Share via

A. diretory server.

Adriano Detulio 1 Reputation point
2024-01-15T04:39:37.76+00:00

Night every one. I already added the server ip on godaddy dns.
After that what else should i imput on go daddy dns to make Active diretory work on internet. So users do not need vpn to loguin. Also machines can be enrolled on domain without vpn . I know that i should imput the srv and protocols .... but i m not finding any doc with the list of protocols and ports . I have a local domain. With a pfsense.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 36,531 Reputation points Moderator
    2024-01-16T07:50:29.59+00:00

    Hi @Adriano Detulio

    If you shoose host the DNS zone of your domain in another DNS technologie like GoDaddy in your case , you have to allow domain controllers to register their own SRV and A DNS records. I think your design is complicated to be impleted and not recommended for the following reasons: Create and manage manually SRV and A records for domain controller is complicated, because there is SRV records depends on the domain controller site and when you move a domain controller to another site this kind of records must be updated automatically, below a idea about the list of SRV records generated automatically by a domain controllers: LdapIpAddress A
    Ldap SRV _ldap._tcp.
    LdapAtSite SRV _ldap._tcp.._sites.
    Pdc SRV _ldap._tcp.pdc._msdcs.
    Gc SRV _ldap._tcp.gc._msdcs.
    GcAtSite SRV _ldap._tcp.._sites.gc._msdcs.
    DcByGuid SRV _ldap._tcp..domains._msdcs.
    GcIpAddress A gc._msdcs.
    DsaCname CNAME ._msdcs.
    Kdc SRV _kerberos._tcp.dc._msdcs.
    KdcAtSite SRV _kerberos._tcp.._sites.dc._msdcs.
    Dc SRV _ldap._tcp.dc._msdcs.
    DcAtSite SRV _ldap._tcp.._sites.dc._msdcs.
    Rfc1510Kdc SRV _kerberos._tcp.
    Rfc1510KdcAtSite SRV _kerberos._tcp.._sites.
    GenericGc SRV _gc._tcp.
    GenericGcAtSite SRV _gc._tcp.._sites.
    Rfc1510UdpKdc SRV _kerberos._udp.
    Rfc1510Kpwd SRV _kpasswd._tcp.
    Rfc1510UdpKpwd SRV _kpasswd._udp.

    I think also , exposing a domain controller to internet is not a secure design. It's recommended to Install the domain internally and let the clients contact domain through VPN ( a secure connexion).

    Please don't forget to accept helpful answer

    Was this answer helpful?

    0 comments
  2. Azar 31,720 Reputation points MVP Volunteer Moderator
    2024-01-15T04:52:47.2466667+00:00

    Hey Adriano Detulio

    First, you've got the DNS records on GoDaddy covered that's awesome also make sure you've added the necessary A records. Now, on your pfsense firewall, set up port forwarding for TCP/UDP 53, 88, 389, 445, and 636 to your Active Directory server. For added security, consider getting an SSL certificate and configuring LDAPS.

    If you want seamless internet logins, look into Active Directory Federation Services (ADFS) for Single Sign-On. While avoiding a VPN is the goal,

    If this helps kindly accept the answer thanks.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.