What's the most secure way to connect to Active Directory from a DMZ?
It exist a Microsoft document talking about that :
Active Directory Domain Services in the Perimeter Network (Windows Server 2008)
You can also take inspiration from Microsoft consideration on installing an Exchange Front-end computer into a DMZ
Front-End and Back-End Server Topology Guide for Exchange Server 2003 and Exchange 2000 Server
Bestter
I'm a web developer with almost 20 years of professional experiences, fluent in C#, JavaScript, and in HTML and CSS. I also have experiences in administration of SQL Server.
Updated on June 07, 2022Comments
-
Bestter about 2 years
I got a web DMZ server, that hosts an "Extranet" ASP.NET application. I want that users should authenticate to this application using the same user and password that they use on their Windows at work. (we are using Active Directory)
I want to know what the best way is -the most secure way - to connect from the DMZ web server to the Active Directory.
For now I saw two possibilities:
- RODC
- LDAP Over SSL (LDAPS)Are there any other option you recommend? What other options should I consider? Any limitation, or potential problems with any of those solution?