Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to share resources between two separate Active Directory Forests

Posted on 2012-08-28
3
Medium Priority
?
1,739 Views
Last Modified: 2012-08-30
Hi All,

I have a domain named resource.com (pseudonym) which is running windows server 2008r2 Domain Controllers in a Server 2008 forest functional level. I have a sister company with a domain named remote.com (also a pseudonym). Remote.com has also got server2008 r2 sp1 in the same domain and forest functional levels as resource.com.

I want to allow users in remote.com to have access to file and print resources in resource.com as well as a local intranet portal.

Question:
1, What is the best means of achieving the above goal?
2, What are the prerequisites for the answer to question 1, above?
3, What are the DNS considerations in the above if any?
0
Comment
Question by:it_gsr
3 Comments
 
LVL 45

Expert Comment

by:Amit
ID: 38342518
0
 
LVL 10

Assisted Solution

by:djcanter
djcanter earned 600 total points
ID: 38342521
You should configure an outgoing forest trust on resource.com to remote.com.
To do this on both domains you will need to create a dns stubzone for the others domain.  Then configure the trust. If you want authentication to happen both ways, consider using 2-way forest transitive trust.

from the first post, you will want to look at cross forest trust, not cross domain trust.
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10)
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 900 total points
ID: 38342583
You have a couple solutions but depending on the ease of setup/cost factor the easiest way to setup a connection to 2 Forests would be an "External Trust".

Creating a External Trust - http://technet.microsoft.com/en-us/library/cc816837(v=ws.10).aspx

There are several ways to configure an external trust e.g one-way,two-way etc. See above link.

Depending on the cost and also the types of resources you will be sharing you might also want to check out ADFS.

Step-by-step guide - http://technet.microsoft.com/en-us/library/dd378921(v=ws.10).aspx

Configuring DNS for External Trust
http://technet.microsoft.com/en-us/library/ee307976(v=ws.10).aspx

Hope this helps!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question