[THIN] Re: OT: AD Browsing Issue
- From: Russell Robertson <russell@xxxxxxxxxxxxxxxxxxx>
- To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2012 12:53:46 +0000
Hi Steve
You should be able to ping the domain itself, so if the internal fqdn is
company.local then you should get a reply.
Its weird though if you've got the trust set up with out DNS being all good.
Cheers
Russell
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Steve Snyder
Sent: 06 March 2012 11:34
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: AD Browsing Issue
On Tue, Mar 6, 2012 at 10:53 AM, Berny Stapleton
<berny@xxxxxxxxxxxxxxxxx<mailto:berny@xxxxxxxxxxxxxxxxx>> wrote:
DNS is replicated completely?
That I won't know, though I'm trying to get some hostnames for the other domain
to see if I can resolve them.
Got a hostname - can't resolve it.
NetBIOS over TCP/IP is turned on?
On my PC, yes. On the DCs? Don't know.
What does sites and services look like?
Oodles of sites, can't really tell that there's one setup for the other domain.
What should I be looking for here?
Can you run wireshark on one of the machines that's not working and
see whether it's trying to connect out to a DC that's perhaps not in
the policy?
that would definitely be out of the question. I can run a port query from PCs
and member servers.
On the machine that you are running ADUC on, can you login there to
the other domain?
I'll see if they can create an account for me to test with.
They're currently allowing perhaps 7 DCs on each domain to contact one another.
The FW guys say that there's no port restrictions, they're just allowing IPs to
connect to one another.
One enterprise group controls our DCs and FWs, another enterprise controls the
other DCs; FWs on the other domain are controlled locally. Everyone says that
their part is configured correctly (of course). Seems like there should be a
way to set up a bridgehead or two on each domain, and then just allow the
bridgeheads to talk through the firewalls. One enterprise AD guy believes that
we need to configure the firewalls with ACLs for all of the DCs (hundreds) on
both domains (so hundreds X2); I'm hoping there's a more succinct way.
thanks.
On Tue, Mar 6, 2012 at 9:14 AM, Steve Snyder
<kwajalein@xxxxxxxxx<mailto:kwajalein@xxxxxxxxx>> wrote:
> Alright, one for the AD Gods/Goddesses
>
> Got a trust between two different AD forests. From my PC I can browse the
> other domains and select/add objects. From ADUC, I can't even see the other
> domains (see the attached pic).
>
> Ideas?
>
> What's driving this issue is from a server in another site (still in my
> domain) one can't see the other domains at all in order to add users (as I
> can from my PC). So between these two matters I'm guessing that our trust
> isn't quite right, but I don't have access to DCs nor the firewalls so I'm
> troubleshooting symptomatically. If anyone wants to pipe in with a Cliff
> Notes version of setting up trusts between AD domains through firewalls for
> domains with a *lot* of DCs I'd gladly read it and drink a german bier in
> their honor.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
