Solved

Trust agains forests with multiple domain controllers

Posted on 2013-06-23
5
440 Views
Last Modified: 2013-06-26
If I want to setup a trust between to forests with a single DC in each forest, then it's pretty much out of the box.

But what if there are multiple DC's in each forest?

I have two forest:
A: Two DC's (Windows Server 2008 R2)
B: Four DC's (Two Windows Server 2008 R2 / Two Windows Server 2012)

How do I setup the trust between theese two forests?
Must I take the necessary steps on all DC's or can it be done on one DC in each forest?

Regards
Kasper
0
Comment
Question by:Kasper Katzmann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39269448
You just make the trust using AD Domains & Trusts from a DC or a client with the admin tools installed.

The number of DC's in each forest isn't relevant.

http://technet.microsoft.com/en-us/library/cc772440.aspx
0
 

Author Comment

by:Kasper Katzmann
ID: 39269457
How about port openings (53, 88, 389, 445, 636)? Will they have to be made between each DC?
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 39269470
You will need to open all the below ports.

123/UDP      W32Time
135/TCP      RPC Endpoint Mapper
464/TCP/UDP      Kerberos password change
49152-65535/TCP      RPC for LSA, SAM, Netlogon (*)
389/TCP/UDP      LDAP
636/TCP      LDAP SSL
3268/TCP      LDAP GC
3269/TCP      LDAP GC SSL
53/TCP/UDP      DNS
49152 -65535/TCP      FRS RPC (*)
88/TCP/UDP      Kerberos
445/TCP      SMB
49152-65535/TCP      DFSR RPC (*)

http://support.microsoft.com/kb/179442
0
 

Author Comment

by:Kasper Katzmann
ID: 39269546
There should have been a "and so on" after my litlle listing.

But what about which server the openings should be between. All the DC's or...?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39269654
Generally you create a firewall rule on both sides (on the externally facing firewall).  Once that's configured, you then need to go through the checklist in the first hyperlink. If you are having issues, check the network logs on the firewalls to see if anything is still getting blocked.

If you use Windows Firewall on the servers, when you install the role the relevant ports should open automatically.  I'm not sure if that's the case if you use a 3rd party firewall.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question