RE: Guidence required in the low level workings of Domain Trusts
- From: Dysan <Dysan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Apr 2008 08:40:05 -0700
Well I shouldn't have any trouble sleeping tonight ;-)
Everything is working fine with the trust and DNS but that doesn't mean it
can't work better. Just trying to get into the nuts and bolts of it.
Thanks
"Greg" wrote:
I once read that 80% of Active Directory problems are DNS related and.
experience has proven that to be true. I highly recommend that you spend
some time making sure DNS is working properly in your environment. That
being said, you asked for some documentation so here you go. Not trying to
bury you in books but there really is a lot of good info here.
Understanding Logon and Authentication
http://technet.microsoft.com/en-us/library/bb457114.aspx
How to optimize pass-through authentication of user accounts after you
create an external trust between two Microsoft Windows Server 2003 Service
Pack 1 (SP1)-based forests
http://support.microsoft.com/kb/916474
How Domain Controllers Are Located in Windows
http://support.microsoft.com/kb/247811
How to optimize the location of a domain controller or global catalog that
resides outside of a client's site
http://support.microsoft.com/kb/306602
How DNS Support for Active Directory Works
http://technet2.microsoft.com/windowsserver/en/library/9d62e91d-75c3-4a77-ae93-a8804e9ff2a11033.mspx?mfr=true
Windows 2000 Startup and Logon Traffic Analysis
http://technet.microsoft.com/en-us/library/bb742590.aspx
Global Catalog Tools and Settings
http://technet2.microsoft.com/windowsserver/en/library/0d34c3b9-499b-41d3-a55f-527ce61e78581033.mspx?mfr=true
Name Resolution
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbi_add_xvuo.mspx?mfr=true
Best Regards,
Greg
"Dysan" wrote:
Hi all,
I was hoping someone would be able to either point me in the direction of
some good documentation that will cover this or be able to explain (Google is
failing me).
I'm trying to find out how (step by step) if possible how user
authentication takes place across an external trust in a Windows 2003 AD
environment. I'll briefly explain the environment.
We have two organisations 1 has a domain within a larger forest that is part
of another organisation and is both Windows 2003 domain and forest functional
level. The 2nd organisation has its own forest with 1 domain and is Windows
2000 native. Both organisations are multi-site and have domain controllers
across some of these sites and are joined by a private pipe which has a
firewall at each end. We have an external trust in place between the 2
domains that is functioning no problem.
If a user from one organisation logs into a machine at the other
organisation which domain controller at the users home organisation is going
to process the authentication request? At the moment it seems to be randon
i.e. which ever one it gets out of DNS first.
I am trying to concentration the trust authentications to just the domain
controllers residing in the sites that have the joining connection instead of
authentication traffic bouncing all over the WAN.
Will adding remote subnets into Sites and Services and attaching to a dc
have any impact?
Also I believe the process can change depending on the authentication type,
if kerberos fails then NTLM uses a different technique.
Can anyone help me out on this?
Thanks
- References:
- Prev by Date: GPO, OU and best practice and advice
- Next by Date: Re: ADAM and Directory Partitions
- Previous by thread: RE: Guidence required in the low level workings of Domain Trusts
- Next by thread: Migrate users from Domain to Workgroup
- Index(es):
Relevant Pages
|
