I run a SharePoint server on a Windows 2003 server on Active Directory (AD1), which our internal staff connects to through our internal network. I now need to create a new domain where staffers outside the internal network can access the same SharePoint server through a new Active Directory (AD2). Here's the catch -- our internal staff also needs the ability to access our SharePoint server using the new Active Directory (AD2). How can we join the AD1 andAD2 directories, so our internal staff can access both, but outside staff can only access the new AD2?
It is a best practice to keep internal and external Active Directory environments segregated. Use your internal AD to authenticate your internal users, and use your external AD to authenticate your external users, and assign permissions to groups in each forest as appropriate. The alternative, setting up a trust relationship between the two forests, will entail opening up far too many ports between your DMZ and your corporate network
Dig Deeper on Microsoft Hyper-V management
Active Directory expert Laura E. Hunter explains to a reader what must be done to change the default display specifiers for new users in Active ...
Active Directory expert Laura E. Hunter tells a reader what to keep in mind when deleting subnets associated with sites being removed in an ...
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.