Register

Forgot Password

Site FAQ

Home > IT Answers > Windows Server > Active Directory access through DNS via the Interenet

123456

300 pts.

Active Directory access through DNS via the Interenet

Active Directory, DNS

I would like to configure Active Directory so that it is accessible through a DNS via the Internet. Particularly I would like to access URLs available on the Intranet through the Internet, as in the case of MS OWA. Is this possible?

Software/Hardware used:

ASKED: January 2, 2008 3:12 PM

UPDATED: February 22, 2008 5:31 AM

RELATED QUESTIONS

Answer Wiki:

It is recommended that you do not expose your AD DNS servers to the Internet. Doing so can be very dangerous as it would give everyone in the world access to all your internal machine names; pretty much the holy grail of hacking your network. It's recommended that you either require your staff to VPN into the office network and connect from there, or if you need access to services which can be secured via SSL add those services to your public DNS. While from the inside you would access the corporate intranet by typing "http://intranet/" into the web browser from the outside you would have to type in "https://intranet.company.com/" and then log into the intranet by entering your user name and password (typically your domain credentials).

Last Wiki Answer Submitted: January 2, 2008 5:18 pm by Denny Cherry

64,520 pts.

All Answer Wiki Contributors: Denny Cherry

64,520 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jan 3, 2008 4:46 AM (GMT)

I am not sure what it is that you are trying to expose but there may be a way to do it securely. Essetially, you would like some Intranet resources to be available over the Internet — presumably using HTTPS. Depending on the nature of the data, you might consider hosting the data in a DMZ and exposing it that way. On the other hand, if the data is particularly sensitive, you may consider a front-end connection in the DMZ that communicates with back-end servers on the corporate network to limit direct exposure, similar to the FE-BE architecture of Exchange 2003 and 2000 and CAS/Mailbox architecture of Exchange 2007.

The best security is not exposing it at all but cutting off the cord isn’t always practical, in which case, using a VPN solution may be better, like Mrdenny pointed out.

Wrobinson

5,610 pts.

POSTED: Feb 22, 2008 5:31 AM (GMT)

What did you end up doing with your issue? We are always interested to here the end result.

Denny Cherry

64,520 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags