Hi
I'm going to set up a one way domain trust. Scenation:
Domain A (Forest A):
- Contains users that is going to access resources in Domain B. (User A)
- Contains server (Server A) that is used to access Server B in Domain B
- Contains Windows 2008 R2 (back bone + DMZ A1+A2) and Windows 2003 (a few) (DMZ A1) DCs
- DCs on multible DMZs
Domain B (Forest B):
- Contains resource servers; separet DMZ (DMZ B2) from DCs in domain B. (Server B)
- Windows 2008 R2 domain controllers in a DMZ (DMZ B1).
- Trusts Domain A (one way trust)
Preferable is to use kerberos authentication.
I want User A on Server A to be able to access resources onServer B. For that I have a question:
- Does Server B need to have network access to all or any DCs in Domain A? If yes, is there a way to limit what DCs that it will try to communicate with? (besides doing split DNS with static records (not a solution)).
I'm suspecting that direct access from Server B to Domain A DCs is required for kerberos authentication, but maybe not for NTLM?
I haven't been able to find articles describing what servers and DCs that need to communicate in a setup like this, but mostly found articles on intra forest setups.
Any help is appreciated. Thanks
Regards
Michael