Domain Join Dmz Server

However this solution also has several ifs and buts and may not server purpose of domain joining.

Domain join dmz server. The internal ad domain was by definition extended into the dmz. Place the read only domain controller in the dmz. The way this works is your isa server goes in your dmz and the web server goes on your lan with your database server.

Join the windows server while it is outside your dmz so it has full access to a writeable domain controller. Prepare a computer object on a writeable domain controller and join the domain through an rodc. You basically have 2 options.

I can t join the new server to the domain which is configured with a static 192 168 x x dmz address and i have manually created a dns host record on the dc which has replicated across all dcs and rebooted the server twice. Block inbound requests from the dmz to the private network should already be done. I think we should be very careful regarding domain in dmz as otherwise the use of dmz might be completely ineffective.

Harden the operating system to only allow authentication traffic access from other servers in the dmz and ad replication traffic from it s ad replication partners in the private network. The second option is the one we are discussing here. With windows 2008 r2 directory there is a possibility of extending domain in dmz by placing rodc.

Well in any scenario where you have something in the dmz that requires domain authentication this issue becomes convoluted. Not because there was an rodc placed there but because domain member servers were being extended into it. I also can t ping the dcs on the 172 x addresses from the new server on the 192 x address.

I cannot join domain the web server dmz to dc server please help me. Web server dmz s ip address is 172 16 0 2 and gateway is 172 16 0 1 isa dmz nic and dns point to internal which 10 0 0 2 dc server is my domain controller and also dns which ip address is 10 0 0 2 my problem. The difficult part is joining windows servers to the domain.