Re: AD Trusts and Firewall
- From: ldr_78 <ldr78@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Nov 2007 05:45:00 -0800
Sorry to insist but jist to be sure :
each domain controllers need to be able to communicate with each other ?
regards
Laurent
"Joseph T Corey" wrote:
I'll attempt to break this down the best I can (without confusing myself)..
First, you can pretty much ignore the client ports in MS's example IF the
domain in which a client is a member of does not have a traverse over a
firewall (which appears to be the case here). Also, trusted domains/forests
only require communication between the domain/forest in which it explicitly
trusts (any transitivity with child domains all happens through the root of
the trust - unless a shortcut trust is created).
In your case, you will need to setup communication through the firewall for
all ports listed under "Server Ports" in MS's documentation for all of the
domain controllers on each side of any trust you create (assuming there is a
firewall between the trusts).
If I have your scenario incorrect, please let me know as it was difficult to
understand what you were trying to accomplish.
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx
"ldr_78" <ldr78@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D11652B0-99FE-4517-8209-42AEF5A03476@xxxxxxxxxxxxxxxx
I've seen this document but I do not know between which machines these
protocols should be opened.
In my case shall the 2 domain controllers behind a firewall be able to
communicate with the Root domain or only with one DC of the Child ?
Regards and thanks for you help
Laurent
"Joseph T Corey" wrote:
Microsoft has this pretty well documented:
http://support.microsoft.com/kb/179442
http://technet2.microsoft.com/windowsserver/en/library/108124dd-31b1-4c2c-9421-6adbc1ebceca1033.mspx?mfr=true
Hope that helps!
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx
"ldr_78" <ldr_78@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D699B7F6-020A-40CB-A04B-8A8A97A28B6F@xxxxxxxxxxxxxxxx
Hi,
I've got some questions concerning Trusts and Firewalls. (I hope my
explanation will be clear).
I have an Active Directory Forest (ad.local) with an empty root domain
(ADROOT)
2 domain controllers are installed for this root domain.
I have a child domain (d1.ad.local) with 2 domain controllers.
This child domain is trusted with other Windows domains for migration
purposes.
I need now to install some Domain controllers on other sites protected
with
firewall where I will need to add some trusts with their local domain
for
migration purpose.
What are the firewall rules to be added between each of these elements
(For
the Moment nothing is opened) ?
Best Regards
This can be summarized like
ADROOT
|--DC1
|--DC2
|
Legacy Domains-/Trust/- D1.ad.local -/FW/--- -/Trust/-
Legacy
Domains
|-DC3 |-DC5
|-DC4 |-DC6
| |
- References:
- Re: AD Trusts and Firewall
- From: Joseph T Corey
- Re: AD Trusts and Firewall
- From: ldr_78
- Re: AD Trusts and Firewall
- From: Joseph T Corey
- Re: AD Trusts and Firewall
- Prev by Date: Re: Processor Queue Length
- Next by Date: Exchange in NT and win2003 domain
- Previous by thread: Re: AD Trusts and Firewall
- Next by thread: RE: AD Trusts and Firewall
- Index(es):
Relevant Pages
|
