locked
GAL Sync with 3 forests

    Question

  •  

    Hey guys,

    I am just starting to test if I can sync the GAL's between three forests and am looking help on how to begin. I have installed MIIS on a test server and it's ready to go. From there I am not quite sure what to do.

    I tried to add the GAL agent to one of the forests but am a little confused as to how the program even knows where these other forests are. One forest is over a persistent VPN, and the other is on a seperate subnet altogether.

    Any help/direction is appreciated.

     

    Friday, December 01, 2006 5:47 PM

Answers

  • Hey DJW

    First things first - if you are to have any understanding of how MIIS and IIFP operates you will need to go throught some docs and scenario labs - this will answer a hell of a lot of your questions - if you are still stuck then get back to us.

    One thing to mention about the forest over the VPN - there are some considerations when connecting to a remote source that is behind a NAT-ed connection (especially active directories). This is because of the need for DNS resolution (SRV records in paticular). I do not know if you have a NAT network - but i thought i'd mention.

    Required reading:http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

    And do the walkthoughts (there is one specifically one GALSync). http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

    Cheers

    Al

    Friday, December 01, 2006 6:12 PM

All replies

  • Hey DJW

    First things first - if you are to have any understanding of how MIIS and IIFP operates you will need to go throught some docs and scenario labs - this will answer a hell of a lot of your questions - if you are still stuck then get back to us.

    One thing to mention about the forest over the VPN - there are some considerations when connecting to a remote source that is behind a NAT-ed connection (especially active directories). This is because of the need for DNS resolution (SRV records in paticular). I do not know if you have a NAT network - but i thought i'd mention.

    Required reading:http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

    And do the walkthoughts (there is one specifically one GALSync). http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

    Cheers

    Al

    Friday, December 01, 2006 6:12 PM
  •  

     Thanks Al,

    I will take a look. Do I need to setup any trusts with these other forests? The one over the VPN is on the same subnet but we don't share DNS info at all right now. I suppose I could put some host records in.

     

    Thanks

    Friday, December 01, 2006 7:33 PM
  • Hey djw

    You will need to get a working copy of the DNS zones from all those sites in order for IIFP to be able to connect. Adding Hosts files will not work. You need to be able to resolve the zones SRV records.

    You can either replicate the zones or add forwarders in DNS.

    Secondly - No, you will not need a trust. You only require trusts if we start to us password sync with PCNS.

    HTH

    -Al

    Sunday, December 03, 2006 8:10 AM
  • As far as I can remember, you can just supply the IP address of a DC instead of its FQDN.

    Paul.

    Sunday, December 03, 2006 4:28 PM