Hi All,

I am looking for some ideas and steps to put my AD domain for Public / Internet Facing. Appreciate your help in advance.

Hi All,

I am looking for some ideas and steps to put my AD domain for Public / Internet Facing. Appreciate your help in advance.

Thank you Ahmed & Gleb for your suggestions.

I really do understand the cautions while doing this.

Why I require this, because we have remote user machines, on which I require to apply all policy restrictions which are applied to all domain objects. They have domain ID's. There is no physical connectivity from them with the domain.

Thank you Ahmed & Gleb for your suggestions.

I really do understand the cautions while doing this.

Why I require this, because we have remote user machines, on which I require to apply all policy restrictions which are applied to all domain objects. They have domain ID's. There is no physical connectivity from them with the dom

if you mean that you will need to apply GPOs on these machines then this is not the way to go. You need to see how to have a site to site VPN or simply use a server on this site and create a n

It is not a good idea to expose AD domain controller on public network. If you need to support domain clients on Internet, then take a look at Direct Access technology, which provides an automatic and seemless VPN experience to domain clients on Internet. ADFS can be used if you need to provide authentication and authorization  for application access from Internet. For web-applications, ADFS can be used in combination with Application Proxy, which can do an access control check before client's request is forwarded to applicati

Hi All,

I am looking for some ideas and steps to put my AD domain for Public / Internet Facing. Appreciate your help in advance.

If you are asking about best practices then do NOT place AD for public as mentioned before. If you have remote users, they can still accept group policies if they have appropriate infrastructure like VPN available. Otherwise you can start from here:

• Active Directory Domain Services in the Perimeter Network (Windows Server 2008)

if you mean that you will need to apply GPOs on these machines then this is not the way to go. You need to see how to have a site to site VPN or simply use a server on this site and create a n

Hi All,

I am looking for some ideas and steps to put my AD domain for Public / Internet Facing. Appreciate your help in advance.

If you are asking about best practices then do NOT place AD for public as mentioned before. If you have remote users, they can still accept group policies if they have appropriate infrastructure like VPN available. Otherwise you can start from here:

• Active Directory Domain Services in the Perimeter Network (Windows Server 2008)

If you want to expose your AD domains to the Internet just to make them visible, you should consider read-only DCs.

However, if you want to perform AD operations remotely, the best thing probably would be to use third-party web interfaces for AD and put them into a DMZ. 

Thank you for your valuable comments. As of now I am postponing the plan.

Thank you again

What service will your public facing AD provides? and to whom?