No announcement yet.

adding a new domain not sure of option

  • Filter
  • Time
  • Show
Clear All
new posts

  • adding a new domain not sure of option

    my organization is about to implement sharepoint 2007. we are currently using server 2003 r3 sp2. We plan on having clients login to see status of thier "projects" by creating a seperate domain and "trusing" it back to the root domain using a 2way trust.

    My questiong is this.. what type of domain should i create? A new domain in the forest , a child domain in the existing domain or a domain tree'?

    My main issue is security and this server will be "outside the firewall". i plan on putting a certificate for login but i dont want a hacker to hack my AD and then get to my main environment.

    Any suggestions would be helpful ...
    Many thanks in advance...

    PS i told my developer to make a SQL based login but they feel AD is better..
    In my opinion, not for security and easly hacked with LDAP.
    maybe my paranoia

  • #2
    Re: adding a new domain not sure of option

    I don't recommend putting anything outside the firewall (domain controllers or servers with data).

    What exactly will be outside the firewall?

    You may be overcomplicating the solution with an unnecessary element (an additional domain which adds infrastructure, trusts, care and feeding, etc.)
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.


    • #3
      Re: adding a new domain not sure of option

      I agree with Jason. Install Sharepoint on an internal server in your current AD domain and make it accessible via HTTP through your firewall.


      • #4
        Re: adding a new domain not sure of option

        OWA and just about most things use LDAP to authenticate external users. Your only putting HTTPS visible to the outside world. I think your being too paranoid. Just need to make sure your users are using secure passwords and not ones that are easily guessed.
        Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.


        • #5
          Re: adding a new domain not sure of option

          I plan on using the Https and ldap to autheticate users. We are going to use the sharepoint web portal.

          we want to put clients in a seperate domain from the rest of the company for obvious reasons. My question is what type of AD should i create
          a. the new domain called CLIENTS
          b. Child domain
          c. the forest in the same domain.



          • #6
            Re: adding a new domain not sure of option

            You have two good options.

            Look into AD-FS with SharePoints SSO (huge task)


            Extend the SharePoint web application using a diffrent authentication provider. Then just open up HTTP/HTTPS ports.

            There's a lot more detail involved so start googling.