ADAM instead of setting up domain in the 'perimeter' ? Sharepoint+AD

From: Marlon Brown (nomail_at_brown.com)
Date: 10/12/05


Date: Wed, 12 Oct 2005 08:56:33 -0700

We are currently planning to setup an AD forest in the perimeter network to
accomodate a number of front/back end Sharepoint servers and DC's, etc. The
idea is that if extranet users need to access Sharepoint from the extranet,
they could authenticate using accounts existing in such "Domain-Perimeter"
and avoid coming "inside" my organization for future access. Such
"Domain-Perimeter" would be setup in a separate Forest with an one-way trust
relationship to my corporate domain.

I just thought more about it:
How about instead of setting up an entire domain infrastructure to
accomodate such security need of account isolation, I just setup an AD/AM
structure in a Sharepoint servers "inside" my organization. That way I could
accomplish the same goal of providing external users with "isolated"
accounts from my corporate domain and I could make the whole implementation
much easier.

Let me know your thoughts and whether that would work.



Relevant Pages

  • Re: Cross Domain privialges for Domain Admins
    ... Since the post you are replying to is an older post, and the person that originally posted possibly has a different setup than yours, it would probably be better that you started fresh and posted your own new thread and stated your current setup, what operating system version, what domain and forest functional levels are set to, as well as if domain1 and domain2 part of the same forest, different forest with a forest trust, two way NTLM trust, how is DNS setup between the domains or the forest trust, is there a DNS parent-child delegation in the forest, etc. ... and you created the Universal group in a child domain. ... Create a global group in domain 1 and place the user account(domain ...
    (microsoft.public.windows.server.active_directory)
  • RE: NT 4.0 to windwos 2003 network
    ... By creating one forest with two trees ... I would like the setup with win2003 do I need to create multiple ... >> use two trees depends on your existing DNS. ... >> Windows 2000 Active Directory Migration Tool ...
    (microsoft.public.windows.server.migration)
  • Re: Trusting Domains
    ... | From: "Chris DeFreitas" ... | created the trust between. ... | I have DNS setup on both sides. ... Are they both members of the same forest, ...
    (microsoft.public.win2000.active_directory)
  • Re: WIn2003 Trust betwee domains, same forest is possible ?
    ... Imagine I want to setup a separate domain to isolate "student" from "staff" resources and provide different set of security policies. ... I have conflicting information from two 'specialists':one says that two domains configured within the same AD forest will be setup as two way trusts. ...
    (microsoft.public.win2000.active_directory)
  • Re: Works RPCoverHTTPS with W2K GC
    ... this is the only GC in this domain (forest). ... one GC are working in this setup, afaik every DC must be a GC. ... The second one would be a inplace upgrade from the W2K DC to a working W2K3 ...
    (microsoft.public.exchange2000.active.directory.integration)