Hi
I have used the name Org1 and Org2 to represent two different organisations. I only represent Org1 which I have administrative control of.
We recently gone through a separation into 2 separate bodies each with a separate AD forest. The forests are currently linked via an external forest trust to allow users in Org2 to access resources in Org1 while they still provision their own services.
The 2 organisations are currently linked together via an Extranet link however the use of this is limited to only services that require it such as access to internal financial applications and directory services. Up until a about a week ago Org1 hosted a secondary copy of the internal DNS zone of Org2. Org2 then switched off zone transfers which meant that we needed to configured a primary of their zone in our organisation which now requires manual updating whenever Org2 make changes to their infrastructure.
As we (Org1) do not require access to any of the resources hosted in Org2 except for externally facing websites etc we want to remove the internal zone. This will however cause the AD trust to break which is still required for Org2 to function. For obvious reasons the DC's of Org2 are not externally accessable.
How can I remove the internal DNS zone for Org2 without breaking the trust? I had the idea of modifying the host files on our DC's to allow them to locate the DC's of Org2 via the Extranet however this does not allow the creation of service records which are required for directory services.
Any ideas would be appreciated.
Cheers
Brady