asked on

ad replication and nat

Hi
can active directory replication work if there is NAT between two sites?
thanks

ASKER CERTIFIED SOLUTION

Fatal_Exception

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

aresblade22

ASKER

how should i configure it?
some special indications? some documents on this?
what about trust between two forest? does it work with nat?
how to configure?
thanks

Fatal_Exception

You got some reading ahead of you, that is for sure.. hope you are up for it.. :)

And once you configure your trust relationships, certainly, they will work through the routers also.

This article pretty much covers all your questions..

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx

aresblade22

ASKER

Ok but this mean that the only way to replicate two domain controllers with nat in the middle is to use ipsec?
is the only way?
are there some improvements with 2003?
Thanks

Fatal_Exception

No, but if you do not use IPSEC, then you must open your firewalls to RPC traffic, and I would never suggest that.

I believe that W2K and 2K3 use all the same technologies for replication...

aresblade22

ASKER

they always talk of nat with ipsec but i need a document with only nat and ad,
i have:

ad server 1- 10.1.1.1-------------------------------10.1.1.2 nat 192.168.2.1-----------------------------ad server 2- 192.168.2.2

no vpn or ipsec only nat between two private networks, does this work? some documents on this?
thanks

Fatal_Exception

Refund the points.. never did get a chance to get back on this one... sorry...