Active Directory network security

From: RGN (norman.r@btclick.com)
Date: 11/05/02

Previous message: Scott Mulcahy: "RE: Access to well-known ports on Win2K"
Next in thread: J. .: "RE: Active Directory network security"
Reply: J. .: "RE: Active Directory network security"
Reply: Dozal, Tim: "RE: Active Directory network security"
Maybe reply: Jason Normanton: "RE: Active Directory network security"
Maybe reply: J M: "RE: Active Directory network security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "RGN" <norman.r@btclick.com>
To: focus-ms@securityfocus.com
Date: Tue, 05 Nov 2002 14:01:14 -0000

Hello, all

I am currently involved in a migration project where a number of NT4
domains are to be migrated into an enterprise-wide Active Directory
forest comprising numerous domains. There is no 'IT Department' which
has jurisdiction over all the domains so a huge variation of security
standards is experienced.

To counter the risks posed by the less secure areas, the organisation
I work for has placed firewalls at our interfaces with the other
sections of the enterprise. These firewalls will have to be weakened
or removed completely to facilitate the proposed migration and I am
concerned that this may open the network up to security problems
experienced in the areas with less emphasis on security.

Does anyone have any experience of such a situation? Is it as bad as
I fear, or is Microsoft A/D secure? Are there are documented cases of
this type of migration going wrong due to security being overlooked?

For example, could a compromised workstation in a remote site affect
the workstations or servers in another domain? If so, what can be
done to limit the exposure?

Are there any other things to avoid or to be aware of?

Any help will be gratefully received.

Thanks

Regards
Richard

Previous message: Scott Mulcahy: "RE: Access to well-known ports on Win2K"
Next in thread: J. .: "RE: Active Directory network security"
Reply: J. .: "RE: Active Directory network security"
Reply: Dozal, Tim: "RE: Active Directory network security"
Maybe reply: Jason Normanton: "RE: Active Directory network security"
Maybe reply: J M: "RE: Active Directory network security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: ADMT SID History Question ?
... According to your message, yes, you don't have to run the Security ... Translation Wizard after you have migrated accounts including SIDHistory. ... Exchange Directory Migration Wizard only lists some simple attributes to ... We grant D1\U1 the permission to access Resource1. ...
(microsoft.public.windows.server.migration)
Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ... while those resources still have security descriptors from the old domain. ...
(microsoft.public.windows.server.migration)
Re: Migrating User Profiles After Moving To New Domain
... Migration high level steps COULD BE: ... security on the client, and translate profiles (at this moment users start ... Translate security of the data/resources from source security ...
(microsoft.public.win2000.active_directory)
Re: root forest AD DC crashed
... it is another forest root domain. ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ...
(microsoft.public.win2000.active_directory)
Re: migration of domain and file server from NT 4.0 to 2003
... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data from source security principals to ... How can I migrate file server that has user home directories and other ...
(microsoft.public.win2000.active_directory)