replication between DCs won't work accross a NAT, but authentication does. You might have to add some static entries to your DNS on either side of the FW, but should get it to work.
/Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FDiskThePC Sent: Montag, 13. Februar 2006 21:13 To: [email protected] Subject: Re: [ActiveDir] Separate AD forest in a DMZ Good point. The requirements are that the DMZ forest needs to have a one way trust to the production forest so that user accounts in the production forest can access DMZ resources. --- Al Mulnick <[EMAIL PROTECTED]> wrote: > It's not clear what the requirements are nor what > you expect to break. You > aren't thinking of putting a MSCS across a firewall > anyway, now are you? > Better yet, if so, which type of cluster? > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
