DomainDMZ one way trust (External with Domain-wide authentication) with DomainLAN
DomainDMZ sites & services
Subnets
-------
10.0.20.0/24
10.0.24.0/24
10.0.40.0/24
10.0.41.0/24
10.0.42.0/24
Sites
-----
Default-First-Site-Name (10.0.41.0/24 & 10.0.42.0/24)
RDWC1 -> ip = 10.0.42.1
RDWC2 -> ip = 10.0.41.1
DMZ (10.0.20.0/24 & 10.0.24.0/24)
RODC1 -> ip = 10.0.24.1
RODC2 -> ip = 10.0.24.2
***********************
DomainLAN
Subnets
-------
Sites
-----
Default-First-Site-Name
RDWC101 -> 10.100.0.1
RDWC102 -> 10.0.40.102
RDWC103 -> 10.0.41.103
Replication works, firewall ports are opened.
When on a member server in DomainDMZ and i want to add a user from DomainLAN on a share I see the following behaviour in network monitor:
The member server queries the RODC in it's own DomainDMZ for LDAP servers in DomainLAN. It get's back the LDAP/SRV DNS records and report these back to the member server.
Then on the RODC further nothing happens but the member server in the DomainDMZ is attempting to make an LDAP call to the domain controller in the DomainLAN, offcourse this fails.
Why is the member server contacting the DC in DomainLAN directly?
Why can't i add/resolve users and or groups from the trusted domain?
