locked
UAG and DirectAccess - multiple forests RRS feed

  • Question

  • Hi,

    I have customer who has 2 forests and want to implement DirectAccess by utilizing UAG. Design must is to put UAG in DMZ domain/ forest, users and computer accounts are placed in different domain/forest. One forest is dedicated for DMZ servers, and other forest is for internal users and other infrastructure servers. There is one way trust between these two forests.

    Is it possible to put UAG in to different forest then users and computers who will need to use Direct Access?

    Monday, May 31, 2010 3:37 PM

Answers

  • Hi,

    It is possible to put UAG in a different forest than the users and computers. However, the two forests must have full bi-directional trust.

    • Marked as answer by Erez Benari Wednesday, June 2, 2010 11:56 PM
    Monday, May 31, 2010 10:56 PM

All replies

  • Hi,

    It is possible to put UAG in a different forest than the users and computers. However, the two forests must have full bi-directional trust.

    • Marked as answer by Erez Benari Wednesday, June 2, 2010 11:56 PM
    Monday, May 31, 2010 10:56 PM
  • Hi Exe_zz,

    I have a Proof of Concept guide on how to deploy this if you would like to test it.

    Write to me at tomsh@microsoft.com and I'll send it to you.

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Thursday, June 3, 2010 1:59 PM
  • Hi Tom,

    I'm planning to implement UAG in the same kind of environment than Exe_zz described. I'm also interested in your new poc guide. Have you already published it? I was able to find one guide was which about two domain but in that computer accounts where in PILOT domain (in this case would be DMZ domain).

     

    Thanks

    Teemu

    Sunday, November 14, 2010 12:09 PM
  • Hi Tom,

    I'm planning to implement UAG in the same kind of environment than Exe_zz described. I'm also interested in your new poc guide. Have you already published it? I was able to find one guide was which about two domain but in that computer accounts where in PILOT domain (in this case would be DMZ domain).

     

    Thanks

    Teemu


    Hi Teemu,

    I am planning on a new UAG SP1 DirectAccess Pilot Deployment Guide that will support the scenario where the users and computers are part of the resource forest. It will be out hopefully sometime in December. With UAG SP1, this will be must more easy to deploy!

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Monday, November 15, 2010 8:40 PM
  • Hi

    Ok great. I think i'll build also a testing environment for this.

    -teemu

    Monday, November 15, 2010 10:01 PM
  • And chance of being able to get a copy of this a little early as im running this senaror and would love to get it down to 1 UAG instead of 3 i have not im using up to maby IP address right now thanks

     

    Dave

     

     

    Tuesday, November 16, 2010 12:10 AM
  • Hi Tom,

    Did you ever complete your UAG SP1 DirectAccess Pilot Deployment Guide?

    I have the same issue - UAG is sitting in a separate forest in the DMZ to the users with a one way trust.

    I am wondering how I can configure DirectAccess to support this? 

     

    Thanks,

    Gareth

     

    Wednesday, January 18, 2012 10:22 PM