1) I think firewall config is beyond the scope of this
group. However my thoughts are that
a) if you trust the other party enough to trust their domains, then
b) you should trust their firewall enough to keep nasty's out fro their side
so
c) The firewall should allow all ports from the VPN.
<< However your level of paranoia may higher or lower than
mine is today>>>
2) If I remember properly down level (non-kerberos) trusts
go to the PDC emulator. At least we tend to loose ours when the PDC emulator
goes sick...
From:
[EMAIL PROTECTED] on behalf of
[EMAIL PROTECTED]
Sent: Mon 2006-04-24 12:28
To: [email protected]
Subject: [ActiveDir] ACtive directory Trusts and firewall configuration
Sent: Mon 2006-04-24 12:28
To: [email protected]
Subject: [ActiveDir] ACtive directory Trusts and firewall configuration
Dear list!
I'm in the need of setting up trust between two existing
Active directory domains and i have a few questions regarding this. the goal is
that people can logon form either domains with their user credentials and that
people can use resources in both domains, we also need the exchange addressbooks
in both domain to replicate to each other but thats maybe a different
list.
Domain A has 8 domain controllers where as the operation
master roles are spread on different servers, domain b has only 1 domain
controller.
We have configured a VPN between the networks so the
communication is up and running.
My questions are:
What ports do i need to open in the firewall to achive
this?
And do i have to open trust from domain B to all of
my DC's in domain A or is it enough to open towards any DC or a
specific DC? (wich server roles does it need)
Many thanks in advance.
Med vennlig hilsen / Best
regards
Jan
Wilhelmsen
IT-Technician
Bilia Personbil as
Økernveien 115
0510, Oslo
Norway
Tel: +47
22882546
Mob:+47 95928392
Fax: +47 22970387
Mail: [EMAIL PROTECTED]
MSN: [EMAIL PROTECTED]
Gmail: [EMAIL PROTECTED]
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act.
If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system.
Thank you.
http://www.stockport.gov.uk
**********************************************************************
