Combining AD Domains and Workgroups

S

Shalom B.

It is my understanding that to enable browsing computers (or atleast
have them visible)via the network neighbourhood the computers have to be
in the same workgroup or AD Domain (please correct me if i am wrong),
therefore, how does one effeciently maintain smooth authentication and
computer browsing for a multihomed host connected to both an AD domain
and a simple workgroup.

Scenario : I have a AD domain consisting of 2 DCs, one of which is
multi-homed, one interface leading to one AD Domain in a LAN and
another interface leading to a remote LAN. There are no issues with
connectivity but there are problems authenticating hosts on the remote
LAN to be able to browse the second DC via the Network Neighbourhood,
also, there are some intermittent problems in Mapping drives to this
second DC.
 
D

Doug Sherman [MVP]

Browsing and authentication are separate issues.

Also, there are differences between bowsing workgroups vs. domains in a
routed environment. The usual solution is WINS; however, you may be able to
give all macines access to a domain/workgroup browse list by using lmhosts
files or simply installing a domain member machine on the workgroup subnet.
See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;149941

http://support.microsoft.com/default.aspx?scid=kb;en-us;117633

http://support.microsoft.com/default.aspx?scid=kb;en-us;150800

In order to actually access resources on a DC over the network, the user
must, at a minimum, present credentials listed in the Domain Controllers
OU/Group Policy/Windows Settings/Security Settings/Local Policies/User
Rights Assignment - Access this computer from the network.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
R

Ray

Shalom said:
It is my understanding that to enable browsing computers (or atleast
have them visible)via the network neighbourhood the computers have to be
in the same workgroup or AD Domain (please correct me if i am wrong),
therefore, how does one effeciently maintain smooth authentication and
computer browsing for a multihomed host connected to both an AD domain
and a simple workgroup.

Scenario : I have a AD domain consisting of 2 DCs, one of which is
multi-homed, one interface leading to one AD Domain in a LAN and
another interface leading to a remote LAN. There are no issues with
connectivity but there are problems authenticating hosts on the remote
LAN to be able to browse the second DC via the Network Neighbourhood,
also, there are some intermittent problems in Mapping drives to this
second DC.
Click to expand...

Name your Workgroup with the same name as the Pre-Windows 2000 name
given to your domain. For example, if your domain is local.xyz.com, its
pre-windows 2000 domain name is probably "local". Give your workgroup
the name of "local" Then all of the computers (both domain members and
workgroup members) will be browsable - all will be listed under "Local"
in My Network places.
As noted by others, this has nothing to do with authentication, which
will be done on each workstation for members of the workgroup and on the
Domain Controller for members of the domain.

Ray Berger
ITNWorks.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Workgroup/Domain networking. 1
Networks : Workgroups and Domains. How Do I Use Them? 9
when old 2kDC turned off - new 03dc cant verify users ? 17
Authentication to wrong AD Domain server 1
Unique Computer Names within two separate workgroups 3
Browsing "broken" 1
network browsing 1
WNetEnumResource workgroups vs. domains 1

Top