I was tasked with setting up FreeIPA & Active Directory and connecting them with a trust relationship.
On FreeIPA 4.5, I created ipa.companydomain.com, set up an internal DNS zone for companydomain.com (which my company has used for both internal and external DNS - a bad practice, I know), and then tried to establish a trust relationship with Active Directory 2016. No dice. Alexander B. on here told me that AD does not expect that a forest can have a TLN which is superior to AD forest's root domain. A Microsoft article on AD best practices recommends registering a public domain and then using a subdomain of that for internal purposes. That sounds sensible. Here's what I envision: companyname.com (external sites + external DNS) -> corp.companyname.com (FreeIPA + intranet DNS) -> ad.corp.companyname.com (Active Directory domain) Does that sound sensible? Just wanted to run it by someone else so I don't end up surprised again. --- Justin Smith IT Analyst MIM Software, Inc. [ https://www.mimsoftware.com/ | https://www.mimsoftware.com ]
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org