none
Active Directory LDS placement inside or Outside a Firewall

    Question

  • Hi there,

    Can I get some advise where is the Best Place, or what is the Best practice to Install the AD LDS..?

    Should it be Inside a firewall, or Outside the firewall in the DMZ?

    Our train of thought is place the AD LDS in the DMZ for External customers

    Our application Web portal will reside in DMZ, along with our AD LDS instance for our External customers, thus separating our internal Active Directory users inside the firewall....so where should we depoly AD LDS.

    Any help appreciated...

    Kr

    Paul


    • Edited by Griffinpa Thursday, August 29, 2013 12:34 PM
    Thursday, August 29, 2013 12:16 PM

Answers

All replies

  • Hello,

    use it in the DMZ along with the web application servers to be separated from the internal LAN. See here about http://technet.microsoft.com/library/dd728034.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.


    • Edited by Meinolf WeberMVP Thursday, August 29, 2013 12:37 PM link added
    • Marked as answer by Griffinpa Friday, August 30, 2013 7:47 AM
    Thursday, August 29, 2013 12:34 PM
  • These video link have the best feasible answer for the solutions...

    http://youtu.be/uSIMnl4hvEU

    Thanks.

    Thursday, August 29, 2013 2:22 PM
  • Additionally, Go through the below:

    http://technet.microsoft.com/en-us/library/cc754361(v=ws.10).aspx


    Devaraj G | Technical solution architect

    Thursday, August 29, 2013 4:04 PM
  • Hi Meinnolf Weber,

    Looking for a Warm cozy feeling....

    Sorry for bothering you, we plan on storeing AD LDS on a Web server in the DMZ and this will also handle Authentication for External Users only.

    Do you think this is ok....Would you store the AD LDS outside the Firewall in the DMZ or Inside the Firewall in the backbone comapartment, it uses two ports 636 and 389 and allow the Web box in the DMZ integate with AD LDS inside the firewall.

    Your Insight would be very helpful.....

    Kr

    Paul

    Friday, August 30, 2013 9:27 AM