|
Posted by jremmc on August 11, 2006, 12:43 pm
Please log in for more thread options
Small company. W2K3 SP1. Empty root with 2 DCs and one child domain with 2
DCs. No DMZ. (public site hosted elsewhere). No customer access up to now,
but now find need for it.
Customers need to access a 3rd party application on a member server. That
app now uses own database for authentication. It can use LDAP queries to AD
for authentication (different app than posted about few days ago but same
mfgr), which is what app manager wants to do, as maintaining db is time
consuming. But if app switches to AD for authentication it must use AD for
all authentication (i.e. can't use AD to validate employees and also use own
db for customers.)
I of course do not want to add any non-employees to AD. But...
Any suggestions on ways to set up customers in AD appreciated. (i.e.
separate OU, separate domain, ???, deny read rights to all containers except
?)
Thanks,
jremmc
|
|
Posted by Bruce Sanderson on August 13, 2006, 11:54 pm
Please log in for more thread options
You might find Active Directory Application Mode useful.
http://www.microsoft.com/windowsserver2003/adam/default.mspx
--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders
It is perfectly useless to know the right answer to the wrong question.
show/hide quoted text
> Small company. W2K3 SP1. Empty root with 2 DCs and one child domain with 2
> DCs. No DMZ. (public site hosted elsewhere). No customer access up to now,
> but now find need for it.
> Customers need to access a 3rd party application on a member server. That
> app now uses own database for authentication. It can use LDAP queries to
> AD for authentication (different app than posted about few days ago but
> same mfgr), which is what app manager wants to do, as maintaining db is
> time consuming. But if app switches to AD for authentication it must use
> AD for all authentication (i.e. can't use AD to validate employees and
> also use own db for customers.)
> I of course do not want to add any non-employees to AD. But...
> Any suggestions on ways to set up customers in AD appreciated. (i.e.
> separate OU, separate domain, ???, deny read rights to all containers
> except ?)
> Thanks,
> jremmc
>
|
|
Posted by Roger Abell [MVP] on August 14, 2006, 1:25 am
Please log in for more thread options As I read you post, they are telling you to place your AD infrastructure
into an unneeded exposure to risk (of data privacy at least) all for the
sake of convenience in maintaining accounts for externals.
If that is true, tell them they are crazy, or at least very short sighted.
Suggest ADAM, or an ADFS implementation if these corporate externals.
show/hide quoted text
> Small company. W2K3 SP1. Empty root with 2 DCs and one child domain with 2
> DCs. No DMZ. (public site hosted elsewhere). No customer access up to now,
> but now find need for it.
> Customers need to access a 3rd party application on a member server. That
> app now uses own database for authentication. It can use LDAP queries to
> AD for authentication (different app than posted about few days ago but
> same mfgr), which is what app manager wants to do, as maintaining db is
> time consuming. But if app switches to AD for authentication it must use
> AD for all authentication (i.e. can't use AD to validate employees and
> also use own db for customers.)
> I of course do not want to add any non-employees to AD. But...
> Any suggestions on ways to set up customers in AD appreciated. (i.e.
> separate OU, separate domain, ???, deny read rights to all containers
> except ?)
> Thanks,
> jremmc
>
|
| Similar Threads | Posted | | Re: Password management policy when an admin left the company ? | June 8, 2009, 10:00 am |
| Password management policy when an admin left the company ? | June 8, 2009, 9:54 am |
| Re: Password management policy when an admin left the company ? | June 9, 2009, 7:23 am |
| advice on configuring a small network | March 2, 2006, 5:38 pm |
| Priority: Users Home Laptops Brought In To Work (keeping them off company network) | December 26, 2006, 12:13 pm |
| What are the recommended Antivirus products for Windows Small Busi | October 28, 2006, 4:23 am |
| Security Policy Small Business Server 2008 | November 3, 2008, 1:20 pm |
| Kaspersky Small Office Security: anti-virus + Firewall | July 3, 2009, 4:01 am |
| Windows Small Business Server 2003 Premium and Remote Desktop | June 8, 2006, 6:09 pm |
| There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away. | April 12, 2007, 6:03 pm |
|
XML Sitemap
> DCs. No DMZ. (public site hosted elsewhere). No customer access up to now,
> but now find need for it.
> Customers need to access a 3rd party application on a member server. That
> app now uses own database for authentication. It can use LDAP queries to
> AD for authentication (different app than posted about few days ago but
> same mfgr), which is what app manager wants to do, as maintaining db is
> time consuming. But if app switches to AD for authentication it must use
> AD for all authentication (i.e. can't use AD to validate employees and
> also use own db for customers.)
> I of course do not want to add any non-employees to AD. But...
> Any suggestions on ways to set up customers in AD appreciated. (i.e.
> separate OU, separate domain, ???, deny read rights to all containers
> except ?)
> Thanks,
> jremmc
>