Server security

Peter_1985 1,831 Reputation points
2021-04-21T08:30:20.98+00:00

Hi,
Would it have many other problem (in security), if Windows server having active directory, is directly linked to outside internet? How to make it better on the server?

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,766 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,224 questions
{count} votes

Accepted answer
  1. Daisy Zhou 12,921 Reputation points Microsoft Employee
    2021-04-22T02:43:38.2+00:00

    Hello @Peter_1985 ,

    Thank you for posting here.

    Based on my understanding, AD domain is a security boundary. We suggest not to expose AD to the Internet, which may cause many security problems.

    Here is a similar case we can refer to.

    Should I expose my Active Directory to the public Internet for remote users?
    https://serverfault.com/questions/573681/should-i-expose-my-active-directory-to-the-public-internet-for-remote-users/573721

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


16 additional answers

Sort by: Most helpful
  1. Dave Patrick 330.5K Reputation points Microsoft MVP
    2021-04-21T12:37:45.523+00:00

    having active directory, is directly linked to outside internet?

    What exactly is meant here? Active directory generally would not function across internet.

    --please don't forget to Accept as answer if the reply is helpful--

    No comments

  2. Peter_1985 1,831 Reputation points
    2021-04-21T14:08:26.797+00:00

    No, I mean dedicated windows server having IP open to outside internet. Would it be easy to be attacked if Active directory is running within the server?

    No comments

  3. Dave Patrick 330.5K Reputation points Microsoft MVP
    2021-04-21T14:20:34.7+00:00

    dedicated windows server having IP open to outside internet. Would it be easy to be attacked

    Much easier, yes.

    Active directory would not function across the internet. Multi-homing a domain controller will always cause no end to grief for active directory DNS

    --please don't forget to Accept as answer if the reply is helpful--

    No comments

  4. Dave Patrick 330.5K Reputation points Microsoft MVP
    2021-04-22T02:48:50.983+00:00

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--

    No comments