locked
establish cross forest trust and have drisync server connect to internet as well as remote forest for cross forest user syncing RRS feed

  • Question

  • I have a Hyper-V lab environment

    Machines in forest  abc.com 

    DC1.abc.com   IP 192.168.1.1

    Win7-1           IP 192.168.0.5

    Dirsync server IP 192.168.0.4

    EXCH-2010-1  IP 192.168.0.2

    Machines In forest xyz.com 

    DC2      IP  192.138.1.1

    Win7-2      IP 192.168.1.2

    EXCH-2010-2 IP 192.168.1.3

    There is  cross forest two way trust established between abc.com and xyz.com and in the middle i have made a router machine with RRAS role in it and have assigned two adapters to that machine    IP address for adapter forest abc.com is 192.168.0.6 and IP for adapter forest xyz.com is 192.168.1.2 . Machine in both the forests are able to ping each other on direct IP address es and also FQDNs.  Now here is my main issue  If i make one more Internal network adapter in hyper-V and which will obviously show up under network connection section in my Base/host machine. Then the main physical LAN card into the base/host machine that i have, i right click on it and share the internet with the newly created network adapter and assign it to my Dirsync server. All goes well and now dirsync server can access internet and is successfully syncing user accounts.  

    But as we know that new tool which is ADconnect has capability of syncing multiple forests. So i plan to add the forest xyz.com also and sync users to my office 365 tenant. But unfortunately in cannot communicate to the xyz forest. 

    then i noticed that if i disable the internet sharing adapter in the dirsync machine and let the domain adapter turned ON. It can ping the machines in the cross forest. Its just that the moment i turn ON the other adapter which i made for internet sharing Disrync machine is no more able to ping or add forest xyz.com to sync users from. 

    Then i ran tracert from command prompt to see why the request is not going , and i found that just because Dirsync server has got the IP address  192.168.0.4 it is able to ping every other machine in that IP range , but the moment i ping 192.168.1.XXX  it is taking the path (not from the RRAS router to reach the cross forest) but from the internet enabled network adapter which i have assigned to this machine for internet accessibility to be able to sync users to Azure active directory in office 365 which i wish i should not do.

    How can i make My DirSync machine connect to the internet at the same tie it should be able to ping DC1 (192.168.0.1) as well as DC2 (192.168.1.1) at the same time and any other address apart from these forest it should straight away go to internet for public DNS lookup ?

    Thanks in advance 

    Sorabh



    Friday, May 27, 2016 9:38 PM