AD replication - IP site to site encryption?

From: sn0rt_y@hotmail.com
Date: 03/07/03

  • Next message: Jay Lagorio: "RE: User rights on Terminal Services"
    From: <sn0rt_y@hotmail.com>
    To: <focus-ms@securityfocus.com>
    Date: Fri, 7 Mar 2003 10:50:40 -0500
    
    

    Good day -
    There is a design being discussed of a Windows 2000 Native mode forest,
    single domain, multiple sites with one DC in each site.
    Each DC will be kept up to date on OS patches.
    Replication between DC's will be over IP without a VPN, IPSEC on the servers
    or LDAP over SSL.

    A question is what type, if any, encryption will be used on the replication
    traffic by default.
    Kerberos authentication will by default be used but will I be able to sniff
    the wire during replication and view say... password changes?

    This info will be used to present a case for using W2K IPSEC DC-to-DC
    communication, LDAP over SSL via certificates or a hardware VPN solution.

    TIA
    Sn0rt_y


  • Next message: Jay Lagorio: "RE: User rights on Terminal Services"

    Relevant Pages

    • RE: AD replication - IP site to site encryption?
      ... RPC replication data is natively encrypted using 128-bit encryption. ... Password changes are sent using LDAP over SSL. ...
      (Focus-Microsoft)
    • RE: Event ID: 1101 Source: GroupPolicy "Windows could not locate the d
      ... It looks like a replication problem since you have multiple sites, ... CompTIA A+, CompTIA N+, ... I have a single domain with multiple sites. ...
      (microsoft.public.windows.server.active_directory)
    • RE: Planning q
      ... There are few items you need to consider for planning the migrated Windows 2003 network. ... 5- Resource servers in the entire network and future planning for their avialbility to the users in windows 2003 network. ... About the site replication across multiple sites that is known as Intersite Replication, you may consider the following information. ...
      (microsoft.public.windows.server.active_directory)
    • Re: A.D. Replication through vpn tunneling
      ... I'm inclined to agree with Phillip, at least for multiple sites - but here ... and a T1 or 512K connection is more than adequate to support normal ... replication between 2 servers. ... If you are using RRAS for VPN, ...
      (microsoft.public.windows.server.networking)
    • Re: SSL info
      ... "About SSL" from Rahul on ... >> My suggestion would be to have multiple sites under one name -- e.g. ... >> Microsoft MVP - Windows Security ...
      (microsoft.public.inetserver.iis.security)