Solved

Active Directory trust setup

Posted on 2006-11-07
7
1,965 Views
Last Modified: 2012-05-05
I have two seperate networks (Office network, web farm network). Both are Windows 2003 server. I currently have an active directory domain in the office network. I want to create a domain for the web farm but have it seperate from the office domain. I want there to be a one way trust to where object in the office can access object in the web farm, but the web farm cannot access object in the office.

Can someone explain what I need to do for the web farm? Do I need a Domain In A New Forest? Child domain in an existing domain tree? Or domain tree in an existing forest?

Thanks in advance
0
Comment
Question by:periker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 

Author Comment

by:periker
ID: 17892117
I'm going with a seperate forest & domain so I can do a one way trust. I'm open for any suggestions though.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 63 total points
ID: 17893665
Morning,

you do either/or really, if you create forests then you will need a forest trust, which is a little more segmenting than a single forest with two domains. For your scenario i would have created a new domain in a separate domain in an existing forest.

Can i ask why you would like to keep them separate, i mean, if its for business reasons then fair call, but if not then you might find it much easier to have a single domain, just a thought

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd05.mspx
0
 

Author Comment

by:periker
ID: 17893681
For security purposes. If my remote site gets broken into, it does not have access to my home office.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17893798
fair enough, you can secure it down pretty heavily with a single AD but I can understand your concern as well
0
 
LVL 9

Assisted Solution

by:vsg375
vsg375 earned 62 total points
ID: 18092506
Hi,

If you add a new domain to an existing forest, 2 way transitive trusts will automatically be generated, which means potential trouble.

Creating a new forest is OK, BUT :

1. It will generate much more administrative overhead
2. Cross-forest trusts ONLY work @ full native 2003 forest functional level. In ALL other cases, there is no way to establish a full forest trust, even one way. You would have to do it the old way, on a per domain basis.

Conclusion :

If you don't mind the administrative overhead, and have only one domain in your home office, create a new forest for your web farm, make sure the functional level is not raised to full native 2003, and establish a one way trust between home domain and web farm domain. Security shouldn't be compromised that way.

HTH
Cheers
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question