Trust relationship between domains
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Trust relationship between domains

 
Post new topic   Reply to topic    Windows Server Forum Index -> Networking
Author Message
kryan762
Guest
Posted: Sat Nov 05, 2005 1:50 am    Post subject: Trust relationship between domains Reply with quote
let's say domainoutside.buddy.com has a one way trust with
domaininside.friend.com

a firewall exists between the domain controllers in domainoutside and
domaininside

another firewall exists between the member servers of domaina and the domain
controllers of domainoutside

Our goal is to open as few ports as possible What ports need to be open
between zones for this trust configuration to work correctly.
Do the member servers of the outside domain need the ability to ldap against
the domain controllers of the inside domain ?

When you attempt to add a user from the domaininside domain to a local group
on a domainoutside member server . How does the request flow ? Will the
member server ask the domain controllers for the oustide domain for the
information and when they don't have it will they ask the domain controllers
for the inside domain for the information or will they attempt to make the
request directly to the inside domain controllers ?
Back to top
Todd J Heron
Guest
Posted: Sat Nov 05, 2005 5:50 pm    Post subject: Re: Trust relationship between domains Reply with quote
Over 30 ports are needed to be opened, not including the high (>1024 RPC
ports). Sound scary? Anyway, start here.

Active Directory in Networks Segmented by Firewalls
http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767-a9166368434e&displaylang=en

How to Configure a Firewall for Domains and Trusts (Q179442)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q179442" NetBIOS 137
138 139 session join joining map mapping

Network Address Translators (NATs) can block Netlogon traffic
http://support.microsoft.com/kb/172227/

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"kryan762" <kryan762@discussions.microsoft.com> wrote in message
news:FFA158E8-A9C5-421A-9C93-0E885A746638@microsoft.com...
let's say domainoutside.buddy.com has a one way trust with
domaininside.friend.com

a firewall exists between the domain controllers in domainoutside and
domaininside

another firewall exists between the member servers of domaina and the domain
controllers of domainoutside

Our goal is to open as few ports as possible What ports need to be open
between zones for this trust configuration to work correctly.
Do the member servers of the outside domain need the ability to ldap against
the domain controllers of the inside domain ?

When you attempt to add a user from the domaininside domain to a local group
on a domainoutside member server . How does the request flow ? Will the
member server ask the domain controllers for the oustide domain for the
information and when they don't have it will they ask the domain controllers
for the inside domain for the information or will they attempt to make the
request directly to the inside domain controllers ?
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Networking All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB