[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 483
  • Last Modified:

AD Extranet

How do you create the one way trust from internal AD zone to external AD zone?  Also should the external be in the DMZ?
0
Jack_son_
Asked:
Jack_son_
  • 4
  • 3
4 Solutions
 
Vinchenzo-the-SecondCommented:
The server should be in a DMZ, the server should not be a member of the domain.  Just configure forwarders on the internal DNS to point to the one in the DMZ
0
 
Svet PaperovIT ManagerCommented:
Hi,

You can start with the following:

A small article of how to create one-way AD trust between domains http://bradmarsh.net/index.php/2008/08/04/active-directory-creating-one-way-domain-trusts/

Managing trusts in Windows Server2008 domain http://technet.microsoft.com/en-us/library/cc771568.aspx
0
 
Jack_son_Author Commented:
and with the trust, SHarepoint will recognize the users in this domain?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Svet PaperovIT ManagerCommented:
If by recognize you mean that users from the trusted domain will be able to connect to Sharepoint, yes, it will.
0
 
Jack_son_Author Commented:
does dns need to be setup on an extranet domain?
0
 
Svet PaperovIT ManagerCommented:
DNS is required for AD domain to function and it is normally set on the same server as DC.

I am not quite sure now, that I understand well your objective. Are you trying to allow access to your domain from an existing domain (for example, a partner company) or to publish the Sharepoint server on extranet so that it can be accessed from Internet?

If it is the second one, AD DS domain trusts is not the right solution. You have to explore publishing Web server on extranet (DMZ) using LDS to synchronize users with the internal DS. Here a link that could help you: http://digsharepoint.blogspot.com/2011/05/ad-lds-sharepoint-and-forms-based.html
 
0
 
Jack_son_Author Commented:
to publish a sharepoint server for bids from other companies, not internal employees
0
 
Svet PaperovIT ManagerCommented:
Then forget about AD DS trusts – you don’t need it. Follow the link I provided you in the previous post about Sharepoint with AD LDS and Forms based authentication
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now