creating a domain trust?

Question:

soulblazer28

2007-03-28 16:00:32 UTC

I have a domain ABC.local in the DMZ and domain XYZ.local on our inside network (All Windows 2003 servers). The networks are linked through a PIX 525 firewall.

dmz----------------inside
[ABC]---[PIX]---[XYZ]

I create an external trust but when I try to validate the trust on either side it gives me an error about no logon servers being available.

I opened firewall ports 135, 88, 389, 3268, 3269, 137-139, 445 between the the DC's.

What else is missing? If DNS is involved, how/where are the necessary lines created?

Three answers:

makeda m

2007-03-29 01:12:28 UTC

You'll definitely need 53/UDP (DNS) open, for starters.

Once you're allowing DNS traffic between teh DMZ and the internal network, you'll have to setup the DNS servers in each domain to allow zone transfers between one another (i.e. between domain ABC.local and XYZ.local)....setup secondary zones in each domain for the other, trusted domain. If you have no idea how to do this...see here:

http://searchwinit.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid1_gci1101656,00.html

Now that we're done with that, you can setup the trust!

Oh, and for a list of ports needed by Windows Server for AD and such...see here:

http://support.microsoft.com/kb/179442/en-us

And I feel I need to say this....NEVER FORGET HOW IMPORTANT DNS IS TO ACTIVE DIRECTORY! Most of the AD problems I see are really DNS issues.

Good luck.

FireStone

2007-04-01 14:55:17 UTC

2007-03-29 04:11:04 UTC

For it you need ssl certificate. you can contact ssl certificate provider at http://www.urlstate.com

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese