Moving secondary domain controller to the DMZ .

shihas shamsudheen 26 Reputation points
2021-04-06T06:13:36.103+00:00

Dear Team,

I have one primary domain controller and one secondary domain controller. My manager wants my secondary domain controller to place in DMZ . What will be the difficulties i will face when i move the secondary domain controller to the dmz. Because we want our VPN Users to communicate that secondary domain controller only.

Thank you
Best Regards

Shihas Shamsudheen

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2021-04-06T12:58:23.61+00:00
    0 comments No comments

  2. Anonymous
    2021-04-07T07:43:52.03+00:00

    Hi,

    Welcome to share here!

    If you want to Extended corporate forest into the perimeter network, it is suggested to put the RODC in the DMZ because of the security and manageability benefits .
    However, if your current integrated application writes information to the directory, you might be blocked from using the new RODC role in the perimeter network. RODCs might also have application compatibility issues that require more planning and changes to your perimeter.

    Planning Deployment of AD DS in the Perimeter Network
    More details about Deploying RODCs in the Perimeter Network

    If you decide to use a RODC in the DMZ, a new server is needed. (Or demote the second one and promote it to a RODC in DMZ)

    Hope the information will be helpful.
    Welcome to share here if you have any updates.

    Best Regards,


  3. Anonymous
    2021-04-12T02:27:23.393+00:00

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.