2 networks and Active Directory

thenoelman

Junior Member
Nov 8, 2005
10
0
0
I am a helpdesk/feild tech and I want to solve a problem that has a band-aid fix. We have two workstations on our network (we will name it network A) that need to vpn to another network (network B). This was not an issue until we started rolling out our new AD 3003 domain (upgrading from NT 4.0) Now when they vpn to network B they lose all access to our network. I have created links to the main servers they need to connect to and they are then prompted for their AD credentials, but when they are prompted it has cached their credentials for network b in the username feild. If they authenticate to certain resources, they are able to use them fine, but I am wondering if we can avoid them authenticating to 3 different servers, or if there is a way to create a batch file that hides their password or encrypts it, or some how make it easy for them to be able to work in both networks.
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Check out "Trusts".

There are one-way, two-way, transitive, and non-transitive Trusts that allow Users on one domain to be automatically trusted by other domains.

Trusts are vastly simpler to create and maintain with Active Directory, compared to NT.
 

thenoelman

Junior Member
Nov 8, 2005
10
0
0
I know a bit about trusts, but being that the network b is a government network, do you think they would allow us to add them as a trusted domain? Wouldn't that complicate things more and have them have to log out and back in to each domain?
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
The question isn't whether you can add THEM as a trusted domain. You choose to trust them and send them a Security Certificate, and they can log into your domain. The question is whether they will trust YOUR domain and let YOU log into their domain.

The ONLY, for sure, secure way to handle logins and passwords is to let Active Directory handle it. (Or an equivalent, high-security operating system that knows how to encrypt accounts/passwords and keep them safe). Windows Active Directory doesn't keep unencrypted passwords laying around for people to discover and steal. And all password transmissions are secured. If you care about your security, don't try to create your own "hidden" password storage system. And if you use somebody else's, make sure it is an industry-recognized-safe system.
 

thenoelman

Junior Member
Nov 8, 2005
10
0
0
so in this situation, we only need to log in to their domain to hit their resources. They would then be the one who would need to trust our domain, correct? They have given us a username and password to log in to their domain currently. I need to learn more about Trusts - I will read.