On IPA host, include an accurate documentation and a NS record for the advertisement domain:
On AD DC, here two choices.
1st a person would be to configure a international forwarder to ahead DNS queries to your IPA domain:
The option that is second to configure a DNS area for master-slave replication. The info with this area will be periodically copied then from master (IPA host) to slave (AD host).
For this, first clearly let the transfer regarding the area on IPA host: dating blackcupid
And 2nd, include the DNS area when it comes to IPA domain in the advertisement DC:
If IPA is subdomain of advertising
If the IPA domain is a subdomain of this advertising domain ( ag e.g. IPA domain is ipadomain. Addomain. Example.com and advertisement domain is addomain. Example.com ), configure DNS the following.
On AD DC, include an archive and a NS record when it comes to IPA domain:
Verify DNS setup
To be sure both AD and IPA servers is able to see one another, always check if SRV documents are now being correctly solved.
Establish and verify cross-forest trust
Include trust with advertisement domain
Whenever advertising administrator qualifications can be obtained
Go into the Administrator’s password whenever prompted. If every thing had been put up precisely, a trust with advertisement domain shall be established.
The consumer account used when designing a trust (the argument into the –admin option into the ipa trust-add command) needs to be user associated with Domain Admins team.
At this stage IPA can establish forest that is one-way on IPA side, will generate one-way forest trust on advertisement part, and initiate validation for the trust from AD side. Read More