Solved

Best Pratice: AD DMZ

Posted on 2011-09-14
1
535 Views
Last Modified: 2012-06-27
I am putting an AD server in our DMZ so a client can quarry the domain tree. They only need to be able to get user and group info. I was looking into AD LDS (used to be known as ADAM) to provide this functionality.

So my question is would this be a best practice for remote domain queries?
If so how to you keep an AD LDS in sync with AD all the time?
How do i setup AD LDS so it is only updated from the domain?
0
Comment
Question by:skinnyquiver
1 Comment
 
LVL 3

Accepted Solution

by:
gs121 earned 500 total points
ID: 36539150
At my company we opened the firewall to a specfic IP we trusted from the company we do business with..

But if you want to, you could install a Read Only DC in your DMZ.  I would also put it in a Active Directory " site" by itself.
Set up your firewalls corectly and leave it.  It will keep in sync with you other DCs, put no one would be able to make changes to the AD on it.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question