One-way forest trust between geographically distributed forests using Server 2008 R2
Posted
by bwerks
on Server Fault
See other posts from Server Fault
or by bwerks
Published on 2010-05-19T20:46:45Z
Indexed on
2010/05/19
20:51 UTC
Read the original article
Hit count: 414
Hi all,
I'm planning out a joinder between two domains, as would take place with contracting companies. Forests A and B exist in distant sites, and there is to be a one-way forest trust so that domain users in Forest A can be authenticated on machines in Forest B.
In order to facilitate this, each forest's domain controller must be able to contact each other in order to set up & confirm the trust, but my question is what underlying networking magic must take place beneath it.
So far the prevailing approach has been to maintain a VPN connection between the two sites, but the technet documentation seems to indicate that DNS forwarding may be the way to go. Is this the case?
Furthermore, if DNS will suffice, does that mean that there must be a server running DNS on boundary servers in each domain so that they can be reached from across the internet? How must they be configured?
Thanks!
© Server Fault or respective owner