Results 1 to 4 of 4

Thread: Connecting AD LDS in DMZ to Internal AD DC

  1. #1
    Join Date
    Sep 2012
    Posts
    2

    Connecting AD LDS in DMZ to Internal AD DC

    I was wondering if anyone can shed a little light on an issue (not even sure if I could call it an issue) that I am having understanding AD LDS / AD DS / Authentication. I think it might be easier to say what I want to accomplish and then leave it open for comments.

    I have an Active Directory for my internal network. I have been asked by our web development group if they could have their web servers in the DMZ be 'protected' by our internal Active Directory Domain Services. They want to be able to have their external pages ask for credentials and allow the users to use their internal Active Directory usernames/passwords.

    We have tried putting a read only domain controller in the DMZ for authentication, but I was never able to get the server joined/promoted to our internal AD. From what our networking guys have told me, our DMZ is double 'NATed' which adds an extra level of complexity to domain services from the DMZ back into our internal network.

    I then started looking into putting an AD LDS server in our DMZ and using it as an authentication point for our web apps. I was under the impression that this had the ability to connect to our AD controllers on the inside and provide basic authentication to clients/services in the DMZ. Everything I have found about setting up the LDS server shows the basic setup of configuring a LDS instance and replicas and I have not had any problem setting that up. I just feel like I am missing the part where the LDS instance 'connects' to the internal AD domain. I don't feel like I have a full understanding of what exactly I am supposed to do with the LDS server!

    Thank you in advance for any assistance.

  2. #2
    Join Date
    Dec 2007
    Posts
    2,291

    Re: Connecting AD LDS in DMZ to Internal AD DC

    Well if you want ot provide authentication mechanism to AD-based user accounts with the help of DMZ-resident AD LDS instance, then I think that you will need to use the bind redirection to accomplish this. For same you can go to the below link for more information on how to get that thing working:
    http://blogs.technet.com/b/idaguys/a...in-ad-lds.aspx

  3. #3
    Join Date
    Sep 2012
    Posts
    2

    Re: Connecting AD LDS in DMZ to Internal AD DC

    You know, I saw this blog while doing my research and from what I understand, it will not work in our environment. Quoted from blog: "This option requires the server the AD LDS instance is hosted to join to the AD DS domain or needs a trust relationship with the AD DS domain in which users’ AD DS account resides." The issue we are having is that we can not join any servers from the DMZ into the AD Domain through the firewalls. If I were able to join a server that was in the DMZ to the internal AD DS domain, I wouldn't have any problems!
    Am I misinterpreting the setup of using the AD LDS as an ADAM proxy?

  4. #4
    Join Date
    Dec 2007
    Posts
    1,736

    Re: Connecting AD LDS in DMZ to Internal AD DC

    I think that it will be good ig you make a separate forest for the dmz domain instead extending the current AD to DMZ. Also, you can use the FIM 2010 as SSO solution.

    http://www.microsoft.com/download/en...ang=en&id=3957

    http://www.microsoft.com/download/en...ng=en&id=16797

Similar Threads

  1. Need to know about .mp3 Internal Tag Fixer
    By Merka in forum Windows Software
    Replies: 6
    Last Post: 19-06-2011, 10:13 PM
  2. Internal/External DNS
    By rileymartin in forum Windows Server Help
    Replies: 11
    Last Post: 22-03-2011, 09:29 PM
  3. Wi-Fi router for internal use
    By Degrader in forum Networking & Security
    Replies: 5
    Last Post: 19-01-2011, 08:05 PM
  4. Internal FTP server set up
    By Akaashath in forum Networking & Security
    Replies: 5
    Last Post: 19-03-2010, 05:33 AM
  5. help me WTB 1TB internal HDD
    By sgtswagatam in forum Hardware Peripherals
    Replies: 3
    Last Post: 05-12-2009, 08:04 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,642,373.37600 seconds with 17 queries