Solved

windows server 2003 forest trusting plan

Posted on 2010-08-30
9
468 Views
Last Modified: 2012-05-10
Hi Experts, I have read some steps on how to do server 2003 forest trusting.

I have gathered these:

1. checklist : creating a forest trust (http://technet.microsoft.com/en-us/library/cc756852(WS.10,printer).aspx

2. configure firewall for forest trust. - we have ipsec using juniper and cisco asa, what are the common forest trust ports to be opened? and are there any more to consider?

many thanks
0
Comment
Question by:ragot
  • 5
  • 4
9 Comments
 
LVL 4

Accepted Solution

by:
goyal_251 earned 500 total points
ID: 33556967
0
 

Author Comment

by:ragot
ID: 33556992
goyal : those on the list are the only ports required for ipsec to work on forest trust?
0
 
LVL 4

Expert Comment

by:goyal_251
ID: 33557212

you would need to open the port for Global Catalog, LDAP,DNS,File Replication Service and Kerberos services that u have already open.however can u see below link as well,state to create registry vlaue

http://technet.microsoft.com/en-us/library/cc756944(WS.10).aspx
http://support.microsoft.com/kb/555381
     
0
 

Author Comment

by:ragot
ID: 33565094
1. http://technet.microsoft.com/en-us/library/cc756944(WS.10,printer).aspx


2. http://support.microsoft.com/kb/179442

Some ports are present on number 2, may i know if all ports in number 2 are required to be open for forest
trusting? thanks
0
 
LVL 4

Expert Comment

by:goyal_251
ID: 33566412

(LSA) RPC randomly allocated high TCP ports.you can restrict it by creating registry value also you would need to open file replication open and Active directly port

Restrict FRS Traffic to a Specific Static Port -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters

New     =          Reg_DWORD

Name   =          RPC TCP/IP Port Assignment

Value   =          10000              (Decimal)


Restricting Active Directory replication traffic to a specific port
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

New     =          REG_DWORD

Name   =          TCP/IP Port

Data     =          10001              (Decimal)

 
RPC dynamic port allocation  (Only allow ports 10002 - 10200 for RPC from other machines)

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\

Create a New Key = Internet

Locate and then click the following key in the registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\

Add the values

"Ports" (MULTI_SZ)                            =          10002-10200

"PortsInternetAvailable" (REG_SZ)       =          Y

"UseInternetPorts" (REG_SZ)               =          Y

now open 10000-10200 in firewall instead of 1024-65535.....
0
 

Author Comment

by:ragot
ID: 33572977
do i have to set the configuration above on the server?
0
 
LVL 4

Expert Comment

by:goyal_251
ID: 33573483
yes you need to make the changes in server registry and open the ports in firewall
0
 

Author Comment

by:ragot
ID: 33573557
thanks goyal
0
 
LVL 4

Expert Comment

by:goyal_251
ID: 33573576
welcome..
0

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now