Are you sure that the separate domain will meet the organization's requirements? Remember, the forest is the security boundary, not the domains.
Hunter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:36 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domains Separated by Firewall Hi: We are doing an AD/E2K3 migration, and we have a scenario that I haven't found covered in the archives: Our AD forest presently consists of an empty forest root, with a single child domain. We have a division, however, with significantly higher security requirements than the rest of the organization. Presently, they are running Exchange 55 as a site within our organization but with a separate NT domain with NO trust between our domains. They are separated from us by a firewall, with the only connectivity between us being port 102 (x400), and all communication must be initiated from their side. No resource sharing other than email is required, and no cross-domain authentication is needed. I'm looking at setting them up as a separate domain in our forest, with an SMTP site link for directory replication. We will be kicking the tires in the lab, but does anyone have any real-life experiences (traumas, acquired phobias, etc.) with similar scenarios? Thanks, Andy Schan List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/