Link to home
Start Free TrialLog in
Avatar of Bozen999
Bozen999

asked on

One way trust between Windows 2008 R2 and SBS 2011

Hi Everyone,
I have the following problem, for a customer I am currently assisting:
- the Company has three branches in foreign countries (others will be installed in the future), each using an SBS 2011 Standard installation, using the following services: Active Directory, Exchange Server, Sharepoint Fundamentals, Shared Folders
- the Main Company needs to make available to the foreign branches a set of Shared Folders, available to all, to use as a file repository (read/write) for marketing and sales files

I would like to install at the main offices a Windows 2008 R2 Server, to provide Distributed File System for the branches.
I am aware of the fact that Small Business Server 2011 CANNOT trust other Server domains and must take on all the roles, so I cannot establish a two-way trust between the SBS installations and the Win2008R2 Server at the main office.

Question: would it be possible to set up a ONE-WAY trust (provided I understand correctly its use...), so the users at the branches authenticate with their own accounts (SBS) to this main server (2008R2) and access/modify the shared files?
I'd need the Distributed File System service, present on both Win2008Server and SBS2011, to have synchronized copies of those folders on-site, for speed purposes; so would DFS work in such an environment?

I understand the limitations of SBS, but the branch offices, which are actually legally and fiscally independent companies, are happily working and managing their SBS2011 installations on their own, and only a couple of them would eventually need, in the future, to upgrade to a full size multi-server 2008R2 environment with Exchange, SQL and the rest...

I am new to multi server installations, especially across WAN, and budget + ease of use + installation uniformity and branch company independence are really and issue here.

With the organization growing, would it be possible, eventually, to extend this kind of one-way trust authentication to SQL2008 and Sharepoint services?

Thanks for any help provided.
ASKER CERTIFIED SOLUTION
Avatar of Ogandos
Ogandos
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bozen999
Bozen999

ASKER

Thanks guys. It seems that a company with different branch offices would have them virtually "isolated" using SBS. I will propose a complete solution, maybe consolidating mail services in a single Exchange 2010 for the time being. Any suggestion that would let them use SBS 2011 and still get some sort of cooperation and centralized management from the central headquarter is welcome. But you were pretty clear in ruling out any workaround. It's a shame 'cause we re talking small branch offices with no more than 20 users each.