RE: [ActiveDir] Extranet's

Sun, 24 Oct 2004 21:39:13 -0700

Title: [ActiveDir] Trusting Domain SIDs
yep, done it several times this way - at least for the users. Depending on how your machines need to talk to the internal servers, you might not even need to setup a trust. But if you don't get around it, you could still limit it's reach using selective authentication.
 
/Guido

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, October 25, 2004 2:57 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Extranet's

We are looking at redesigning our extranet and are considering a separate forest for the extranet users and eventually most of the resources needed for the extranet will be put into that forest. My thinking is that since a domain isn't a true security boundary and it really won't cost us more to bring up a forest vs. domain why not go with a separate forest. The users in the extranet forest won't necessarily need access to the internal systems but some of the machines will need to talk to internal servers so I assume at some point we will need a trust relationship.  My question is simply what am I missing and has anyone done similar setups?
 

Holland + Knight
 
Travis Abrams MCSE, GCIH
Systems Engineer
Holland & Knight LLP
 
NOTICE:  This e-mail is from a law firm, Holland & Knight LLP ("H&K"), and is intended solely for the use of the individual(s) to whom it is addressed.  If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.  If you are not an existing client of H&K, do not construe anything in this e-mail to make you a client unless it contains a specific statement to that effect and do not disclose anything to H&K in reply that you expect it to hold in confidence.  If you properly received this e-mail as a client, co-counsel or retained expert of H&K, you should maintain its contents in confidence in order to preserve the attorney-client or work product privilege that may be available to protect confidentiality.

 

Reply via email to