AD and Trusts over a DMZ

Viewing 1 post (of 1 total)
  • Author
  • Avatar


    I have posted this query elsewhere (another site) with no response, since I’ve used Petri a lot over the years I felt this would be a good source of expertese for another posting and a good excuse to sign up.

    Currently I have two seperate 2003 native domains in seperate forests. 1 is deployed on our LAN and another on my DMZ. This is test bed before I do anything to our live systems :).

    Due to some new requirements I have had to setup a one-way trust between the two so our LAN user access to the DMZ based servers can be controlled. This has been done and works on my test servers, with one issue explained below.

    What I thought happened in this scenario was that all authentication requests would filter from the servers in the DMZ to the DMZ DC then to the LAN DC so the only cross zone communications would be between the DCs.

    This does not seem to be the case. My test server on the DMZ domain will only login correctly with a LAN user when I open ports to the LAN DC. I may as well join it to the LAN domain in this instance…

    What I want to avoid is swiss cheesing my firewall to allow each DMZ server access to my internal DC as I have approx 50 DMZ servers requiring it when I push it live.

    Does anyone have any suggestions or thoughts on this?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.