Hi everybody, This is the setup i'm testing right now: I want to authenticate my internal users to an application in the DMZ with their AD credentials. So i configured an LDS (ProxyUser) on the DMZ to sync from an AD in the internal network and i'm doing a bind redirection to authenticate my user with their AD accounts. Everything gone well. Is this the most secure configuration possible to use AD credentials against application deployed on the DMZ ? I've checked RODC also but i prefer to use LDS since it allows me to select the objects/attributes i want to sync. Thank you.

Hi, Thank you for the post. If you want to provide authentication mechanism to AD-based user accounts via DMZ-resident AD LDS instance, then you may refer to blog: http://blogs.technet.com/b/idaguys/archive/2009/06/19/overiview-of-authentication-in-ad-lds.aspx for more info on how to get this accomplished. Regards,Nick Gu - MSFT

Hi, Thank you for the post. If you want to provide authentication mechanism to AD-based user accounts via DMZ-resident AD LDS instance, then you may refer to blog: http://blogs.technet.com/b/idaguys/archive/2009/06/19/overiview-of-authentication-in-ad-lds.aspx for more info on how to get this accomplished. Regards,Nick Gu - MSFT