Solved

How do I create a trust between 2 Domains on different subnets?

Posted on 2009-05-12
2
199 Views
Last Modified: 2012-05-06
I want to create a trust between 2 Domains so I can migrate over, Settings,etc, servers from Domain B to Domain A

Domain A is on the local network
Domain B is on the DMZ, but I can access the DMZ through the DNS/DC and all the servers are pingable.

How can I create a trust between both domains so I can do what I need to do?

0
Comment
Question by:eallerton
2 Comments
 
LVL 16

Accepted Solution

by:
speshalyst earned 500 total points
ID: 24367164
This should help you get started..
http://www.neowin.net/forum/index.php?showtopic=602764
 
0
 
LVL 18

Expert Comment

by:Americom
ID: 24374225
In your scenario:
DOMAINB trusts DomainA
      
DomainA         
Run Active Directory Domains and Trusts->Right Click on the Domain  and select Properties Then click the "Trusts" tab. Then click on New Trust. Provide DNS or NetBIOS name of other domain(DomainB). Here you need an "incoming trusts". If no other specific restriction, do forest trust. When done, you should have DomainB listed on the bottom box of the "Domains that trust this domain(incoming trusts)"

DomainB.
Do the same but the opposite of the above.

If you run into any problem or better yet, confirm if your firewall ports are opened since DomainB is in the DMZ:
These are the ports and protocol require to open on both side of the firewall if trust is to be established between two domains:

UDP      135, 389, 53, 88, 445, (for NetBIOS: 137, 138)
TCP       135, 389, 636, 53, 88, 445, 1024-65535, (for NetBIOS: 139, 42)
ICMP      Dependency of port 139, also used by Windows Redirectors, Group Policy, MTU etc


Service Name             UDP       TCP
LDAP                   389       389
LDAP SSL             N/A       636
RPC Endpoint Mapper       135       135
Global Catalog LDAP       N/A       3268
Global Catalog LDAP SSL N/A       3269
Kerberos             88       88
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Disabling null sessions on domian controllers 15 33
Export a GPO and import a GPO 3 45
AD user profile  integration 5 21
GPO not showing IE10 in GP Preferences 14 43
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question