5. Multi-domain Environments

If you have a forest with more than one domain, or you need to set up trusts between two domains in different forests, so long as both are set up using this configuration (i.e. using the existing DNS name for the Active Directory domain name) then everything should work with minimal additional configuration.

If you have problems, make sure that your firewall configuration is correct, as per the next section. Also make sure that the domain controllers, including the DNS servers, running in the different domains can communicate with each other through any firewalls that are between them.

For domain controllers running 2003 and above, for the forest root domain only, the _msdcs.unitDNSname.ox.ac.uk zone should be configured to replicate to All DNS servers in the Active Directory forest.

