|Subject:||Forest level two way transitive trust|
|Posted by:||skip (shofma…@kbb.com)|
|Date:||Tue, 21 Apr 2009|
forest A is running AD 2003 native mode, and has 6 DC's 5 of the DC's are
running Windows 2008, the sixth DC is running Windows 2003 sp2. Forest B is
running 2 AD 2033 sp2 servers and the AD level is AD 2003 mixed. Forest A
now wants to setup a two way transitive trust relationship with forest B. A
site to site VPN will be setup between the two networks, however forest A
needs to strictly limit the amount of open ports on the forest A network.
Example forest A would open up the neccessary ports that are required to
allow a two way transitive trust but would limit these open ports or only
make them available between one DC on the forest A network, the other DC's
on the forest A network would not be able to setup or verify the trust
between the two networks, because the neccessary ports to allow such access
would not open or available to the other DC's. So my question is will this
sort of setup work? do all the DC's in the forest need to be able to verify
and setup and participate in the trust relationship?
Can i get a listing of the ports that are required to allow an AD trust
relationship to be established?