Forest trust design with multiple network segments Share on Facebook Post on reddit Tweet on Twitter Share on LinkedIn Home › Forums › Microsoft Networking and Management Services › Active Directory › Forest trust design with multiple network segments This topic has 2 replies, 2 voices, and was last updated 7 years, 9 months ago by Strago. Viewing 1 post (of 1 total) Author Posts StragoMember Jul 22, 2013 at 12:36 pm #161976 We have three firewalled network segments A | B | C A = our existing internal forest B = a single DC added to our existing forest in A, to be stood up specifically to create this trust C = external forest (B is necessary as we are unable to make A directly routable to C and want to avoid NAT’ing. Long story.) We have opened all ports between the new DC in B, and the existing DCs in A. We will probably do the same for the new DC in B, and one or all DCs in C. Forest in AB is 2003, forest in C is 2008R2. Questions: 1) The member servers and workstations in A cannot communicate with the DC in B. Should any additional config be done to account for this? Note that A is on a separate subnet than BC. 2) The DC’s in A cannot see the DC’s in the external forest in C. Should any additional config be done to account for this? 3) Does the DC in B need to hold any fsmo’s? Thanks, Jaime Author Posts Viewing 1 post (of 1 total) You must be logged in to reply to this topic.