DC in DMZ
Posted on 2009-04-21
I am setting up a new TS in a DMZ. This server will run all required TS services.
I am also considering using a web based password reset utility, so the DC will need to be writable. The DC will only be used for authenticating the TS machine; in fact, the TS and DC will be the only machines on the domain. The secure network will contain other servers and sensitive data. Placing the DC into this DMZ makes the most sense to me, but using RADIUS / LDAP to traverse the firewall might also be an option.
Should I place the DC into the DMZ, or place it in the secure zone? Is there a MS best practice document describing this setup? I haven't found one.