Re: Joining Servers to a Domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Angelo <andespoint@xxxxxxxxxxxxxxxx>
Date: Mon, 23 Jul 2007 08:19:15 -0400

Hi Ryan,

Thanks for the great insight.

Ryan Hanisco wrote:

Angelo,

You can certanly stop policies and scripts from running on specific servers, so that really shouldn't be the determining factor.

I would be asking questions as to what security benefits they would expect to see, though there are certanly some security and management benefits. For internal servers, I see some definite benefits especially if they are providing services to internal customers.

As to the DMZ, this sends off meny red flags as you generally never want to make any domain-connected servers reachable by the outside world. Usually people will have a seperate forest for the DMZ and use either a trust or federated services to provide access to an internal resource. If your DMZ is properly configured, the ports that you'd need to have them on the domain should be blocked, making this much more complicated than just joining them.

I think you may need a full review of your site's security and the communication channels that are open between the inside, the DMZ, and the outside.

References:
- Joining Servers to a Domain
  - From: Angelo

Prev by Date: Re: Cannot install ADAM, missing from Add Components
Next by Date: Re: How to remove **DELETED SERVER #1 from AD?
Previous by thread: Joining Servers to a Domain
Next by thread: Weird DHCP error
Index(es):
- Date
- Thread

Relevant Pages

Re: DMZ NT4 TO Internal 2000 AD One-Way Trust via Firewall
... leverage an effectivity security policy to ensure that password complexities ... > currently a mess of local and domain users, no security policy, etc. ... DMZ, not publicly accessible) that aren't going away within the stated ... to non-DC web servers in the DMZ on 80 and 443 - none of which are directed ...
(microsoft.public.windows.server.active_directory)
Re: DMZ - Question
... Many times you will go as far as to have a web facing DMZ ... security requirements these systems will likely be on their own VLAN at ... architecture to prevent any web facing servers connecting into the ... Mainframe on the LAN, and a Mail server that need access to another ...
(Security-Basics)
Re: Deploying a DMZ Internationally
... Subject: Deploying a DMZ Internationally ... that there is almost always a lack of corporate security policies in place ... In addition to VLANS you should work on defining security domain boundaries. ... > involved with moving servers to these DMZs and the warfare that will ...
(Security-Basics)
Re: PIX network config advice
... servers are really at once the code hits the box. ... the DMZ, and it works well. ... Thanks for the advice, like I mentioned all my servers are configured from a DHCP entry, so it's simply just assigning the new non-routables from there and then adding the map to the public IP on the PIX. ... I'll certainly test it in my lab, I think I'll go with it - any extra security is a good thing:D ...
(comp.dcom.sys.cisco)
Re: Need urgent help regarding security
... There is plenty of security info out there ... email from even a dozen servers is small. ... an OS version upgrade should not be taken lightly. ... Given that your root password was apparently found on the servers, ...
(freebsd-questions)