RE: AD Trusts and Firewall

From: ldr_78 <ldr78@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Nov 2007 11:02:02 -0800

In fact If i want to be more precise I would like to know what should be
opened in the firewall in the following configuration :
I have 2 Sites separated by a firewall.
On the 1st Site I have
A root Domain "R" with 2 DCs : RDC1 & RDC2
A child Domain "C" With 2 DC : CDC1 & CDC2
CDC1 is set as BridgeHost Server.

On the 2nd site I have 2 domain Controllers for domain "C" (CDC3 & CDC4)
CDC3 is a BridgeHost Server
Nothing Concerning Domain "R"

What should be opened on the firewall in order for the 2 site concerning
the Parent-child trust ?

Will all the Domain Controllers communicate with the Parent Domain
Controllers or only CDC3 (BridgeHost Server)

Best Regards

Laurent

"ldr_78" wrote:

Hi,
I've got some questions concerning Trusts and Firewalls. (I hope my
explanation will be clear).
I have an Active Directory Forest (ad.local) with an empty root domain
(ADROOT)
2 domain controllers are installed for this root domain.
I have a child domain (d1.ad.local) with 2 domain controllers.
This child domain is trusted with other Windows domains for migration
purposes.

I need now to install some Domain controllers on other sites protected with
firewall where I will need to add some trusts with their local domain for
migration purpose.

What are the firewall rules to be added between each of these elements (For
the Moment nothing is opened) ?

Best Regards

This can be summarized like
ADROOT
|--DC1
|--DC2
|
Legacy Domains-/Trust/- D1.ad.local -/FW/--- -/Trust/- Legacy
Domains
|-DC3 |-DC5
|-DC4 |-DC6
| |

Prev by Date: Re: Granting client local admin access via GPO to logged on user o
Next by Date: Re: To trust or not to trust???
Previous by thread: Re: AD Trusts and Firewall
Next by thread: Re: view SID question.
Index(es):
- Date
- Thread

Relevant Pages

Re: AD Trusts and Firewall
... you can pretty much ignore the client ports in MS's example IF the domain in which a client is a member of does not have a traverse over a firewall. ... trusted domains/forests only require communication between the domain/forest in which it explicitly trusts. ... you will need to setup communication through the firewall for all ports listed under "Server Ports" in MS's documentation for all of the domain controllers on each side of any trust you create. ...
(microsoft.public.windows.server.active_directory)
Re: AD Trusts and Firewall
... each domain controllers need to be able to communicate with each other? ... firewall. ... firewall between the trusts). ... Joseph T. Corey MCSE, Security+ ...
(microsoft.public.windows.server.active_directory)
Re: How To Force LDAP Queries Through One Domain?
... In any case, my focus wasn't on whether a firewall was necessary, but more ... Other white papers on the topic of isolating domain controllers behind ... Windows 2003 that documents behavior between two forests in a trust, ... >> When you login to a domain on a computer that is a member server in the ...
(microsoft.public.windows.server.active_directory)
Re: Windows firewall for domain controllers
... So, if the Windows Firewall on the Domain Controllers is blocking the authentication requests, you will get the symptoms your users report. ... It is quite possible that the Firewall Policy you configured for the Domain has different settings for the Standard Profile than for the Domain Profile in the Windows Firewall part of the GPO. ...
(microsoft.public.windows.group_policy)
Re: AD Trusts and Firewall
... I've got some questions concerning Trusts and Firewalls. ... I have a child domain with 2 domain controllers. ... migration purpose. ... What are the firewall rules to be added between each of these elements (For ...
(microsoft.public.windows.server.active_directory)