Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Establish one-way external outgoing trust using RODC in trusted domain jh

Posted on 2011-09-15
6
Medium Priority
?
1,486 Views
Last Modified: 2012-05-12
We have a domain that we'll call 'resource' that needs to be accessed by users in a third party domain that we'll call 'source.'

Due to security issues, we cannot route to all of the domain controllers in source from resource. What we've done is setup a DMZ in source and placed a RODC in it. We've created a dns zone on the DNS servers in resource pointing to the RODC (so all the necessary _ldap and _kerberos SRV records and the necessary A records).

When we try and create the external outgoing trust, we receive a message saying: 'The name you specified is not a valid Windows domain. Is the specified name a Kerberos V5 realm?'.

I've been told that the source RODC has full access to the writeable DCs in its domain. I'm also told that we should be able to setup the trust using the RODC, although I am sceptical.
0
Comment
Question by:tlcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36541911
On your Source domain you need to have a DNS forwarder set up pointing to any valid DNS server on Resource, the RODC? Have you done this?
0
 
LVL 1

Author Comment

by:tlcsupport
ID: 36542108
Yes, the source domain has a conditional forward to the resource domain and we have confirmed that queries resolve correctly.
0
 

Expert Comment

by:CiboZe
ID: 37507522
Hello tlcsupport,

I am curious if you have been able to set up this trust using the RODC.? I am considering a similar trust setup and can not find any documentation certifying a RODC can be use this way.

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Accepted Solution

by:
tlcsupport earned 0 total points
ID: 37507574
We ended up setting up the trust with a writeable DC, then replaced it with a RODC later and fudged DNS at the trusting end to only see the RODC at the trusted end.
0
 

Expert Comment

by:CiboZe
ID: 37509074
Thank you very much for the feed back.
0
 
LVL 1

Author Closing Comment

by:tlcsupport
ID: 37545708
Appears to not be possible. Although it's possible to setup the trust with a writeable DC at the trusted end and then replace with a RODC later.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question