Re: AD Proxy

Hopefully you get a good response from that group. I would imagine it can
be done fairly easily, but not sure just how easily.

Active Directory integration
ISA Server can leverage the user database stored in Active Directory to
authenticate both inbound and outbound access through the firewall. Active
Directory integration is available even when the ISA Server computer is not
a member of an Active Directory domain.



You can read more about it here:
http://www.microsoft.com/isaserver/evaluation/features/default.mspx

In my mind, you would basically publish the AD servers via ISA to the VPN
network. When you give name resolution information to the vpn client, they
would use that information to find the AD servers and the ISA server would
proxy the authentication for you. LDAP might be a little more attached to
your application if that's what it's for.

Al


"Hugh" <Hugh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E84980BB-AACF-47E9-BF63-BB873AB5A838@xxxxxxxxxxxxxxxx
> I've put a similar post in the ISA Server area, but we have no experience
> with ISA Server at this time.
> --
> Hugh
>
>
> "Al Mulnick" wrote:
>
>> Have you already looked at what ISA server can do for you?
>>
>> Al
>>
>> "Hugh" <Hugh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:79DEDFE7-BFA3-46DA-B03B-877C8F70C330@xxxxxxxxxxxxxxxx
>> > We are creating a secure DMZ area (VPN access only) and would like to
>> > have
>> > AD
>> > services in this network. This "SecureNet" will be firewalled off from
>> > the
>> > internal network. Rather than putting a domain controller in the
>> > SecureNet,
>> > we would prefer to put an LDAP proxy server that would accept LDAP
>> > requests
>> > from systems in the SecureNet and forward those requests through the
>> > firewall
>> > to the internal domain controllers. Specifically, I said "AD" proxy
>> > instead
>> > of "LDAP" proxy because I need Kerberos services to be proxied as well.
>> > Thus, I need the proxy server to appear and act just like an AD domain
>> > controller for the purposes of authentication. Any thoughts on whether
>> > this
>> > is possible and, if so, how to accomplish it?
>> >
>> > --
>> > Hugh
>>
>>
>>


.

Relevant Pages

  • Re: AD Proxy
    ... Active Directory integration seems to be useful for controlling access across ... other traffic from the SecureNet will be allowed through the firewall. ... > Directory integration is available even when the ISA Server computer is not ...
    (microsoft.public.windows.server.active_directory)
  • Putting Active Directory Server On Its Own Segment
    ... give access to on the ISA Server? ... Internal network to access DNS on the Active Directory perimiter network, ...
    (microsoft.public.isa)
  • Re: Moving Windows2000 BDC to a different machine
    ... http://www.chrisse.se - Active Directory Resources ... I have a machine installed as a BDC with ISA server ... are planing about buying a better piece of hardware for this role. ... Can this be done with Windows 2000 Server with a bdc ...
    (microsoft.public.win2000.active_directory)
  • Re: Authentification problem with isa 2004
    ... "ISA Server can leverage the user database stored in Active Directory to ... authenticate both inbound and outbound access through the firewall. ... Directory integration is available even when the ISA Server computer is not a ...
    (microsoft.public.isa.configuration)
  • Re: Probs. Initializing Enterprise Schema & Active Directory
    ... running the ISA Server Enterprise Initialization. ... I say yes, and the install prog. ... >in the Active Directory." ...
    (microsoft.public.isa.enterprise)
Loading