none
Access Active Directory from the outside

    Question

  • We (a school) have been running our Active Directory successfully for many years and recently we set up an intranet Moodle site for our learners to use. This has been equipped with an LDAP pluggin and it successfully validates users against their active directory account without issue. However we are trying to move Moodle online for the learners to work at home. I have acquired hosting and a domain with Moodle installed. I also have a number of public IPs to play with.

    My Question: how do I connect this online website to my active directory. I have a number of IPs to use, and have even fiddled around with port forwarding but without success.

    the server: 2008 r2 which functions as our AD DC, DHCP, DNS.
    2 network adapters:
    adapter 1: 192.168.1.1 GW 192.168.1.8 - this functions as the interface internal users use to access network services. - part of the original setup
    adapter 2: 192.168.1.252 GW 192.168.1.251- originally with a public IP, its now setup to port forward to the public IP, this works - recently added for this project

    The port  forward works, this can be demonstrated by pinging (from a remote PC) the address when only adapter 2 is enabled - the packets get through. However as soon as both adapters are enabled, they compete for place, therefore only one or the other works. I realize that this is the server acting correctly, a second gateway is supposed to be for redundancy.

    How then do I connect my external website, through LDAP to my domain controller?


    • Edited by Projector_man Friday, February 24, 2017 10:11 AM more information
    Friday, February 24, 2017 10:09 AM

Answers

  • Hi

    the server: 2008 r2 which functions as our AD DC, DHCP, DNS.
    2 network adapters: >>>>

     These really not a correct configuration,There should be single NIC on Domain Controllers,Multiholmed NIC config cause of issues on DC's.ALso you should not directly open AD to internet,there is a big security risk.

    So you should check these options;

    AD FS; https://technet.microsoft.com/windows-server-docs/identity/active-directory-federation-services

    AD LDS ; https://technet.microsoft.com/en-us/library/cc754361%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    or configure vpn server.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Kirill Nikolaev Saturday, February 25, 2017 2:30 AM
    • Marked as answer by Projector_man Thursday, March 30, 2017 1:16 PM
    Friday, February 24, 2017 5:48 PM

All replies

  • Hi

    the server: 2008 r2 which functions as our AD DC, DHCP, DNS.
    2 network adapters: >>>>

     These really not a correct configuration,There should be single NIC on Domain Controllers,Multiholmed NIC config cause of issues on DC's.ALso you should not directly open AD to internet,there is a big security risk.

    So you should check these options;

    AD FS; https://technet.microsoft.com/windows-server-docs/identity/active-directory-federation-services

    AD LDS ; https://technet.microsoft.com/en-us/library/cc754361%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    or configure vpn server.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Kirill Nikolaev Saturday, February 25, 2017 2:30 AM
    • Marked as answer by Projector_man Thursday, March 30, 2017 1:16 PM
    Friday, February 24, 2017 5:48 PM
  • Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions. If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 3, 2017 6:52 AM
    Moderator