Re: How To Force LDAP Queries Through One Domain?

Sorry, I didn't finish typing before I put up the last post. The point of
all the URLs I posted is to show that there is actually quite a lot written
by Microsoft on the subject of putting domain controllers behind firewalls,
and I find it hard to believe that they wouldn't suggest this as a best
practice for many of the scenarios they detail in those articles.

--
Will


"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:i_idnZOKuM-gsDveRVn-rg@xxxxxxxxxxxxxxx
> There is at least one Microsoft Knowledge Base article that details what
> ports to open between a client and a domain:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
>
> And this Knowledge Base article details how to configure RPC for this
case:
>
> http://support.microsoft.com/kb/154596/
>
> And this White Paper discusses "best practices" for domains behind
> firewalls:
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767-a9166368434e&displaylang=en
>
> Other white papers on the topic of isolating domain controllers behind
> firewalls:
>
>
http://www.microsoft.com/downloads/details.aspx?familyid=9A3E2B2B-695D-4FF9-BCB1-5F2F3001845E&displaylang=en
>
http://www.microsoft.com/downloads/details.aspx?familyid=9353A4F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en
>
http://www.microsoft.com/downloads/details.aspx?familyid=156C73A1-F9C2-41C7-B5C1-A509FB255447&displaylang=en
>
> And finally there is Microsoft document on planning Federated Forests with
> Windows 2003 that documents behavior between two forests in a trust, and
all
> of those images in this document clearly show firewalls between the
forests.
>
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/activedirectory/fedffin2.mspx#EHAA
>
> --
> Will


.

Relevant Pages

  • Internal AD security
    ... firewalls, but can't still understand what the best way ... to set up an internal secure environment (most ... policy manager to set a range of port filters on domain ... communication between domain controllers (there are no ...
    (microsoft.public.win2000.security)
  • Re: Domain Cloning
    ... 1.Install additional Domain Controllers and copy the entire directory- ... 2.Backup all the user data (home folders, profiles etc) and restore it on ... FSMO roles - Ensure that noth AD Forests never talk to each other ...
    (microsoft.public.windows.server.migration)
  • Re: How to make subdomain standalone
    ... Establish DNS communications are configured between the two forests. ... The parent domain is in overseas. ... All the domain controllers ... that used to be the main controller for the subdomain. ...
    (microsoft.public.windows.server.active_directory)
  • IPsec on DCs
    ... I have domain controllers seperated by firewalls. ... I want to encapsulate all replication traffic using IPsec, ... When I create an IPsec policy in domain controller security ...
    (microsoft.public.windows.server.active_directory)
  • Re: domain controllers cannot find global catalog
    ... especially single domain forests) make all DCs GCs... ... >restore using this setup on all three servers? ... >just somehow domote the three domain controllers and then make a domain ... >controller of the same name on a brand new server that I have just setup. ...
    (microsoft.public.win2000.active_directory)