Domain Trust Help

[Osirion]

Hi Guys,
My father moves from two different offices and each have their own domain. I want to setup a trust so that he can login at either office without issues.

Primary domain: examplemain.pvt (not a "real domain")
Network IP: 192.168.0.100
DynDns: examplemain.dyndns.biz
Primary Domain Server OS: Windows Server 2008

Secondary domain: examplesub.pvt (not a "real domain")
Network IP: 192.168.0.100
DynDns: examplesub.dyndns.biz
Secondary Domain Server OS: Windows Server 2008 R2

So I RD into examplemain.pvt and I go to the domain properties and click on trust to setup a new domain, but because "examplesub.pvt" isnt a real domain, its not resolvable.

So - how do I make this work?
Im assuming I would have to setup port forwarding to get this going as well - which ports do I need to forward?

 

[mmthomas]

This KB lists all the ports that need to be forwarded/accessible from the public IP to the domain controller. There are a lot. If your firewall is capable, you will want to lock down access to these ports to only the other domain's public IP address. If it's not capable, then I would not recommend setting it up this way.

I would normally say that if you have firewalls capable of forming a VPN, that would probably be safer. Or even a Microsoft VPN directly from one domain controller to the other would have fewer open ports. Setting up a VPN would also mean that you wouldn't need to resolve the private domain names from the internet as it could resolve directly across the VPN to the other domain's dns (with an appropriate conditional forwarder set up). However, since you would have the same IP pools on either side of the VPN (192.168.0.0/24) your connection wouldn't work. So that option is out, unless you change one of the networks to say 192.168.1.0/24.

So, you'll need to use some host entries in DNS or in your hosts file to resolve the other domain to it's public ip address.