I am using terminal-service server with Windows Server 2012 and we have two terminal servers share trough NLB, users connect to a terminal in the DOMAIN1
domain with Remote Desktop Connection (see picture below).
I need to map a network drive for the users in terminal to a share on another domain (DOMAIN2
which has the domain controller Windows Server 2003).
I try creating a GPO in DOMAIN1
through DC1
(domain controller for DOMAIN1
with Windows Server 2012) to map the network drive.
DC1
and DOMAIN2
are physically connected in the same network.
How to map a network drive to a share in the other domain (DOMAIN2
) on terminals in the main domain (DOMAIN1
)?
Best Answer
The short answer is - you probably need to look at a trust relationship between your two domains. If that exists, then you'll be able to use authentication between them, and so 'everything' will work normally.
The longer answer: When you log in to a Kerberos Realm (which is more or less what a Windows Domain is) you're issued a Ticket Granting Ticket -
TGT
- you can see this on your host when you runklist
. This ticket is used for granting access to resources within the Domain - you ask for permission to access\\servername\sharename
and your domain controller issues you with an access ticket.When you go cross domain, that mechanism doesn't exist - your ticket isn't 'valid' as far as the remote domain is concerned.
You can either: Log in as a domain user in the remote domain (getting tickets/authentication from another source as well) or establish a trust relationship, such that you are deemed a valid user.