How can I map a network drive from another domain?
Solution 1
The short answer is - you probably need to look at a trust relationship between your two domains. If that exists, then you'll be able to use authentication between them, and so 'everything' will work normally.
The longer answer: When you log in to a Kerberos Realm (which is more or less what a Windows Domain is) you're issued a Ticket Granting Ticket - TGT
- you can see this on your host when you run klist
. This ticket is used for granting access to resources within the Domain - you ask for permission to access \\servername\sharename
and your domain controller issues you with an access ticket.
When you go cross domain, that mechanism doesn't exist - your ticket isn't 'valid' as far as the remote domain is concerned.
You can either: Log in as a domain user in the remote domain (getting tickets/authentication from another source as well) or establish a trust relationship, such that you are deemed a valid user.
Solution 2
You can use Group Policy Extensions for that. (Map Network Drive). If your Domains are not trusted, you either Need to have the same users on both sides with the same Passwords, or you Need to provide a Password on the Map Network Drive Dialog in the GPO.
If that's also not an Option, you could use a Login script which issues a net use \\server\path /USER:DOMAIN2\user
which will then ask a Password from the user.
Related videos on Youtube
Eduard Florinescu
Coding my way out of boredom. “If the fool would persist in his folly he would become wise.” (William Blake)
Updated on September 18, 2022Comments
-
Eduard Florinescu over 1 year
I am using terminal-service server with Windows Server 2012 and we have two terminal servers share trough NLB, users connect to a terminal in the
DOMAIN1
domain with Remote Desktop Connection (see picture below).I need to map a network drive for the users in terminal to a share on another domain (
DOMAIN2
which has the domain controller Windows Server 2003). I try creating a GPO inDOMAIN1
throughDC1
(domain controller forDOMAIN1
with Windows Server 2012) to map the network drive.DC1
andDOMAIN2
are physically connected in the same network.How to map a network drive to a share in the other domain (
DOMAIN2
) on terminals in the main domain (DOMAIN1
)? -
Eduard Florinescu about 10 yearsIf I try to see the drive from the terminal server it asks for the credentials if I try from the terminal client I receive a network error.
-
Eduard Florinescu about 10 yearsIf I try to see the drive from the terminal server it asks for the credentials if I try from the terminal client I receive a network error
Windows cannot access \\etc
. -
Sobrique about 10 yearsIf you supply credentials from the correct domain, can you map a drive?
-
Eduard Florinescu about 10 yearsYes, if I supply the credentials in the GPO then I can map the drive. And then I can see also other paths on the same server
-
MichelZ about 10 yearsWhat do mean by that? Are you trying from the actual client? or from within the TS session?
-
Eduard Florinescu about 10 yearsfrom a TS session with a user account and not an administrator account
-
Sobrique about 10 yearsOK. So you could share, and allow access to that userid. Or set up the domain trust relationship. Doesn't look like you have a firewall or other bogosity interfering.