eallerton
asked on
How do I create a trust between 2 Domains on different subnets?
I want to create a trust between 2 Domains so I can migrate over, Settings,etc, servers from Domain B to Domain A
Domain A is on the local network
Domain B is on the DMZ, but I can access the DMZ through the DNS/DC and all the servers are pingable.
How can I create a trust between both domains so I can do what I need to do?
Domain A is on the local network
Domain B is on the DMZ, but I can access the DMZ through the DNS/DC and all the servers are pingable.
How can I create a trust between both domains so I can do what I need to do?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DOMAINB trusts DomainA
DomainA
Run Active Directory Domains and Trusts->Right Click on the Domain and select Properties Then click the "Trusts" tab. Then click on New Trust. Provide DNS or NetBIOS name of other domain(DomainB). Here you need an "incoming trusts". If no other specific restriction, do forest trust. When done, you should have DomainB listed on the bottom box of the "Domains that trust this domain(incoming trusts)"
DomainB.
Do the same but the opposite of the above.
If you run into any problem or better yet, confirm if your firewall ports are opened since DomainB is in the DMZ:
These are the ports and protocol require to open on both side of the firewall if trust is to be established between two domains:
UDP 135, 389, 53, 88, 445, (for NetBIOS: 137, 138)
TCP 135, 389, 636, 53, 88, 445, 1024-65535, (for NetBIOS: 139, 42)
ICMP Dependency of port 139, also used by Windows Redirectors, Group Policy, MTU etc
Service Name UDP TCP
LDAP 389 389
LDAP SSL N/A 636
RPC Endpoint Mapper 135 135
Global Catalog LDAP N/A 3268
Global Catalog LDAP SSL N/A 3269
Kerberos 88 88