I'm curious what y'all do with those situations where you have to manage credentials for 'outsiders' - in other words, users from some business partner, vendor, etc. who must have access to some resource in your company. For example, say you have some intranet web app that you make available on the Internet via ISA Server/reverse proxy. This works for employees, but soon some 'outsiders' (contractors, outsourced service providers) need to use it.
Do you put them someplace in your existing AD so they can use the same proxy ? Do you set up an alternate way for them to get to the resource ? What steps do you take to ensure that those credentials are restricted to the resource you intend ? I'm a tad uncomfortable with people outside the organization running around with valid credentials to the internal NOS directory, but maybe that's just me. I realize it's a business decision, and that there's hopefully some level of trust in these individuals since they've been contracted to perform some service, but the more I can control it the better. Rants, flames, war stories are welcome (I can take it:). Even more welcome is some discussion of how you deal with external users in general, and specific steps you take to protect your AD from misuse by them. Dave List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
