Is Windows 2003 AD domain controller to be set a read only copy in DMZ zone?

M

Mugen

Hi,

We are planning on upgrading NT 4 to W2K3 AD.
I have some questions about replaction and hope someone
will able to help me.

Is it possibe to place a W2K3 DC in DMZ zone? Make it as
a read only copy and replicate with internal coproate DC?
What we are thinking is having oustside users or venderos
to login the read only copy DC from DMZ zone? If that is
possible, can someone tell me how to do that and where to
find these information.

Thanks.
 
J

Joe Richards [MVP]

No you can't makeit read only and it is generally a very bad idea to expose your
internal active directory to possible external breach.

You should use a separate forest or possibly use AD/AM instead of AD.

joe
 
M

Mugen

Thanks for the reply!

How do i use ADAM for our situation? Can you give me some
information and where i can find more information?
 
J

joolz

oh yes you can - make a seperate forest/domain (all in one) and mak
this the dmz domain- to auth users from inside create a one way trus
between the domains and create suitable perm structures.

voila no accounts in the dmz - and a seperate domain to aauth 3r
parties etc..


*Thanks for the reply!

How do i use ADAM for our situation? Can you give me some
information and where i can find more information?

-----Original Message-----
No you can't makeit read only and it is generally a very bad idea to expose your
internal active directory to possible external breach.

You should use a separate forest or possibly use AD/AM instead of AD.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Mugen wrote: someone[vbcol=seagreen]
as[vbcol=seagreen]
DC?[vbcol=seagreen]
venderos[vbcol=seagreen]
is[vbcol=seagreen]
to[vbcol=seagreen]
.
Click to expand...
Click to expand...


-
jool
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Move AD domain controller from DMZ to Private LAN 1
Replicating files from old to new AD domain controller 3
Caching Only DC? 5
why do I want a domain controller and AD ? 2
DCPROMO fails from one domain controller 5
Help with initial small org AD setup convention when using DMZ network 1
WINDOWS 2003 AD With Win2000 Standalone DNS Server ? 1
Parent Domain Zone Disappears From External DNS Server 9

Top