Hi,
we would like to have user Domain authentication on untrusted third party company's network. We would not like to limit network access from third party company's network to our network. Ideally we would like to have as many ports open as possible.
We think about RODC installation in untrusted network, but RODCs have the same port and protocol requirements as writeable DCs. That means user in untrusted network will be able to access our network. Does RODC support any push replication changes from writeable to RODC in that case we will be able to allow network permissions only from trusted to untrusted network.
Or should we create separate domain on that network, configure required trusts, but in this case we will have to open same ports as per RODC in both ways.
What solution is better in the contests of security? Especially network security?
Thanks,