Forest trust design with multiple network segments

Home Forums Microsoft Networking and Management Services Active Directory Forest trust design with multiple network segments

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Strago
    Member
    #161976

    We have three firewalled network segments A | B | C

    A = our existing internal forest
    B = a single DC added to our existing forest in A, to be stood up specifically to create this trust
    C = external forest

    (B is necessary as we are unable to make A directly routable to C and want to avoid NAT’ing. Long story.)

    We have opened all ports between the new DC in B, and the existing DCs in A. We will probably do the same for the new DC in B, and one or all DCs in C.

    Forest in AB is 2003, forest in C is 2008R2.

    Questions:

    1) The member servers and workstations in A cannot communicate with the DC in B. Should any additional config be done to account for this? Note that A is on a separate subnet than BC.

    2) The DC’s in A cannot see the DC’s in the external forest in C. Should any additional config be done to account for this?

    3) Does the DC in B need to hold any fsmo’s?

    Thanks,
    Jaime

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.