+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, allow external computers to access the DC or domain users in Technical; hello, this is my first post. I'm sorry if i posted in the wrong area. I want to allow an ...
  1. #1

    Join Date
    Oct 2012
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    allow external computers to access the DC or domain users

    hello,

    this is my first post. I'm sorry if i posted in the wrong area.

    I want to allow an external server to be able to use Domain Users or Authenticate the users with Active Directory. I don't want to have to use VPN. How can that be done?

    Currently we have a couple applications installed on the external server that uses active directory. The way it works now is that, that external server needs to VPN to the network all the time so that the active directory users can be authenticated.

    How can I make it work or which technology needs to be used so that it will still authenticate ? ADFS? create a trust between the external server and the internal DC? how?

    Both of the servers are 2008 R2.

  2. #2

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    Do you have control over this external server? If so you will have to consider putting a trust in place (through Active Directory Domains and Trusts) Depending on what the application is and how it works, I would consider a 1 way trust, so that your external server trusts your DC, but not the otherway round. I would also make this trust non transitive

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You still have to route this over a VPN, most ISPs block netbios.

  4. #4

    Join Date
    Oct 2012
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Firefox: I do have control over the external server. So I will need to also install AD DS on the external server to make the trust work?

    Geoff: I will need to route it over VPN to setup above or you're saying I will still always need a VPN connection? The problem is the external server have applications that use Active Directory users from our internal servers. Once the VPN goes down the users can no longer be authenticated and that's where my problem arises from users.

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    I wouldn't expose AD services like SMB/LDAP/Kerberos to the general Internet if could help it. Tunneling over a VPN is the right approach. Maybe look at why your VPN dies and fix that instead?

  6. #6

    Join Date
    Oct 2012
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks Geoff

    The VPN dies because too many users (developers) have access to the server. When there are too many active sessions on the server someone kicks off the account that has VPN logged in. I've asked many times not to kick off the VPN account but it still happens.

    Any way I can restrict something like that?

  7. #7
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    So developers have direct access to a live server is your issue?

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You mean RDP sessions?

SHARE:
+ Post New Thread

Similar Threads

  1. Computer to Pupil ratios - fact or fiction?
    By heybatesy in forum General Chat
    Replies: 38
    Last Post: 1st May 2009, 03:09 PM
  2. Unable to access the demo?
    By speckytecky in forum EduGeek Joomla 1.5 Package
    Replies: 1
    Last Post: 24th November 2008, 08:11 AM
  3. Replies: 0
    Last Post: 13th November 2008, 04:49 PM
  4. Replies: 2
    Last Post: 7th October 2008, 06:44 AM
  5. Replies: 4
    Last Post: 12th July 2007, 08:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •