RE: [ActiveDir] what to do with DMZ servers

[Craig Cerino]

We are the same way – any devices we have in our DMZ our stand alone   -----Original Message----- From: Jochen Andries [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 9:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers   Hello,   Our servers in the DMZ-zone are NOT hooked up to the AD.  For security-reasons.   Greetings, Jochen   From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: donderdag 10 juli 2003 14:59 To: ActiveDir ([EMAIL PROTECTED])   Please help:   My company is currently migrating from an NT domain structure to AD...  I have some questions regarding how some of you went about hooking in your DMZ web servers to AD securely...  What DID YOU DO?!!!!!!  What are the recommended best practices?   The options we have discussed so far are: Option1:  Join DMZ servers to AD domain, open a half dozen ports on each server (Kerberos, LDAP, NetBios, etc) and lose the purpose of having a DMZ altogether. Option2:  Create a separate forest for the DMZ servers and create a one-way trust between our two forests.  Option3:  Stand alone DMZ servers not joined to any domain. All other options: ??????????????????????????????   Your suggestions are greatly appreciated!   Is there even a need to hook DMZ into AD?  I've heard MS talk about needing AD for apps like Sharepoint Portal...     Joe Pelle Systems Analyst Information Technology Valassis / Targeted Print & Media Solutions 35955 Schoolcraft Rd.   Livonia, MI  48150 Tel 734.632.3753      Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/   This message may have included proprietary or protected information.  This message and the information contained herein are not to be further communicated without my express written consent.