Jan,
Just to add to what's been said......
1. Your success and mileage may vary according to the type of firewall
you're using (e.g... FW1/PIX/ISA2004 - easy'ish, ISA2K - forget it)
2. Constraining RPC (by limiting communicating ports above 1024) should
be considered an absolute must ... this'll need a registry change on
every DC
3. You'll need to allow all 8 Domain A DC's to communicate thru the
firewall to Domain B (and obviously vice-versa) as each'll need to set a
secure channel to the target domain
4. If applying ACL's between domains (say on file and print servers),
bear in mind that the FAP's will also require visibility to the target
domain as well thru the firewall, i.e. rules as well
5. Are you planning on using MIIS/IIFP to GAL Synch between the 2 domains?
Regards,
Mylo
Dave Wade wrote:
1) I think firewall config is beyond the scope of this group. However
my thoughts are that
a) if you trust the other party enough to trust their
domains, then
b) you should trust their firewall enough to keep nasty's
out fro their side so
c) The firewall should allow all ports from the VPN.
<< However your level of paranoia may higher or lower than mine is
today>>>
2) If I remember properly down level (non-kerberos) trusts go to the
PDC emulator. At least we tend to loose ours when the PDC emulator
goes sick...
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED] on behalf of
[EMAIL PROTECTED]
*Sent:* Mon 2006-04-24 12:28
*To:* [email protected]
*Subject:* [ActiveDir] ACtive directory Trusts and firewall configuration
Dear list!
I'm in the need of setting up trust between two existing Active
directory domains and i have a few questions regarding this. the goal
is that people can logon form either domains with their user
credentials and that people can use resources in both domains, we also
need the exchange addressbooks in both domain to replicate to each
other but thats maybe a different list.
Domain A has 8 domain controllers where as the operation master roles
are spread on different servers, domain b has only 1 domain controller.
We have configured a VPN between the networks so the communication is
up and running.
My questions are:
What ports do i need to open in the firewall to achive this?
And do i have to open trust from domain B to all of my DC's in domain
A or is it enough to open towards any DC or a specific DC? (wich
server roles does it need)
Many thanks in advance.
Med vennlig hilsen / Best regards
*Jan Wilhelmsen*
IT-Technician
*Bilia Personbil as*
Økernveien 115
0510, Oslo
Norway
Tel: +47 22882546
Mob:+47 95928392
Fax: +47 22970387
Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
MSN: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Gmail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. As a public body, the Council may be required to
disclose this email, or any response to it, under the Freedom of
Information Act 2000, unless the information in it is covered by one
of the exemptions in the Act.
If you receive this email in error please notify Stockport e-Services
via [EMAIL PROTECTED] and then permanently remove it from
your system.
Thank you.
http://www.stockport.gov.uk
**********************************************************************
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.5/322 - Release Date: 22/04/2006
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
