I don't think it's a bad way to do it. But there might be another/easier way to 
skin this cat. Bring the web app inside the DMZ, use your existing AD and 
publish it via an ISA server or something similar that is in the DMZ.....

I am not against the separate AD in the DMZ, provided you do it the way others 
have said....I am just looking for 'easier'. But easier may not meet the 
requirements...for example there is a reason you don't want the contractors in 
your AD.




From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 15, 2008 10:59 AM
To: NT System Admin Issues
Subject: AD in the DMZ, good idea?

I'm thinking not, but one of our developers is wanting to setup a separate 
domain in the DMZ, so that we can create AD accounts for contractors that need 
to login to web apps.  My brain, gut and every fiber of my being is saying that 
this is definitely NOT the way to do this.  I am right here, aren't I?

Joe Heaton
AISA
Employment Training Panel
1100 J Street, 4th Floor
Sacramento, CA  95814
(916) 327-5276
[EMAIL PROTECTED]





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to