Re: Why you wouldn't want a server in the domain

Tech-Archive recommends: Fix windows errors by optimizing your registry

"Charles Melton" <Charlesc.Melton@xxxxxxxxxx> wrote in message
news:1861ADB9-1419-4C3E-BAA0-5811B8CAD9F3@xxxxxxxxxxxxxxxx
First, I should identify my network organization. We currently have 3
domains, 1 W2k3, and 2 W2k domains. Two of those are client facing and
one

"client facing"? What specifically do you mean by that?

is internal only. None of these have any Internet presence. We also have
no
servers in our Internet DMZ or in our client facing DMZ. Everything is on
our internal network. Although, the client domains are on a seperate
subnet
and VLAN from the internal domain.

I also have several servers that are not connected to any domain. 3
Microsoft SQL Servers (that only use SQL authentication), several servers
that are backup media agents, and the master backup system that
coordinates
all the backups.

One of my cohorts has been bugging me lately to make them all part of any
one of the domains.

GENERALLY good advice unless there is some specific
counter-reason (which are very seldom sufficient.)

So far, I've resisted because, at least with the SQL
servers, it just seemed to isolate them better and dare I say, it seemed
like
the right thing to do.

Sounds religious or illogical.

USUALLY security and access can be better manage within
the domain (although this is NOT 100%); most of the reasons
for doing otherwise are discounted by your having everything
INTERNALLY ISOLATED.

Now I'm wondering why. Could you give me any reasons
why I should (or shouldnt) keep these servers outside the Active Directory
Windows domain? Am I just being pig headed for no good reason.

No, I can give you no reason why you should keep them external.

There are many reasons for joining them to the domain including,
single account logon, centralized (account and server) management,
GPO control, consolidated updates, consistent administration, etc.

Thank you for any assistance or thoughts you may wish to provide.

I would join them to the domain unless I had a clear and compelling
(set of) reason(s) to do otherwise.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


.

Relevant Pages

  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)
  • Re: Restrict Dynamic Updates
    ... exposed to the Internet is an inherently bad idea, but am in a position where ... my thought was to leave the clients pointing to the BIND/DNS ... servers to resolve all non-AD queries and redirect them to the AD/DNS servers ... internal DNS server host external public data. ...
    (microsoft.public.windows.server.dns)
  • Re: Windows client - internet connection sharing
    ... or USB port on your FreeBSD box. ... This enables you to set up a 'DMZ' network, ... instance have several servers visible on the Internet. ...
    (freebsd-questions)
  • Re: EBS 2008 and e-mail issues
    ... Whilst doing this they used the DNS ... I have reset all the firewalls rules back to default on the TMG server, ... Removed the DNS servers ... On 2003 SBS one would probably easily solve this by running the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: How Secure is ".Local?"
    ... dozen servers and ~500 websites/public domains. ... I'm weighing the importance of split-brain DNS ... >It is not going to provide your zone info to anyone ... >on the Internet since local is NOT a zone in the ...
    (microsoft.public.win2000.dns)