General discussion


secure network

By Im IT 4 them ·
Here is what I plan to do, please tell me what you think as far as how secure it is.

2 domain network.
net1.local 172.17.1.X

net2.local 172.17.2.X

net1.local users need access to the net2.local domain resources (i.e printers, exchange server etc.).

NO one net2.local users can have access to net1.local resources.

how can i break the transitive trust and set up a one trust?

how will the AD replicate??
Where wil i find the net1.local AD users in the net2.local AD?

Will The exchange 03 server have any problem with this set up??

will the IP scheme be sufficent?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to secure network

humm. you don't need to "break" the transitive trust, then try to setup an one way to keep net2.local users out of net1.local users. I think the term trust tends to be a misnomer or mistook for allowing access to resources lickty split. It doesn't. The trust established between domains within the same domain namespace can be configured to allow only those with permissions to access shared resources. Thats what makes AD pretty neat. you can have a bunch of different "sites" all their own seperate domains [within the root domain namespace]with their own DC's and whatnot, but each one can't access others shared resources without explicit permission to do so. Even the Admin accounts. But should the need arise, you can allow individual users from one site to access specific AD resources at another site. Limit that access for a specific time period and limit what they do.

Related Discussions

Related Forums