Re: AD replication over FW
From: Miha Pihler [MVP] (mihap-news_at_atlantis.si)
Date: 07/28/05
- Previous message: Nir B: "AD replication over FW"
- In reply to: Nir B: "AD replication over FW"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Jul 2005 10:15:40 +0200
Use IPSec as article describes.
Note: how secure do you want this to be? If I somehow manage to get into
your DC in DMZ I will always have full access to DC in LAN and from DC in
LAN I will have access to practically all resources in LAN.
If you want to have this as secure as possible, you should setup another
forest in DMZ and create one way trust with forest in LAN.
Let me know if you need more information on this.
-- Mike Microsoft MVP - Windows Security "Nir B" <nir@icomverse.com> wrote in message news:OIq2x0zkFHA.576@tk2msftngp13.phx.gbl... > Hi All, > > > > I have AD that have two DCs, one of the DCs should move to our DMZ and the > second should stay on internal network. > > > > What is the best secure way to keep these DCs synchronizing? (Without > opening all the dangerous ports mention on this article: > http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx ) > > > > Thanks In Advanced! > > > > Nir B > >
- Previous message: Nir B: "AD replication over FW"
- In reply to: Nir B: "AD replication over FW"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
