I had a requirement to initiate OS installs using RIS on Windows 2000 server when authenticating with cross-domain user accounts. In Windows Server 2003 this is a supported configuration, but I was pleasantly surprised that it worked from a 2003 domain to a trusting 2000 domain with a 2000 RIS server.
This test was successfully completed in a simple test environment authenticating with a cross-domain user account in a different forest than the RIS server computer account:
- XP workstation, member of a 2003 forest/domain
- 2000 server, which was a DC and RIS server of a 2000 domain
- The 2000 forest trusts the 2003 forest, with a one-way external NTLM trust
- NTFS permissions set such that the cross-domain user account has access to the RIS filesystem.
The following protocols were in use between the RIS server and the cross-domain DC:
- TCP RPC EndPoint Mapper 135
- TCP/UDP RPC Ephemeral ports above 1023
- TCP NetBIOS Session Setup 139
- TCP SMB 445
- TCP Microsoft Directory Services 445
- UDP Kerberos 88
Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.