Proper way to allow one subnet to authenticate to a DC on another subnet securely?
Posted on 2011-03-23
We need to stand up a Server 2008 domain controller between two subnets. We'll call one subnet 10.1 and the other 10.2. Active Directory is completely configured on the 10.1 already. But as a school, we have some student services on the 10.2 that need to start authenticating into our main Active Directory environment. Our preference is to not use a dual homed DC, as everything we've read indicates this is a bad idea. I read one place that the best solution is to use subnetting and routing to accomplish this. if that is the case, how should the subnetting and routing be configured in order to allow authentication traffic to a few DC's on the 10.1, while at the same time maintaining security between these segments? Also, should we consider an RODC or perhaps a sever core DC for added security? What are best practices for this sort of configuration?