LDS in a DMZ with bind redirection
Hi everybody,
This is the setup i'm testing right now:
I want to authenticate my internal users to an application in the DMZ with their AD credentials. So i configured an LDS (ProxyUser) on the DMZ to sync from an AD in the internal network and i'm doing a bind redirection to authenticate my user with
their AD accounts. Everything gone well.
Is this the most secure configuration possible to use AD credentials against application deployed on the DMZ ?
I've checked RODC also but i prefer to use LDS since it allows me to select the objects/attributes i want to sync.
Thank you.
December 4th, 2012 5:17pm
Hi,
Thank you for the post.
If you want to provide authentication mechanism to AD-based user accounts via DMZ-resident AD LDS instance, then you may refer to blog:
http://blogs.technet.com/b/idaguys/archive/2009/06/19/overiview-of-authentication-in-ad-lds.aspx
for more info on how to get this accomplished.
Regards,Nick Gu - MSFT
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2012 12:24am
Hi,
Thank you for the post.
If you want to provide authentication mechanism to AD-based user accounts via DMZ-resident AD LDS instance, then you may refer to blog:
http://blogs.technet.com/b/idaguys/archive/2009/06/19/overiview-of-authentication-in-ad-lds.aspx
for more info on how to get this accomplished.
Regards,Nick Gu - MSFT
December 7th, 2012 8:22am