Hello,
We have a 2008 R2 Forest/Domain (eg. A) with no Child Domains. The business now requires a Trust with a Windows 2003 Forest Domain (eg. B) which has 1 Child Domain (eg. C). Both B & C domains have production business apps and users.
We are going to implement a 2-Way Transitive Forest between A and B. For Forest 'A' to access Forest 'B' and vice/versa, Firewalls will have to be open to at least the PDCe of both Forests. I have the following questions.
1. Besides the PDCe being available and accessed through the Firewall for purposes of the Trust, should we open up the Firewalls so other Domain Controllers in each Forest can be accessed as well? Is this a requirement for a Trust?
2. Is it sufficient to open the Firewall from Forest A DCs to Forest B DCs only to access the DCs in C or need we open the Firewall to the Forest DCs in B and the Child Domain DCs in C to access the Child Domain's resources over the Trust?
Bottom line, we dont want to open more Firewall ports than required.
Thanks for your help! SdeDot