I'm starting to work on a security project which includes setting up a domain controller for my company. I have a few questions: Do I need a proxy when having a domain controller on the network? Are there interactions between a domain controller and firewalls? If so, what are these interactions? How to manage the laptops for people going to customer sites? Are there any impacts on using Outlook when having a domain controller? Best Regards

1. no, you can use a proxy for communication with the internet, but thats unrelated to your dc functionality 2. assuming you have one net in your company where the computers reside, no, there are no intertactions. if you have multiple nets that are seperated by firewalls, you will need some ports opened, for example for dns. so, this one depends on your infrastructure 3. depends what those laptops need to be able to do when out of office. people can still log on locally on the laptop, if the user loged on the laptop while in the domain, user credentials are cached, so he can log on while out of office with those cached credentials. 4. not directly, unless you want to introduce exchange. if your outlook clients use pop3/imap atm, they will still be able to do so when they are part of a domain

1) Do I need a proxy when having a domain controller on the network? No there is no need to have proxy address on the server. If the server is synching the time from external time zone and forwarders are mentioned in the Dns then you might handle all these things using your firewall. 2) Are there interactions between a domain controller and firewalls? If so, what are these interactions? Depends upon the scenario. Lets say that one of your users is trying to authenticate the user behind the firewall then you might need to open caertain ports on the firewall. http://support.microsoft.com/kb/179442 3) How to manage the laptops for people going to customer sites? Again depends upon the scenario what kind of managemnt you are looking for and how the clients are connecting i mean using leased lines, MPLS or vpn connections . Still you can use remote desktop to manage them in case if they have any issues related to os and for deploying patches and software you might look forward with sccm. 4) Are there any impacts on using Outlook when having a domain controller? No http://www.virmansec.com/blogs/skhairuddin