ADDS or LDAP server, over SSL, for remote password resets?
My organization is looking to employ an outside third-party in assisting with password resets for our organization after hours.
Their requirement is to have remote access over the internet to our AD to reset passwords accordingly.
We have a single forest, with 2 domains.
I am wondering, would it be best to spin up a 2012 R2 Domain Controller and also make it a global catalog, and then provide that company our Root Certificate and the self-signed certificate of the Domain Controller, so that they can remote to it with their software?
Or is it better to make a new 2012 server that runs LDAP and setup remote access with the cert?
Their requirement is to have remote access over the internet to our AD to reset passwords accordingly.
We have a single forest, with 2 domains.
I am wondering, would it be best to spin up a 2012 R2 Domain Controller and also make it a global catalog, and then provide that company our Root Certificate and the self-signed certificate of the Domain Controller, so that they can remote to it with their software?
Or is it better to make a new 2012 server that runs LDAP and setup remote access with the cert?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah for some reason a VPN connection is not being provided with that kind of an access to accommodate them per the request of directors on both sides, I'm not sure why.
The premise for this over a self-service is that people may or may not always have access to the self-service and they want a person they can speak to over the phone.
While I myself cannot think of a common scenario to justify that, it is what it is sometimes.
It's some BlackBoard student services they use something called ServiceDesk or Service Desk...
The premise for this over a self-service is that people may or may not always have access to the self-service and they want a person they can speak to over the phone.
While I myself cannot think of a common scenario to justify that, it is what it is sometimes.
It's some BlackBoard student services they use something called ServiceDesk or Service Desk...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Accepting solutions as viable barring any organizational approval issues.
ASKER