?
Solved

Route active directory authentication to different site.

Posted on 2009-05-18
4
Medium Priority
?
349 Views
Last Modified: 2012-05-07
Hi I have an AD forest with several child domains and physical sites connected with VPN connections. Not all sites have VPNs to every other site.
Say I have 3 sites A, B and C
Site A  is connected to Site B by VPN
Site B is connected to Site C by VPN.

We have a top level domain root.com with domain controllers in all three sites. We also have a child domain child.root.com that only has domain controllers in Site C

What I wanted to know is is it possible to configure AD so that a User in Site A can logon to the child domain even if they can't directly route to the domain controller of that domain. Is it possible to get the domain controllers from the parent domain to process the authentication?

Any ideas or is this not possible with a direct connection.
0
Comment
Question by:matthewsj11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 24411560
The acutal allow authentication will eventually be it's own DC in it's own domain for it's user that exist in that domain, regardless how your AD design topology is configured. So, the only thing I can think of is that user account belong to the child domain in site C trying to logon or authenticate from site A would have problem if the firewall is blocking it. Assuming that you already have trust either by default or manually created between all domains, and your network is connected between A and B as well as B and C, the network connection is connected between A and C via B. Unless you have firewall blocking it. So, in therory, if firewall is not blocking traffic from A to C, you should not have any issue.
0
 
LVL 1

Author Comment

by:matthewsj11
ID: 24411858
There is no direct routing between sites A and C which is why I wanted to know if it was possible to relay the authentication. If possible I want to avoid configuring the routing.

I am guessing that it is not possible.
0
 
LVL 18

Accepted Solution

by:
Americom earned 1500 total points
ID: 24412164
That is not possible. The other thing that comes up to my mind is IAS where you can forward authentication request to another domain's IAS. But this also will required you to open connection from IAS server in Site C <-> IAS in Site A. Without connection between the two network, that would not be an option.
0
 
LVL 1

Author Closing Comment

by:matthewsj11
ID: 31582546
Thanks I did not think this was possible but was hoping for a bright idea from someone.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question