Domain trust

nav2567
nav2567 used Ask the Experts™
on
We need to setup a one-way AD trust to a domain in another company via a private connection.

In our DNS, we create a conditional forwarder by specifying the domain of the other company and also an IP address of their domain controller.  

We are still not be able to resolve their domain name when we ping.  The server FDQN is still not be resolved in this conditional forwarder's properties.  

The required firewall ports being specified in this link https://support.microsoft.com/en-us/kb/179442#method3 are already opened

Please advise what we should check.  

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
Ping isn't a good test for this. Many routers block all ICMP traffic, and many server admins configure windows firewall to block ICMP/ping from all machines or all non-local subnets.

The appropriate windows tool to test DNS is nslookup.

Author

Commented:
I use nslookup and set the domain=their domain.  I am not able to see any IP being resolved when i type the hostname of their domain controller or their domain.

Author

Commented:
thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial