Active Directory Integration question

From: Jim Shelly (jshelly@cherokee.org)
Date: 08/27/02 

From: "Jim Shelly" <jshelly@cherokee.org>
Date: Tue, 27 Aug 2002 15:37:17 -0500

Hello all,

My apologies if I am posting in the wrong place, if so please instruct me to
the proper forum. I am posting here because my issue has to do with
security and how it relates to Active Directory.

My team has implemented a security model in SQL Server for external web
users because we see this as being, potentially, a very big user base.

I can't help but think that we could take advantage of Active Directory for
implementing security as apposed to the SQL Server approach.

I am not that familiar with the details of Active Directory or the
structures I can put in place.

What I would like to do is this:

We have our internal userbase which is all our employees. This of course is
not a problem to set up an Intranet and authenticate against the PDC (or
Active Directory Catalog). I am wondering... Can we set up a portion of
our network (with it's own independant Catalog) As "web" for instance and as
our external user base grows the users get added into this Catalog?

What are the limits that I should be concerned with? Would 250,000 users
(this is what I am importing) be too big for a starting point? I would
also use Windows authentication against my sql server database to do field
(column) level security. This is why I am looking at this method.

All comments would be appreciated, and if you have fought a similar battle
and won or have answered the same questions I would be interested in hearing
your approach.

Thank you!

Jim

Relevant Pages

  • Re: Grant Administrative Access to a Domain Controller
    ... Anyone with a good understanding of AD and Windows security will easily see ways of compromising the environment. ... Do not give enhanced rights to Domain Controllers to anyone you don't trust with Domain and/or Enterprise Admins. ... Just know that minimal access can be parlayed into even more access and try as you might, you cannot secure Active Directory from people with server operator or admin or several other levels of access rights on a DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: userenv and NETLOGON errors
    ... > You can go on asking for an IPCONFIG if you wish, but I'd still ask you to ... > the lifetime of the network I wouldn't ... > I don't agree at all with the old saw you mis-quote "Security by Obscurity ... > everyone should have no problem posting their Driver's License and Social ...
    (microsoft.public.windows.server.sbs)
  • Re: Grant Administrative Access to a Domain Controller
    ... MPerrault suggested security, you said "IT CAN BE DONE WITHOUT ANY FANCY ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... Controller Security Policy are also options to log on as a service, ...
    (microsoft.public.windows.server.active_directory)
  • [NT] Active Directory Stack Overflow
    ... Beyond Security in Canada ... Active Directory, which is an essential component of the Windows 2000 ... A vulnerability in Active Directory allows an attacker to crash and force ... The vulnerability can be triggered when an LDAP version 3 search request ...
    (Securiteam)
  • Re: Diebold Voting Machines - Security Hole
    ... Thank you for posting the expanded info, ... Critical Security Hole Found in Diebold Machines Posted by Zonk on Friday ... Diebold voting systems and a standard component available at any computer ...
    (comp.os.linux.security)