AD Connect Server behind NAT
dear All,
We have parent entity "msg.local" which currently has the AD Connect Server deployed.
We have Child entity "Det.local" which is having the user/computer object,
We would like to sync the det.local objects via AD Connect Server in Parent Entity,
Current Setup
Parent Entity "msg.local" and Child Entity "Det.local" are connected via S2S tunnel , there is no AD level Trust between the two entity,
Challenge
Due to Security reason the AD Connect Server cannot be directly exposed, as per Security team it is suggested that AD Connect server in parent office would be having NATed IP.
The Child entity AD would Connect to AD Connect Server Nated Ip
Proposed Resolution
We are aware that as per MS the AD Connect does not work with NAT , however in our case the child AD Forest is not behind NAT , it is only the AD Connect , so when AD Connect server is connecting or querying the Child Entity DNS server objects , it would get the actual IP address and AD connect can connect to it without any issue , only the Child Entity AD would find the AD Connect ip Address as Nated,
Ref:
NAT and ADConnect
Active Directory over NAT
We are looking for expert opinion on any challenges with this setup, the above is currently being tested in our lab without any challenges,
Regards - Hasan Reza