Kasper Katzmann
asked on
Trust agains forests with multiple domain controllers
If I want to setup a trust between to forests with a single DC in each forest, then it's pretty much out of the box.
But what if there are multiple DC's in each forest?
I have two forest:
A: Two DC's (Windows Server 2008 R2)
B: Four DC's (Two Windows Server 2008 R2 / Two Windows Server 2012)
How do I setup the trust between theese two forests?
Must I take the necessary steps on all DC's or can it be done on one DC in each forest?
Regards
Kasper
But what if there are multiple DC's in each forest?
I have two forest:
A: Two DC's (Windows Server 2008 R2)
B: Four DC's (Two Windows Server 2008 R2 / Two Windows Server 2012)
How do I setup the trust between theese two forests?
Must I take the necessary steps on all DC's or can it be done on one DC in each forest?
Regards
Kasper
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need to open all the below ports.
123/UDP W32Time
135/TCP RPC Endpoint Mapper
464/TCP/UDP Kerberos password change
49152-65535/TCP RPC for LSA, SAM, Netlogon (*)
389/TCP/UDP LDAP
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL
53/TCP/UDP DNS
49152 -65535/TCP FRS RPC (*)
88/TCP/UDP Kerberos
445/TCP SMB
49152-65535/TCP DFSR RPC (*)
http://support.microsoft.com/kb/179442
123/UDP W32Time
135/TCP RPC Endpoint Mapper
464/TCP/UDP Kerberos password change
49152-65535/TCP RPC for LSA, SAM, Netlogon (*)
389/TCP/UDP LDAP
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL
53/TCP/UDP DNS
49152 -65535/TCP FRS RPC (*)
88/TCP/UDP Kerberos
445/TCP SMB
49152-65535/TCP DFSR RPC (*)
http://support.microsoft.com/kb/179442
ASKER
There should have been a "and so on" after my litlle listing.
But what about which server the openings should be between. All the DC's or...?
But what about which server the openings should be between. All the DC's or...?
Generally you create a firewall rule on both sides (on the externally facing firewall). Once that's configured, you then need to go through the checklist in the first hyperlink. If you are having issues, check the network logs on the firewalls to see if anything is still getting blocked.
If you use Windows Firewall on the servers, when you install the role the relevant ports should open automatically. I'm not sure if that's the case if you use a 3rd party firewall.
If you use Windows Firewall on the servers, when you install the role the relevant ports should open automatically. I'm not sure if that's the case if you use a 3rd party firewall.
ASKER