|
Posted by Miha Pihler [MVP] on July 28, 2005, 10:15 am
Please log in for more thread options
Use IPSec as article describes.
Note: how secure do you want this to be? If I somehow manage to get into
your DC in DMZ I will always have full access to DC in LAN and from DC in
LAN I will have access to practically all resources in LAN.
If you want to have this as secure as possible, you should setup another
forest in DMZ and create one way trust with forest in LAN.
Let me know if you need more information on this.
--
Mike
Microsoft MVP - Windows Security
> Hi All,
>
>
>
> I have AD that have two DCs, one of the DCs should move to our DMZ and the
> second should stay on internal network.
>
>
>
> What is the best secure way to keep these DCs synchronizing? (Without
> opening all the dangerous ports mention on this article:
>
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
)
>
>
>
> Thanks In Advanced!
>
>
>
> Nir B
>
>
| 
XML Sitemap