AD site requirements when using a DMZ

AD site requirements when using a DMZ

Q. If I place a special DC in a DMZ, should I create a separate AD site for the DMZ?

A. Many organizations deploy a separate DC in the DMZ which may also be a RODC to limit potential exposure for the organization. The next question becomes should the DMZ be a separate AD site. The answer is yes. The reasons sites are created include controlling replication and directing AD clients in that location to specific DCs. In a DMZ there are services that you want to use the DMZ DC and so placing the DC and those services in their own site will help direct them to the right DC.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish