Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory Trusts & Firewalls - Authentication Flows

Status
Not open for further replies.

djhawthorn

Technical User
Mar 4, 2002
641
AU
Hello,

I have a complex AD environment involving many domains/forests and firewalls everywhere.

For sake of this question, lets say I have 20 DC's in one forest and 10 in the other, and have a two-way forest trust between them. All DC's are behind different firewalls so without rules in place, no single DC can talk to another.

Question - which DC's need to talk to enable the trust to function?

I understand that for authentication it is the client that will talk to the DC/GC in the local forest before being redirected to talk directly to the DC/GC in the foreign forest, before it can access foreign resources - but for this client-to-DC authentication to work do I only need a single (e.g. the PDC-E) DC in both forests to be able to establish and maintain the trust, or does the DC's the client is talking to for authentication (client-to-DC flows), also need to talk to eachother (DC-to-DC) to enable that trust to work for the client?

Appreciate guidance as I can never find anything definitive on this question.

Thanks in advance.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top