<div>
there is a whole load of ports here that you might need to open<br />
<a href="http://support.microsoft.com/?id=179442" rel="ugc">http://support.microsoft.com/?id=179442</a>
</div>


there is a whole load of ports here that you might need to open
http://support.microsoft.com/?id=179442 [http://support.microsoft.com/?id=179442]

<div>
I joined the the server to the domain prior to moving it into the DMZ. <br />
<br />
I will look at the ports and give that a try. <br />
<br />
Thanks
</div>


I joined the the server to the domain prior to moving it into the DMZ.

I will look at the ports and give that a try.

Thanks

<div>
I have removed the DMZ web server from the Domain and created a local user account on this server. this will serve my needs for now.<br />
<br />
thanks for the responses. <br />
<br />
this question can be closed.
</div>


I have removed the DMZ web server from the Domain and created a local user account on this server. this will serve my needs for now.

thanks for the responses.

this question can be closed.

<div>
<div class="content wysiwyg-content">
Have a web server in a DMZ. We can access web pages on the web server from the internal net and the web server can see a database server on the internal side. The web server can ping the DC, but windows authentication does not work. I need to be able to browse files on the web server in the DMZ. <br />
<br />
access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.240.0 172.31.4.0 255.255.255.0 <br />
<br />
access-list DMZ_outbound extended permit ip host 172.31.4.127 host 10.4.0.12 (IP of DC) <br />
<br />
Is there something else i need to add so that the web server in the DMZ can authenticat to the DC? <br />
<br />
Thanks, Bill
</div>
</div>


Have a web server in a DMZ. We can access web pages on the web server from the internal net and the web server can see a database server on the internal side. The web server can ping the DC, but windows authentication does not work. I need to be able to browse files on the web server in the DMZ. 

access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.240.0 172.31.4.0 255.255.255.0 

access-list DMZ_outbound extended permit ip host 172.31.4.127 host 10.4.0.12 (IP of DC) 

Is there something else i need to add so that the web server in the DMZ can authenticat to the DC? 

Thanks, Bill

Windows Domain access from DMZ

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.