One-way forest trust between geographically distributed forests using Server 2008 R2

Posted by bwerks on Server Fault See other posts from Server Fault or by bwerks
Published on 2010-05-19T20:46:45Z Indexed on 2010/05/19 20:51 UTC
Read the original article Hit count: 414

Filed under:
|
|

Hi all,

I'm planning out a joinder between two domains, as would take place with contracting companies. Forests A and B exist in distant sites, and there is to be a one-way forest trust so that domain users in Forest A can be authenticated on machines in Forest B.

In order to facilitate this, each forest's domain controller must be able to contact each other in order to set up & confirm the trust, but my question is what underlying networking magic must take place beneath it.

So far the prevailing approach has been to maintain a VPN connection between the two sites, but the technet documentation seems to indicate that DNS forwarding may be the way to go. Is this the case?

Furthermore, if DNS will suffice, does that mean that there must be a server running DNS on boundary servers in each domain so that they can be reached from across the internet? How must they be configured?

Thanks!

© Server Fault or respective owner

Related posts about windows-server-2008-r2

Related posts about trust