Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Alternatively,
You could have an two separate forests.
It's the best security option then do a scheduled selective replication from
internal to external for accounts - perhaps even script it.
It's what i'd do - keep your internal and external completely separate,
though this may depend on what your requirements are - what do you exactly
what to do?
How were you planning on sharing the data anyway? TS, WebDAV, OWA?
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:uCAL7CD9EHA.3416@TK2MSFTNGP09.phx.gbl...
> This does work though it is a bit labor intensive. You should also
> consider
> securing/ signing all replication traffic if you are passing it into a
> DMZ.
>
> Take a look at the following link:
>
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
>
> That said, what are you trying to do? Authenticate a web page? OWA? You
> may
> have a better option like LDAP or RADIUS (IAS).
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "ihh" <ihh@discussions.microsoft.com> wrote in message
> news:29E8D85F-6595-4F1A-AE48-1A24E1ADD115@microsoft.com...
>> Hi Paul, thanks for responding, sorry i've been gone over the holidays.
>> Anyway, my question is related to what is the recommended practice for
>> handling access to dmz servers from internal clients. Basically, I have
> two
>> requests. One is to either create a public dmz active directory with a
> trust
>> to the internal domain or allow a domain controller from the inside to
> reside
>> in the public dmz. I am uncomfortable with both and have searched high
> and
>> low for information from others as to what would be the best way to allow
> our
>> users access to servers residing in the public dmz. Do you have any
>> suggestions or best practices. Thanks. ih
>>
>> "ptwilliams" wrote:
>>
>> > Firstly, that's not much of a question if you don't mind me saying so.
>> >
>> > Secondly, why? What are you trying to achieve?
>> >
>> > Give us some more info. and I'm sure we'll be able to help.
>> >
>> >
>> > --
>> >
>> > Paul Williams
>> >
>> >
http://www.msresource.net
>> >
http://forums.msresource.net
>> >
>> >
>> > "ihadhar" <ihadhar@discussions.microsoft.com> wrote in message
>> > news:54AC865F-EAEA-4057-9F0B-A036375CA3B5@microsoft.com...
>> > ihh
>> >
>> >
>> >
>
>