[Webinar] Streamline your web hosting managementRegister Today


Active Directory through VPN tunnel Server 2003

Posted on 2007-10-06
Medium Priority
Last Modified: 2010-08-05
I have a VPN tunnel configured with two firewalls.  Domain A has its own Forest, Domain B has its own Forest.  I want to create a trust or make domain B a subdomain if possible of Domain A.  I can ping and access all server by typing the ip address, So I know my connection is good. Both servers are windows 2003 active directory master domain contollers with DNS on them.  I am having difficulty as to where to start in DNS to allow Domain B to see Domain A to create any sort of trust relationship.
Question by:playton
1 Comment
LVL 30

Accepted Solution

LauraEHunterMVP earned 2000 total points
ID: 20029097
> "I want to create a trust or make domain B a subdomain if possible of Domain A. "

The only way to make domainB a sub-domain of domainA is to perform a full-on Active Directory migration; there's no simple way to take an existing forest root domain and say "Okay, we're going to graft you onto this other forest over here now."

On to the trust relationship.  In order to create a trust, DomainA must be able to resolve the A records and SRV records for DomainB's domain controllers, and vice versa.  Two common ways to do this:

[1] Set up conditional forwarding on your DNS servers.  Configure DomainA DNS with conditional forwarders that forward all *.domainb.com queries to the IP addresses of DomainB's DNS servers, and vice versa.

[2] Set up a stub zone in DomainA that points to DomainB's DNS servers, and vice versa.

Also ensure that the correct ports are open between DomainA's DCs and DomainB's DCs: http://technet.microsoft.com/en-us/library/Bb727063.aspx

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question