AD TRUST Between Domains

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My company has two offices. One here in the USA and the other in UK. We have
a VPN connection to the UK office. Currently we have our own domain (which is
a Windows 2000) and our own exchange server that our users here (USA) access.
They have their own domain (Windows Server 2003) and exchange server also.
Seein that these are two separate forests, I would like to establish a trust
between the two, whereas a user from our office can go to the UK, logon, get
authenticated, and be able to access their emails and files as if they were
here at the USA office, and vice versa. What kind of trust relationship would
be needed, and what other settings (DNS, Firewall, etc) would I need to
configure and where? Please help. Thank you all for your support.
 
Hi,

You would have to establish an external trust between any two W2K
domains in separate
forests but they will not support cross-forest, transitive trust or UPN
or SPN authentication.
External trusts use NTLM v2 authentication protocol and will not
support Kerberos authentication.

To impliment an actual cross-forest transitive trust, both forests must
be running in W2K3 forest functional level and specifically be
configured for cross-forest trust.
This type of trust will support Kerberos authentication, and will
support UPN and SPN authentications so regarless of how many domains
are within the forest, they will be a transitive trust throughout.

More information can be found here
How Domain and Forest Trusts Work
http://technet2.microsoft.com/Windo...25cd-4481-8b7a-3d65c86e69b11033.mspx?mfr=true


Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
 
a one-way forest trust where the outgoing part is on the UK side and the
incoming part is on the US side. For you to be able to setup a trust
nameresolution between the two domains is needed by using NetBIOS or DNS
nameresolution

also see:
the procedure to setup a trust is explained in:
for external trust
http://www.microsoft.com/technet/pr...elp/b30ef067-746e-4453-b879-804259aafdd3.mspx

MS-KBQ179442_How to Configure a Firewall for Domains and Trusts

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
If I wanted to simulate this in VMware, using VMare's NAT before putting it
into production; is this possible? Has anyone of you done this before; If
not, please recommend what I can do to fully test this procedure before
putting it into production. If VMware is ideal, then I'm open to
configuration options. Thanks.
 
Why a one-way forest trust? If so, then what about when the UK users come to
the US and would like to access their emails and files on their servers. Will
I have to create another seperate trust relationship?
 
Ok, so let me ask you - Would you recommend upgrading our domain from 2k to
2k3, or for now just go with it as is? Also, what is the best method of
approach if we decided to upgrade? Would an in place upgrade be best, or a
swing upgrade? Thanks, Jorge.
 
Back
Top