Re: Easy question on External Trust Perimeter-->Internal

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Ah. That's what I wanted to confirm ! Thanks.
Regarding the firewall rules info in the link below, in my case it is a
one-way trust.
Do you have a good document there which shows which way I should apply such
rules ?

I mean, I know that some ports should remain 'open' to allow the one-way
trust to operate. I believe that some ports should be allowed only during
the trust establishment, but should be closed afterwards. In my case it is
an 'external' trust (perimeter trusts internal domain).

Thanks !

MB


"Manish" <Manish@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1FE515F4-CFD8-48E0-B6DE-A9E37C399700@xxxxxxxxxxxxxxxx
> Hi,
>
> Did you create secondary zone of your domains in eachother's DNS?
> As in, you need to have a secondary zone of perimeter.mycompany.com in the
> DNS of internal.mycompany.com and vice versa. That will enable name
> resolution between both your domains.
>
> For further info, ,check:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
>
> --
> Microsoft Support Engineer
> Microsoft Windows 2000/2003 Active Directory Services Specialist
>
>
> "Marlon Brown" wrote:
>
>> I have a Win2003 domain named "internal.mycompany.com".
>> Now I added a NIC onto my ISA 2004 server and I created a
>> "perimeter.mycompany.com" domain (I also setup DNS-ADI servers
>> authoritative
>> for the new perimeter.mycompany.com. I mean, the DNS servers on the
>> perimeter.mycompany.com are totally independent from the
>> internal.mycompany.com DNS servers.
>>
>> From the perimeter-DCs, I can ping my internal DNS servers - connectivity
>> is
>> OK. Vice versa is also OK.
>>
>> Now I want to establish a one-way trust between the
>> 'perimeter.mycompany.com' and 'internal.mycompany.com'. I already allowed
>> Kerberos, LDAP and other ports necessary to establish a trust.
>>
>> I logon onto the perimeter-DC, I launch "Active Directory Domain and
>> Trusts".
>> I can see only the domain "perimeter.mycompany.com".
>> What do I need to do in order to 'see' the domain internal.mycompany.com
>> ?
>> I followed the steps on
>> http://technet2.microsoft.com/WindowsServer/en/Library/2dcc40a8-1781-427a-b806-ea10d16ffac81033.mspx
>> and I can't see how I would address this issue.
>>
>>
>>


.

Relevant Pages

  • Re: One-way trust between domains in same forest?
    ... forest. ... trust relationship ... between the domain you are creating (the new tree root) and the ... Domain A's DNS servers are configured to look to domain B's DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: create trust
    ... Host a secondary DNS zone in the 2000 domain. ... The 2003 domain will need to trust the 2000 domain. ... If there are lots of DCs running as DNS servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: 2 AD domains same physical switches and router ?
    ... You will of course have a copy of their zone so their client can find their ... I wouldn't specify all DNS servers in DHCP Option 006. ... their resources and vice-versa. ... that would answer that question and indicate which way to make the trust. ...
    (microsoft.public.windows.server.networking)
  • Re: Windows 2003 trusts
    ... you require cross domain (forest) name resolution. ... bi-directional transitive trust in place. ... If these DNS servers also forward to the Internet, ... Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection." ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2003 trusts
    ... you require cross domain (forest) name resolution. ... bi-directional transitive trust in place. ... If these DNS servers also forward to the Internet, ... Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection." ...
    (microsoft.public.windows.server.general)