Creating Windows 2000 Two Way Trusts

pts.
Tags:
Management
Microsoft Windows
OS
Security
Servers
SQL Server
Has anyone gone through the process of joining two companies together (both using Windows2000 and ISAServer 2000 as their perimiter firewall) and joined them together through a TWO-WAY trust? I am looking for steps and details on what needs to be done to make this work. I am looking at DNS records, permissions, AD Trusts, any site setups, and issues to look for. Has anyone developed a comprehensive plan writeup for such a project? Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

First create a VPN tunnel between to 2 ISA perimeter firewalls (as I remember the ISA 2000 VPN wizard does this the wrong way araound – I have pointed this out on ISASERVER.ORG, but the “experts” denied it).
Next you need to consider DNS. Create secondary zones in the opposite forest, so every DNS server contains it’s own forest + the opposite forest (if you upgrade to W2003 DNS you can use conditional forwarding instead).
Then create the 2-way trust between the 2 domains (as you’re using VPN tunnel – you do not need to configure additional access rules in the firewalls).
Permissions for the opposite domain needs to be set on the “resource”
Things to look out for for this to work: basically this comes down to bandwidth. You’ll need at the very least a dedicated 2 Mbps line (both downstream and upstream) if people are going to work just a little across the line (opening/saving files etc – also consider mirrored copies on both sides). If possible use Terminal Server Access when accessing resources across the line.
In the end consolidate the 2 domains into 1 and consider using MPLS network between the 2 locations. Remember that VPN creates overhead on the line.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following