Forest level two way transitive trust

Giganews Newsgroups
Subject: Forest level two way transitive trust
Posted by:  skip (shofma…@kbb.com)
Date: Tue, 21 Apr 2009

Hello all

forest A is running AD 2003 native mode, and has 6 DC's 5 of the DC's are
running Windows 2008,  the sixth DC is running Windows 2003 sp2. Forest B is
running 2 AD 2033 sp2 servers and the AD level is AD 2003 mixed. Forest A
now wants to setup a two way transitive trust relationship with forest B. A
site to site VPN will be setup between the two networks, however forest A
needs to strictly limit the amount of open ports on the forest A network.
Example forest A would open up the neccessary ports that are required to
allow a two way transitive trust but would limit these open ports or only
make them available between one DC on the forest A network,  the other DC's
on the forest A network would not be able to setup or verify the trust
between the two networks, because the neccessary ports to allow such access
would not open or available to the other DC's. So my question is will this
sort of setup work? do all the DC's in the forest need to be able to verify
and setup and participate in the trust relationship?

Last question

Can i get a listing of the ports that are required to allow an AD trust
relationship to be established?

Many thanks

Replies