Real Life Senario
Irish Man
Member Posts: 72 ■■□□□□□□□□
Hello All,
I need some help with the following project that I am trying to implement in my work place.
MY AD Domain Structure is Simple, I have a root Domain (ABC.COM) with two Child Domains (DEF.COM) and (GHI.COM) all running with BiDirectional Trusts in place and FULL AD replication.
I have created a new Root-Child Domain for a new web portal project we are implementing.
I do not want any AD Replication from my current AD to this new external Domain. This will be solely used for authentication for the portal application.
My BIG question is what type of Trust do I need so that users from my external AD can authenticate for both domains ?
Cheers
Colin
Let me know if you need any further info.
I need some help with the following project that I am trying to implement in my work place.
MY AD Domain Structure is Simple, I have a root Domain (ABC.COM) with two Child Domains (DEF.COM) and (GHI.COM) all running with BiDirectional Trusts in place and FULL AD replication.
I have created a new Root-Child Domain for a new web portal project we are implementing.
I do not want any AD Replication from my current AD to this new external Domain. This will be solely used for authentication for the portal application.
My BIG question is what type of Trust do I need so that users from my external AD can authenticate for both domains ?
Cheers
Colin
Let me know if you need any further info.
Comments
-
Silver Bullet Member Posts: 676 ■■■□□□□□□□I believe that you will need a One-Way Trust in which your external domain will trust the domains that hold the accounts that need access to the external domain's resources.
external.com trust adc.com
external.com trust def.com
external.com trust ghi.com
BTW, def.com and ghi.com aren't child domains to abc.com in your example. They are seperate domains. It would be def.abc.com and ghi.abc.com to be child domains of abc.com -
Irish Man Member Posts: 72 ■■□□□□□□□□Thanks for your response SilverBullet,
Yeah your right about my domain structure. I guess I was in a rush typing..... -
Irish Man Member Posts: 72 ■■□□□□□□□□Hey Silver Bullet,
Just want to confirm the best DNS solution for the above, I have already configured it with a Primary Zone, but do you think I should delete that and change it to a STUB Zone ?
Cheers
Colin