This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 93%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Dear Team,
I have one primary domain controller and one secondary domain controller. My manager wants my secondary domain controller to place in DMZ . What will be the difficulties i will face when i move the secondary domain controller to the dmz. Because we want our VPN Users to communicate that secondary domain controller only.
Thank you
Best Regards
Shihas Shamsudheen
Just check that the ports between networks are flowing.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
--please don't forget to Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Welcome to share here!
If you want to Extended corporate forest into the perimeter network, it is suggested to put the RODC in the DMZ because of the security and manageability benefits .
However, if your current integrated application writes information to the directory, you might be blocked from using the new RODC role in the perimeter network. RODCs might also have application compatibility issues that require more planning and changes to your perimeter.
Planning Deployment of AD DS in the Perimeter Network
More details about Deploying RODCs in the Perimeter Network
If you decide to use a RODC in the DMZ, a new server is needed. (Or demote the second one and promote it to a RODC in DMZ)
Hope the information will be helpful.
Welcome to share here if you have any updates.
Best Regards,
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Any progress or updates?
--please don't forget to Accept as answer if the reply is helpful--