We're setting up a Server 2008R2 VM in a different subnet (Subnet A) than our Active Directory Domain subnet (Subnet B) because it will be a web server public facing the internet.
We're only opening the needed ports from the web server in Subnet A to a 2008R2 SQL server in Subnet B.
My question is, could I also open up all ports from the web server to our domain controller and add the web server to the domain or could this be out-secure? It would be nice to add it to the domain for simplicity purposes.
Asking for best practices in the above scenario. Thanks.