[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange 2010, and ADS on internet facing server.

Posted on 2011-09-03
3
Medium Priority
?
883 Views
Last Modified: 2013-11-16
I'm curious to know if there are any major risks involved in having a exchange 2010 server (win2k8r2) on a internet facing server, and running dcpromo on it so that AD objects are replicated on it.  It wouldn't be used as a secondary domain controller, but I do like being able to create a user within the exchange management console, and have the user created automatically on the DC.

In any case, my question and concern is:   Is it safe to run DCpromo on a member server that is facing the internet, but only on ports related to (HTTPS/HTTP/SMTP/secureIMAP/POP3S)?

If there are any good articles, blogs, or sites, please feel free to share. I would appreciate it.
0
Comment
Question by:metazend
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Tony J earned 2000 total points
ID: 36478156
You wouldn't do that.

You would use an Exchange Edge Transport server.

These are designed to sit in the DMZ and as such are hardened copies of Exchange (it does this during install, when you pick the role).

It has a copy of LDS (Lightweight Directory Services) - what used to be known as ADAM - and this holds a ready only copy of AD objects.

They use this copy for things such as SMTP hygiene - does the email address exist, etc. This is where you'd also normally install antispam and antimalware. Or, in places where this is cost-prohibitive, I have not used Edge servers but have installed a free, downloadable appliance that you can install onto hardware or virtual machine called mailcleaner (www.mailcleaner.org). This sits in the DMZ and handles the SMTP hygiene and comes with antispam, antimalware and antivirus tools. It too can perform LDAP callouts but it looks back in at the domain for the information.

Putting a DC as an internet facing server is just begging for a world of pain. If it became compromised, you'd instantly have compromised your internal AD as well and all the objects and security within it.

0
 
LVL 26

Expert Comment

by:Tony J
ID: 36478159
Oh - one other thing, if this is because you're hardware constrained then stick a free hypervisor on it:

VMware, Citrix and Microsoft all do free versions.

That way you could have a new domain controller, and a mail hygiene solution of Edge Transport or alternative.
0
 

Author Closing Comment

by:metazend
ID: 36478190
Perfect, thank you.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question