Re: Small company Best Way to allow customers AD logon
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sun, 13 Aug 2006 22:25:14 -0700
As I read you post, they are telling you to place your AD infrastructure
into an unneeded exposure to risk (of data privacy at least) all for the
sake of convenience in maintaining accounts for externals.
If that is true, tell them they are crazy, or at least very short sighted.
Suggest ADAM, or an ADFS implementation if these corporate externals.
"jremmc" <jremmc@xxxxxxxxxxxxxx> wrote in message
news:uUxx7UWvGHA.2260@xxxxxxxxxxxxxxxxxxxxxxx
Small company. W2K3 SP1. Empty root with 2 DCs and one child domain with 2
DCs. No DMZ. (public site hosted elsewhere). No customer access up to now,
but now find need for it.
Customers need to access a 3rd party application on a member server. That
app now uses own database for authentication. It can use LDAP queries to
AD for authentication (different app than posted about few days ago but
same mfgr), which is what app manager wants to do, as maintaining db is
time consuming. But if app switches to AD for authentication it must use
AD for all authentication (i.e. can't use AD to validate employees and
also use own db for customers.)
I of course do not want to add any non-employees to AD. But...
Any suggestions on ways to set up customers in AD appreciated. (i.e.
separate OU, separate domain, ???, deny read rights to all containers
except ?)
Thanks,
jremmc
.
- References:
- Small company Best Way to allow customers AD logon
- From: jremmc
- Small company Best Way to allow customers AD logon
- Prev by Date: Re: Small company Best Way to allow customers AD logon
- Next by Date: Local account tries to authenticate to DC when service starts
- Previous by thread: Re: Small company Best Way to allow customers AD logon
- Next by thread: W2K3 Server File Deletion From Windows Service
- Index(es):
Relevant Pages
|
