Solved

Best Pratice: AD DMZ

Posted on 2011-09-14
1
507 Views
Last Modified: 2012-06-27
I am putting an AD server in our DMZ so a client can quarry the domain tree. They only need to be able to get user and group info. I was looking into AD LDS (used to be known as ADAM) to provide this functionality.

So my question is would this be a best practice for remote domain queries?
If so how to you keep an AD LDS in sync with AD all the time?
How do i setup AD LDS so it is only updated from the domain?
0
Comment
Question by:skinnyquiver
1 Comment
 
LVL 3

Accepted Solution

by:
gs121 earned 500 total points
ID: 36539150
At my company we opened the firewall to a specfic IP we trusted from the company we do business with..

But if you want to, you could install a Read Only DC in your DMZ.  I would also put it in a Active Directory " site" by itself.
Set up your firewalls corectly and leave it.  It will keep in sync with you other DCs, put no one would be able to make changes to the AD on it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now