Monday, August 20, 2012 12:54 AM
We need to deploy the active directory in dmz in all my active directory sites.
We have 4 active directory sites in these 4 sites we are planning to deploy the additional domain controller.
For each dmz we need to deploy two domain controller totally 8 domain controller need to be deployed for all dmz.
All 4 sites are protected with firewall. Let me know the procedure and ports need to be blocked and opened for the active directory replication.
Os: windows server 2008r2
Monday, August 20, 2012 1:06 AM
Guidance for Active Directory in the DMZ and required ports?
Active Directory Firewall Ports
Deploying domain controllers in a DMZ
Hope this helps
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Monday, August 20, 2012 1:40 AM
Are you planning a full Read/Write DC or have you considered RODCs, remember security becomes even more important in a DMZ. Microsoft has a white paper you should definitely check out
Active Directory Domain Services in the Perimeter Network
Monday, August 20, 2012 11:49 AM
Since you are planning to add DCs in the DMZ zone and that here you will have a security constraint, I would recommend that you use RODCs. The reason is that these RODCs are Read Only and update operations can not be done directly on them. However, applications which will use these RODCs may not support such type of DCs. For this reason, you have to check this part before proceeding.
Note that, if you will add a DC in the DMZ zone, these DCs should be able to replication with at least one RWDC with GC. All the needed ports should be opened in both direction: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls-en-us.aspx
Tuesday, August 21, 2012 11:46 AMModerator
Are you going to deploy RWDC or RODC in the segmented network? If you plan to use RODC, then surely you need to consider the pros/cons of the RODC in the perimeter network.
Finding Additional Resources for Windows Server 2008 Active Directory Logical Structure Design
All About (RODC)Read Only Domain Controllers http://awinish.wordpress.com/2011/10/04/rodc-read-only-domain-controller/
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.comDisclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.