none
Truk Configuration-UAG RRS feed

  • Question

  • Dear All:

    We have deployed the Forefront UAG on Perimeter network. There is two separate domain for internal (XYZ.COM) & external (abc.com) users. there is no trust relationship in between two domains.

    We want to configure the trunk for respective domain & configure it however we are not able to do not it.

    Could anyone suggest on this scenario how we can configure the two different forest on single UAG. We also need to configure the UAG ARRAY for high availability.


    Arun Khatri

    Friday, November 2, 2012 5:42 AM

All replies

  • Hi Arun,

    I think you have 2 options:

    1. Create 2 authentication servers, one for each domain, and configure them both on your trunk (authentication tab). Select "Users choose an authentication server" and "Provide a server list at user logon". 

    User have to choose at which server (domain) they want to authenticate.

    2. Install and configure an AD LDS instance and synchronize both domains to the AD LDS. On UAG create an authentication server witch points to AD LDS.

    You now have 1 AD LDS with all users from both domains. 

    Hope this helps!

    Regards,

    Maikel.

    Friday, November 2, 2012 2:59 PM
  • Hi Maikel:

    Thank you very much for the answer however I have some question:

    1. Do I need to configure one more additional server as authentication server separtly? I do not want to display the internal domain while accessing the portal from external users?

    2. Appreciate if you could send the steps of the same to configure it if you do not mind.

    3. I do not want to configure the trust relationship between the domain as the internal domain is in internal network whereas External domain is in perimeter network.

    Thanks

    Arun


    Arun Khatri

    Saturday, November 3, 2012 2:55 PM
  • Join all UAG servers to perimeter domain: http://technet.microsoft.com/en-us/library/ee690473.aspx

    Define a repository for the perimeter domain and assign this to your external trunk: http://technet.microsoft.com/en-us/library/dd857231.aspx

    If at a later time you want to authenticate internal users, you can create a new trunk and use a new repostirory which references the internal domain. In general, there is no specific need for a trust relationship between the two domain/forests.

    Cheers

    JJ


    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Monday, November 5, 2012 11:29 AM
    Moderator