Forest to Forest trust?

Discussion in 'Active Directory' started by David Robson1, Sep 2, 2009.

  1. Hi,

    I've got a forest called forest_a. All my users and servers and workstations
    are in here.

    I'm planning on creating a forest_b. In here will sit my web servers.

    I will then set a trust so forest_b trusts forest_a which will allow admins
    to admin the new forest.
    I will then set only certain accounts via selective authentication that can
    run as a service.

    For example:
    Web server sits on forest_b (Used to sit on forest_a)
    SQL server sits on forest_a
    Previously i had a service account that the website would run under to query
    the sql server.
    I plan on doing the same. I'm guessing the service account from forest_a
    will work in forest_b with my trust in place?


    Is this good security?

    (The thinking being is someone hacked my web server and got domain admin
    they would not be able to do anyhting to my internal network/doman). Is this
    correct?

    Should i consider ADAM (or ADFS) in any part of this? How would this
    integrate?

    What is the best setup? This is Win2003.

    Thank you.
    Dave.
     
    David Robson1, Sep 2, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.