• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 558
  • Last Modified:

Best Pratice: AD DMZ

I am putting an AD server in our DMZ so a client can quarry the domain tree. They only need to be able to get user and group info. I was looking into AD LDS (used to be known as ADAM) to provide this functionality.

So my question is would this be a best practice for remote domain queries?
If so how to you keep an AD LDS in sync with AD all the time?
How do i setup AD LDS so it is only updated from the domain?
0
skinnyquiver
Asked:
skinnyquiver
1 Solution
 
gs121Commented:
At my company we opened the firewall to a specfic IP we trusted from the company we do business with..

But if you want to, you could install a Read Only DC in your DMZ.  I would also put it in a Active Directory " site" by itself.
Set up your firewalls corectly and leave it.  It will keep in sync with you other DCs, put no one would be able to make changes to the AD on it.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now