Re: AD Trusts and Firewall

From: "Joseph T Corey" <jcorey@xxxxxxxxxxxxxx>
Date: Tue, 20 Nov 2007 09:44:01 -0500

Microsoft has this pretty well documented:

http://support.microsoft.com/kb/179442

http://technet2.microsoft.com/windowsserver/en/library/108124dd-31b1-4c2c-9421-6adbc1ebceca1033.mspx?mfr=true

Hope that helps!
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx

"ldr_78" <ldr_78@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D699B7F6-020A-40CB-A04B-8A8A97A28B6F@xxxxxxxxxxxxxxxx

Hi,
I've got some questions concerning Trusts and Firewalls. (I hope my
explanation will be clear).
I have an Active Directory Forest (ad.local) with an empty root domain
(ADROOT)
2 domain controllers are installed for this root domain.
I have a child domain (d1.ad.local) with 2 domain controllers.
This child domain is trusted with other Windows domains for migration
purposes.

I need now to install some Domain controllers on other sites protected with
firewall where I will need to add some trusts with their local domain for
migration purpose.

What are the firewall rules to be added between each of these elements (For
the Moment nothing is opened) ?

Best Regards

This can be summarized like
ADROOT
|--DC1
|--DC2
|
Legacy Domains-/Trust/- D1.ad.local -/FW/--- -/Trust/- Legacy
Domains
|-DC3 |-DC5
|-DC4 |-DC6
| |

Follow-Ups:
- Re: AD Trusts and Firewall
  - From: ldr_78

Prev by Date: Re: Query for TS permission?
Next by Date: Re: AD Trusts and Firewall
Previous by thread: Re: GC and some other stuff will only sync with a open PPTP Connection
Next by thread: Re: AD Trusts and Firewall
Index(es):
- Date
- Thread

Relevant Pages

Re: AD Trusts and Firewall
... each domain controllers need to be able to communicate with each other? ... firewall. ... firewall between the trusts). ... Joseph T. Corey MCSE, Security+ ...
(microsoft.public.windows.server.active_directory)
Re: AD Trusts and Firewall
... you can pretty much ignore the client ports in MS's example IF the domain in which a client is a member of does not have a traverse over a firewall. ... trusted domains/forests only require communication between the domain/forest in which it explicitly trusts. ... you will need to setup communication through the firewall for all ports listed under "Server Ports" in MS's documentation for all of the domain controllers on each side of any trust you create. ...
(microsoft.public.windows.server.active_directory)
Re: Windows Server 2003 domain trust issue
... at the start of play yesterday we were lacking DNS resolution in one ... That was tracked down to the Watchguard firewall at the remote end ... checking the status of the listed ports. ... Were the trusts created in BOTH directions? ...
(microsoft.public.windows.server.dns)
RE: AD Trusts and Firewall
... I have 2 Sites separated by a firewall. ... CDC1 is set as BridgeHost Server. ... Will all the Domain Controllers communicate with the Parent Domain ... I've got some questions concerning Trusts and Firewalls. ...
(microsoft.public.windows.server.active_directory)
Re: RPC Server is Unavailable
... Yes, your hunch is correct. ... Q179442 - How to Configure a Firewall for Domains and Trusts: ... Best regards, ...
(microsoft.public.windows.server.dns)