Re: trust forests without trusts

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In news:u1oDNDvbGHA.536@xxxxxxxxxxxxxxxxxxxx,
John M <sdkfj@xxxxxxxxxxxxx> stated, which I commented on below:
Is there some product that will basically take over a trust role? I
have external forests that I want to assign resources to. Because we
use NAT between the two forests, I can't setup a trust. Is there
something else I can do? If this product could also sync the GAL
from exchange that would be great.

thanks
John

You can create a trust between two NAT networks if your create a VPN with
the endpoints being the NAT routers, such as if they were PIX boxes on each
end, create a tunnel between them allowing unhindered access to each others'
subnets. This is normally done with many companies with multiple remote
locations/offices. If it is a partner organization or business partner, you
will need to sit down with them and explain what you want and come up with a
solution, possibly hiring a consultant who is familiar with this very common
procedure.

There are 3rd party tools, such as SimpleSync, to sync up different orgs,
but they still require full network access because of authentication and
communication, etc, because NAT does not translate Kerberos, NTLM, LDAP or
RPC traffic.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]


.

Relevant Pages

  • trust forests without trusts
    ... Is there some product that will basically take over a trust role? ... external forests that I want to assign resources to. ... Because we use NAT ...
    (microsoft.public.win2000.active_directory)
  • Re: IPSEC vs. PPTP, etc
    ... the combination of L2TP/IPSEC (ala Microsoft VPN) does NOT go ... >PPTP is no longer recommended by Microsoft for secure comms. ... >most of us and it can go through a NAT. ...
    (comp.security.firewalls)
  • Re: ISA serv 2004 one to one NAT
    ... No matter what the technicalities and terminologies, if Microsoft want ... ISA2004 to sell into the market place that currently has Checkpoint ... translation rules (like FW1). ... and an additional dedicated NAT router to connect ...
    (microsoft.public.isa)
  • Re: W2K NAT drops TCP connection requests
    ... Windows 2000 NAT actually works fine, despite some issues (I will not ... with every website or only with that one? ... >most or all of the simutaneous TCP connection requests got NO response. ... >I searched trough the Microsoft support site with no luck. ...
    (microsoft.public.win2000.networking)
  • Re: Lost Network Printers after XP/SP2
    ... Microsoft has a hotfix that might apply. ... Tom ... NAT was blocking the connection. ...
    (microsoft.public.windowsxp.print_fax)