Have the exact same situation here.
We currently have a separate NT domain (for a security boundary) for our INET machines. These machines exist on a DMZ...and run public internet sites that connect to a SQL backend inside our network. An ISA server provides the firewall and proxy services.
Im currently having a fight with the operations staff on design. They want to do the Empty Root/two subdomain model (because they read a lot of useless MOC Courseware books).
I can personally see very little benefit to consolidating these two separate domains into one forest. They see no logic in having a separate forest/separate domain for the Internet systems.
Nothing short of a case study will sway them I believe....any decent documents comparing the two? Or frankly..any documents that recommend a separate forest for your internet systems as a security boundary?
-----Original Message-----
I have a question... (Assuming that the Servers in the DMZ are already away from the in-house domain)
If before the upgrade none of the servers needed AD or access to your in-house domain, why would you want them to have it after the upgrade?
J Just thinking semi-logically...
Thanks,
Raymond McClinnis Network Administrator Provident Credit Union
-----Original Message-----
It would help if you determined what was going to be public access (via DMZ or otherwise) and determine the needs of the applications there.
The other option we've been talking about is AD Application Mode (ADAM) from Microsoft.
--------------------------------------------------------------
|
Title: Message
- Re: [ActiveDir] what to do with DMZ servers David Adner
- RE: [ActiveDir] what to do with DMZ servers Joe
- Re: [ActiveDir] what to do with DMZ servers Glenn Corbett
- RE: [ActiveDir] what to do with DMZ servers Jochen Andries
- RE: [ActiveDir] what to do with DMZ servers Craig Cerino
- RE: [ActiveDir] what to do with DMZ servers Roger Seielstad
- Re: [ActiveDir] what to do with DMZ servers jim . katoe
- RE: [ActiveDir] what to do with DMZ servers Raymond McClinnis
- RE: [ActiveDir] what to do with DMZ servers Rogers, Brian
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan
- RE: [ActiveDir] what to do with DMZ servers Rogers, Brian
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan
- RE: [ActiveDir] what to do with DMZ servers Roger Seielstad
- RE: [ActiveDir] what to do with DMZ servers Roger Seielstad
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan
- RE: [ActiveDir] what to do with DMZ servers Roger Seielstad
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan
- RE: [ActiveDir] what to do with DMZ servers Rogers, Brian
- RE: [ActiveDir] what to do with DMZ servers Rogers, Brian
- RE: [ActiveDir] what to do with DMZ servers Rick Kingslan