How-to logon successfully thru DC in a domain thats no mine?

Hi!

I need to logon from workstations belonging to domain A, with a user also
belonging to domain A, when the computer is attached to a network where there
is no direct connection to a DC in domain A. But there is another DC in
domain B (and different forest), that have two network cards, where one of
them has connection to domain A. The domain B have a forest-trust to domain
A. See a detailed description in my worddocument at
http://hem.fyristorg.com/tongestad/$xpC901Wq77doNk112$39/PoC-AM-Net.doc

--
/Johan Tongestad

If the workstation points to or is fowarded to and can reach a DNS server
which holds the SRV records for domain A, and the workstation has a route to
a domain A domain controller; then the user can logon to domain A.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Johan Tongestad" <(E-Mail Removed)> wrote in
message news:3D6B434A-A5F0-44C6-AFEB-(E-Mail Removed)...
> Hi!
>
> I need to logon from workstations belonging to domain A, with a user also
> belonging to domain A, when the computer is attached to a network where
there
> is no direct connection to a DC in domain A. But there is another DC in
> domain B (and different forest), that have two network cards, where one of
> them has connection to domain A. The domain B have a forest-trust to
domain
> A. See a detailed description in my worddocument at
> http://hem.fyristorg.com/tongestad/$xpC901Wq77doNk112$39/PoC-AM-Net.doc
>
> --
> /Johan Tongestad


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 11-7-2004

I already knowed that, but what I wanted was to authenticate to the domain A,
when there is NO route from the current subnet to that domain (reachable from
my workstation). But the DC for domain B has two netcard, where one of them
have full access to the domain A. The DNS on the DC in domain B has manually
added information about the existence of domain A, and domain B trusts domain
A. E.g. the DC for domain B shall authenticate my request for me....

/Johan.

"Doug Sherman [MVP]" wrote:

> If the workstation points to or is fowarded to and can reach a DNS server
> which holds the SRV records for domain A, and the workstation has a route to
> a domain A domain controller; then the user can logon to domain A.
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
> "Johan Tongestad" <(E-Mail Removed)> wrote in
> message news:3D6B434A-A5F0-44C6-AFEB-(E-Mail Removed)...
> > Hi!
> >
> > I need to logon from workstations belonging to domain A, with a user also
> > belonging to domain A, when the computer is attached to a network where
> there
> > is no direct connection to a DC in domain A. But there is another DC in
> > domain B (and different forest), that have two network cards, where one of
> > them has connection to domain A. The domain B have a forest-trust to
> domain
> > A. See a detailed description in my worddocument at
> > http://hem.fyristorg.com/tongestad/$xpC901Wq77doNk112$39/PoC-AM-Net.doc
> >
> > --
> > /Johan Tongestad
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.789 / Virus Database: 534 - Release Date: 11-7-2004
>
>
>

Use a LAN Router and do it right. You do things the right way and they will
work dependably everytime. You try to cut corners and try to "outsmart the
system" you will always have problems and undependability.

Never multihome a DC and expect to use it as a router (SBS being an
exception).

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default...b;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default...b;EN-US;191611


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Johan Tongestad" <(E-Mail Removed)> wrote in
message news:BE99559C-1A50-4276-984C-(E-Mail Removed)...
> I already knowed that, but what I wanted was to authenticate to the domain
A,
> when there is NO route from the current subnet to that domain (reachable
from
> my workstation). But the DC for domain B has two netcard, where one of
them
> have full access to the domain A. The DNS on the DC in domain B has
manually
> added information about the existence of domain A, and domain B trusts
domain
> A. E.g. the DC for domain B shall authenticate my request for me....
>
> /Johan.
>
> "Doug Sherman [MVP]" wrote:
>
> > If the workstation points to or is fowarded to and can reach a DNS
server
> > which holds the SRV records for domain A, and the workstation has a
route to
> > a domain A domain controller; then the user can logon to domain A.
> >
> > Doug Sherman
> > MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> >
> > "Johan Tongestad" <(E-Mail Removed)> wrote in
> > message news:3D6B434A-A5F0-44C6-AFEB-(E-Mail Removed)...
> > > Hi!
> > >
> > > I need to logon from workstations belonging to domain A, with a user
also
> > > belonging to domain A, when the computer is attached to a network
where
> > there
> > > is no direct connection to a DC in domain A. But there is another DC
in
> > > domain B (and different forest), that have two network cards, where
one of
> > > them has connection to domain A. The domain B have a forest-trust to
> > domain
> > > A. See a detailed description in my worddocument at
> > >
http://hem.fyristorg.com/tongestad/$xpC901Wq77doNk112$39/PoC-AM-Net.doc
> > >
> > > --
> > > /Johan Tongestad
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.789 / Virus Database: 534 - Release Date: 11-7-2004
> >
> >
> >

If the DC for domain B can reach domain A, then the workstation on the same
subnet can reach domain A:

Enable routing on the domain B DC and either configure the workstation with
a default gateway to the LAN NIC IP of the domain B DC or configure a static
route on the workstation:

route add <domain A network> mask <domainAsubnetmask> <LAN IP of
domain B DC>

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Johan Tongestad" <(E-Mail Removed)> wrote in
message news:BE99559C-1A50-4276-984C-(E-Mail Removed)...
> I already knowed that, but what I wanted was to authenticate to the domain
A,
> when there is NO route from the current subnet to that domain (reachable
from
> my workstation). But the DC for domain B has two netcard, where one of
them
> have full access to the domain A. The DNS on the DC in domain B has
manually
> added information about the existence of domain A, and domain B trusts
domain
> A. E.g. the DC for domain B shall authenticate my request for me....
>
> /Johan.
>
> "Doug Sherman [MVP]" wrote:
>
> > If the workstation points to or is fowarded to and can reach a DNS
server
> > which holds the SRV records for domain A, and the workstation has a
route to
> > a domain A domain controller; then the user can logon to domain A.
> >
> > Doug Sherman
> > MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> >
> > "Johan Tongestad" <(E-Mail Removed)> wrote in
> > message news:3D6B434A-A5F0-44C6-AFEB-(E-Mail Removed)...
> > > Hi!
> > >
> > > I need to logon from workstations belonging to domain A, with a user
also
> > > belonging to domain A, when the computer is attached to a network
where
> > there
> > > is no direct connection to a DC in domain A. But there is another DC
in
> > > domain B (and different forest), that have two network cards, where
one of
> > > them has connection to domain A. The domain B have a forest-trust to
> > domain
> > > A. See a detailed description in my worddocument at
> > >
http://hem.fyristorg.com/tongestad/$xpC901Wq77doNk112$39/PoC-AM-Net.doc
> > >
> > > --
> > > /Johan Tongestad
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.789 / Virus Database: 534 - Release Date: 11-7-2004
> >
> >
> >