Within a domain, when a user’s credentials are presented to a member server, that member server communicates with the domain controller to validate the creds.

 

We have a cross-forest (cross–company; a divestiture) trust set up that we are testing.  A member server in the other forest/domain and across the firewall is having trouble authenticating credentials from our domain.  Their DC works fine.  Ports on the firewall are only opened for the two domain controllers (one on each side).

 

Here’s the question:  in order to validate the “foreign” credentials, should the member server be looking first to its own DC, or is it trying to cross the firewall to find our DC?  Based in the preliminary traffic sampling so far, I think that’s what is happening.  Is that normal/expected behavior?

 

TIA,

AL

Al Maurer
Service Manager, Naming and Authentication Services
IT | Information Technology
Agilent Technologies
(719) 590-2639; Telnet 590-2639
http://activedirectory.it.agilent.com

 

Reply via email to