crws416 Posted December 10, 2006 Posted December 10, 2006 HI all,I am hoping that some of you may be able to help me in what seems to be a bit of a confusing issue.Currently I have two 2003 servers in seperate domains (domain 1 and domain 2), but which are linked via a trust relationship. The problem is the second server (domain 2) has public facing services (web interfaces etc..) and it is this server which we wish to bring into the main domain (domain 1) (removing the need for a trust relationship and cleaning up active directory). However we do not want the Active Directory publicly exposed, as bringing the second server into the main domain creates a bit of a security issue.Can anybody suggest ways to carry out this and limit the security risk.(P.S. i know it is not a very nice first post and i appolgise, but i would greatly appreaciate any help i can get)
Stoic Joker Posted December 10, 2006 Posted December 10, 2006 Generally much more detail is required to make recommendations for this type of question, but I'll wing-it with two possible options.Quick-N-Dirty - Make server 2 (from domain 2) a member server of domain 1. Then Machine Lock any publicly used service accounts to the member server. This just leaves them "Stuck on the Porch" so to speak.Option 2 - Use server 2 to create an empty forest root. Most of the networks I deal with are small that this type of configuration needs, so I can't provide any detail on how it works. But if I recall correctly this is the MS recommended configuration.I'm currently pre-Coffee...Stoic Joker
crws416 Posted December 10, 2006 Author Posted December 10, 2006 (edited) Many thanks Stoic Joker,for the two well suggested options . Im still relevatively new to all this so i will take a look into each suggestion and way up which seems most suitable for my application.Once again many thanks for the suggestions, i did not expect to get any responses given the question i asked.Cheers Edited December 10, 2006 by crws416
cluberti Posted December 10, 2006 Posted December 10, 2006 If you wish to have a second directory (but keep all servers in the first), consider ADAM on 2K3.
crws416 Posted December 11, 2006 Author Posted December 11, 2006 thanks for the suggestion,will take into consideration.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now