Active Directory access through DNS via the Interenet

300 pts.
Tags:
Active Directory
DNS
I would like to configure Active Directory so that it is accessible through a DNS via the Internet. Particularly I would like to access URLs available on the Intranet through the Internet, as in the case of MS OWA. Is this possible?

Answer Wiki

Thanks. We'll let you know when a new response is added.

It is recommended that you do not expose your AD DNS servers to the Internet. Doing so can be very dangerous as it would give everyone in the world access to all your internal machine names; pretty much the holy grail of hacking your network.

It’s recommended that you either require your staff to VPN into the office network and connect from there, or if you need access to services which can be secured via SSL add those services to your public DNS.

While from the inside you would access the corporate intranet by typing “http://intranet/” into the web browser from the outside you would have to type in “https://intranet.company.com/” and then log into the intranet by entering your user name and password (typically your domain credentials).

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Wrobinson
    I am not sure what it is that you are trying to expose but there may be a way to do it securely. Essetially, you would like some Intranet resources to be available over the Internet -- presumably using HTTPS. Depending on the nature of the data, you might consider hosting the data in a DMZ and exposing it that way. On the other hand, if the data is particularly sensitive, you may consider a front-end connection in the DMZ that communicates with back-end servers on the corporate network to limit direct exposure, similar to the FE-BE architecture of Exchange 2003 and 2000 and CAS/Mailbox architecture of Exchange 2007. The best security is not exposing it at all but cutting off the cord isn't always practical, in which case, using a VPN solution may be better, like Mrdenny pointed out.
    5,625 pointsBadges:
    report
  • Denny Cherry
    What did you end up doing with your issue? We are always interested to here the end result.
    66,010 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following