I have a requirement to expose AD for a new forest/domain buildout to some sites so that we can perform parallel maintenance on user accounts until we cutover to the new domain globally. I have been looking in to ADWS and ADAC and I can't see how ADAC can be used to connect to a remote domain controller that is not already a member of a trusted forest.
I'm running 2008 R2 domain services at a hosting provider and have MPLS connectivity. I haven't asked them to open port 9389 yet nor have I retrieved a trusted CA cert (in accordance with this article:http://technet.microsoft.com/en-us/library/dd391908(v=ws.10).aspx) because I'm not sure this is gonna work or even be handy as I haven't seen ADAC in action before.
Is there a way to use ADAC to connect to a untrusted domain? If not does anyone have experience in the realm of securely exposing AD for administrative purposes? Thanks in advance!
Curt Chapman MCSE + EXCHANGE