Ask the Expert

How to join two Active Directories but limit user access

I run a SharePoint server on a Windows 2003 server on Active Directory (AD1), which our internal staff connects to through our internal network. I now need to create a new domain where staffers outside the internal network can access the same SharePoint server through a new Active Directory (AD2). Here's the catch -- our internal staff also needs the ability to access our SharePoint server using the new Active Directory (AD2). How can we join the AD1 andAD2 directories, so our internal staff can access both, but outside staff can only access the new AD2?

Requires Free Membership to View

It is a best practice to keep internal and external Active Directory environments segregated. Use your internal AD to authenticate your internal users, and use your external AD to authenticate your external users, and assign permissions to groups in each forest as appropriate. The alternative, setting up a trust relationship between the two forests, will entail opening up far too many ports between your DMZ and your corporate network

This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: