Server security

Peter_1985 2,486

Hi,
Would it have many other problem (in security), if Windows server having active directory, is directly linked to outside internet? How to make it better on the server?

Daisy Zhou 18,701 Reputation points Microsoft Vendor

2021-04-28T06:09:47.04+00:00

Hello @Peter_1985 ,
How are things going about the question in the original post? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Accepted answer

Daisy Zhou 18,701 Reputation points Microsoft Vendor

2021-04-22T02:43:38.2+00:00

Hello @Peter_1985 ,

Thank you for posting here.

Based on my understanding, AD domain is a security boundary. We suggest not to expose AD to the Internet, which may cause many security problems.

Here is a similar case we can refer to.

Should I expose my Active Directory to the public Internet for remote users?
https://serverfault.com/questions/573681/should-i-expose-my-active-directory-to-the-public-internet-for-remote-users/573721

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Please sign in to rate this answer.
Peter_1985 2,486 Reputation points

2021-04-22T03:09:40.1+00:00

Hi Daisy,
If server running AD is not suggested to be open to outside directly, what should be the configuration?
Sign in to comment

16 additional answers

Daisy Zhou 18,701 Reputation points Microsoft Vendor

2021-04-22T03:18:00.56+00:00

Hello @Peter_1985 ,

Thank you for your update.

what should be the configuration?
Do you mean how to set up AD? If so, you can refer to links below.

Install Active Directory Domain Services (Level 100)
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-

Active Directory Domain Services Overview
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Please sign in to rate this answer.
Peter_1985 2,486 Reputation points

2021-04-22T03:51:33.343+00:00

Hi,
If Windows server having AD inside, is not suggested to be directly open to outside, what should be the server configuration, to ensure server security?
Sign in to comment
Daisy Zhou 18,701 Reputation points Microsoft Vendor

2021-04-22T05:23:59.06+00:00

Hello @Peter_1985 ,

Thank you for your update.

Usually, we can deploy an AD forest, while ensuring network security, ensure that the password of the management account meets a certain level of complexity.

The following article explains other instructions of securing active directory domain controllers for your reference.

Reference:
Best Practices for Securing Active Directory
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Please sign in to rate this answer.
Peter_1985 2,486 Reputation points

2021-04-22T05:54:54.477+00:00

HI,
Is it enough to have complex password? Server having AD setup can still be open to outside directly, if the server is equipped with proper enabled Firewall rules and strong password.
Sign in to comment
Daisy Zhou 18,701 Reputation points Microsoft Vendor

2021-04-22T06:00:42.29+00:00

Hello @Peter_1985 ,

Thank you for your update.

As I mentioned above, we do not suggest you do that.

Even if AD is not connected to the Internet, no one can guarantee that AD will always be absolutely secure.

If you must do this, then you should always monitor for possible security issues.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Peter_1985 2,486 Reputation points

2021-04-22T06:39:46.44+00:00

Hi,
How to adjust network configuration to ensure it's safe, having AD inside?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment