C
cxk69
I have created a separate forest in a perimeter network and am
trying to work out a few things. The DMZ forest consists of an empty
root DC (let's say DC1), a separate domain DC (DC2), plus two member
servers (MS1,MS2) for a total of four. All WIN2003R2 (2003 Mode).
The plan is to create a one way trust from the DMZ into our network and
a few questions have come up I am having a hard time answering.
As I said I plan on creating a one-way External Trust from DC2 to our
internal network (W2K Native).
Would DC1 (forest root) be involved in this communication through the
firewall?
My guess is no that all communication with DC1 would happen only
within the DMZ.
Who would initiate communication between DC2 and the internal network
in a one-way trust?
My guess is DC2 but I am thinking we may not be able to create a
firewall rule for this and will just need to keep the ports open both
ways.
And last of all, can I force DC2 to a specific DC in our internal
network? It was thought that this might be more secure. I am certain
this can be done but am having trouble locating any info on it.
Thanks for any insight, it is hard for me to find this type of detail
on Microsoft's site.
P.S. My email above is not checked, it's for spam.
trying to work out a few things. The DMZ forest consists of an empty
root DC (let's say DC1), a separate domain DC (DC2), plus two member
servers (MS1,MS2) for a total of four. All WIN2003R2 (2003 Mode).
The plan is to create a one way trust from the DMZ into our network and
a few questions have come up I am having a hard time answering.
As I said I plan on creating a one-way External Trust from DC2 to our
internal network (W2K Native).
Would DC1 (forest root) be involved in this communication through the
firewall?
My guess is no that all communication with DC1 would happen only
within the DMZ.
Who would initiate communication between DC2 and the internal network
in a one-way trust?
My guess is DC2 but I am thinking we may not be able to create a
firewall rule for this and will just need to keep the ports open both
ways.
And last of all, can I force DC2 to a specific DC in our internal
network? It was thought that this might be more secure. I am certain
this can be done but am having trouble locating any info on it.
Thanks for any insight, it is hard for me to find this type of detail
on Microsoft's site.
P.S. My email above is not checked, it's for spam.