something else

        Well, there is a hack which involves killing explorer.exe process and starting a new exporer.exe from the prompt under alternative account, but I doubt this is the route you want to take.

        Why don't you just grant the required permissions to the manager's account ?

        btw, have you used ADMT with sIDHistory to migrate the account in question or this is brand new account created from scratch, the manager is using ?

        If no sIDHistory is not involved, you can just add the manager's account to Administrators group (or any other group that has access to admin shares) on the target server.

        And don't warry about your english - there are quite a lot of non-native English speakers over here (me being one of them).
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Trust problem or something else

          Hello,

          The accounts for the NEW domain are brand new as the ones from the OLD domain were (and still are) a mess (multiple users using the same acount, acounts with no password , no logical nameing convention, etc). this is a temporary situation as I'll move all the users to the new domain, but it will take a while for about 100 users..and just 2 of us.. but that's another story
          anyway , to get to the subject:
          I've added the Domain Admins account from the NEW (AD) domain to the Administrators group on the OLD (NT) domain but no change (it keeps prompting for user/password) and I don't understand why...

          Thanks,
          Alex

          Comment


          • #6
            Re: Trust problem or something else

            Originally posted by alexban
            I've added the Domain Admins account from the NEW (AD) domain to the Administrators group on the OLD (NT) domain but no change (it keeps prompting for user/password) and I don't understand why...
            Have you added Domain Admins from new domain to Administrators group on the PDC or the server you are trying to access ? You need to add the accounts from the new domain to the local Administrators group on the server you are trying to access.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Trust problem or something else

              Originally posted by alexban
              Hello,
              I've added the Domain Admins account from the NEW (AD) domain to the Administrators group on the OLD (NT) domain but no change (it keeps prompting for user/password) and I don't understand why...
              Alex
              I want to be able to acces all the computers in the OLD domain. The only pc that I can browse trough admin shares is the PDC. the rest of computers on that domain are prompting for password.
              What am I missing ?
              Thanks,
              Alex

              Comment

              Working...
              X