Today I heard a very interesting approach to help you test potential Domain/User trust issues. Such issues can arise due to the configuration of cross-domain trusts and/or other configuration settings in your environment.
Problem
Lets say you have a scenario were you are setting up a server that will require users to connect to it (or one of its services) with their domain credentials, but your not sure if those domains can speak to the domain were your server is attached.
Solution
The solution I heard is to simply use the Windows Explorer application on the machine in question and try to give a user per domain read-rights on some miscellaneous text file. If the users from one or more of the domains your checking cannot be found in the list if available users then you probably have an issues.
This makes a lot of sense since the way Explorers file-permission screens work is the same way other AD-domain applications work, by querying the AD for user information. If the user is not in the list, the domain most likely cannot be queried or some other issues exists.
Conclusion
This approach might be obvious to IT Pro's but to me as a Software Engineer tricks like this can be a life saver when I am forced to cross into a different role for a particular project or situation.
If a better approach exists or if my solution is wrong please do let me know by email or by posting a reply to this entry.
0 comments:
Post a Comment