I was tasked with setting up FreeIPA & Active Directory and connecting them
with a trust relationship.
On FreeIPA 4.5, I created ipa.companydomain.com, set up an internal DNS zone
for companydomain.com (which my company has used for both internal and external
DNS - a bad practice, I know), and then tried to establish a trust relationship
with Active Directory 2016. No dice. Alexander B. on here told me that AD does
not expect that a forest can have a TLN which is superior to AD forest's root
A Microsoft article on AD best practices recommends registering a public domain
and then using a subdomain of that for internal purposes. That sounds sensible.
Here's what I envision:
companyname.com (external sites + external DNS) -> corp.companyname.com
(FreeIPA + intranet DNS) -> ad.corp.companyname.com (Active Directory domain)
Does that sound sensible? Just wanted to run it by someone else so I don't end
up surprised again.
MIM Software, Inc.
[ https://www.mimsoftware.com/ | https://www.mimsoftware.com ]
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org