Active Directory LDS placement inside or Outside a Firewall


  • Hi there,

    Can I get some advise where is the Best Place, or what is the Best practice to Install the AD LDS..?

    Should it be Inside a firewall, or Outside the firewall in the DMZ?

    Our train of thought is place the AD LDS in the DMZ for External customers

    Our application Web portal will reside in DMZ, along with our AD LDS instance for our External customers, thus separating our internal Active Directory users inside the where should we depoly AD LDS.

    Any help appreciated...



    • Edited by Griffinpa Thursday, August 29, 2013 12:34 PM
    Thursday, August 29, 2013 12:16 PM


All replies

  • Hello,

    use it in the DMZ along with the web application servers to be separated from the internal LAN. See here about

    Best regards

    Meinolf Weber
    Microsoft MVP - Directory Services
    My Blog:

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Edited by Meinolf WeberMVP Thursday, August 29, 2013 12:37 PM link added
    • Marked as answer by Griffinpa Friday, August 30, 2013 7:47 AM
    Thursday, August 29, 2013 12:34 PM
  • These video link have the best feasible answer for the solutions...


    Thursday, August 29, 2013 2:22 PM
  • Additionally, Go through the below:

    Devaraj G | Technical solution architect

    Thursday, August 29, 2013 4:04 PM
  • Hi Meinnolf Weber,

    Looking for a Warm cozy feeling....

    Sorry for bothering you, we plan on storeing AD LDS on a Web server in the DMZ and this will also handle Authentication for External Users only.

    Do you think this is ok....Would you store the AD LDS outside the Firewall in the DMZ or Inside the Firewall in the backbone comapartment, it uses two ports 636 and 389 and allow the Web box in the DMZ integate with AD LDS inside the firewall.

    Your Insight would be very helpful.....



    Friday, August 30, 2013 9:27 AM