Over 30 ports are needed to be opened, not including the high (>1024 RPC
ports). Sound scary? Anyway, start here.
Active Directory in Networks Segmented by Firewalls
http://www.microsoft.com/downloads/d...displaylang=en
How to Configure a Firewall for Domains and Trusts (Q179442)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q179442" NetBIOS 137
138 139 session join joining map mapping
Network Address Translators (NATs) can block Netlogon traffic
http://support.microsoft.com/kb/172227/
How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
"kryan762" <(E-Mail Removed)> wrote in message
news:FFA158E8-A9C5-421A-9C93-(E-Mail Removed)...
let's say domainoutside.buddy.com has a one way trust with
domaininside.friend.com
a firewall exists between the domain controllers in domainoutside and
domaininside
another firewall exists between the member servers of domaina and the domain
controllers of domainoutside
Our goal is to open as few ports as possible What ports need to be open
between zones for this trust configuration to work correctly.
Do the member servers of the outside domain need the ability to ldap against
the domain controllers of the inside domain ?
When you attempt to add a user from the domaininside domain to a local group
on a domainoutside member server . How does the request flow ? Will the
member server ask the domain controllers for the oustide domain for the
information and when they don't have it will they ask the domain controllers
for the inside domain for the information or will they attempt to make the
request directly to the inside domain controllers ?
Similar Threads
Linear Mode
