Announcement

Collapse
No announcement yet.

ideal place to put AD DS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ideal place to put AD DS

    Hi, what is the ideal place to put the Active directory;at web Tier or at App tier or at Db tier?

  • #2
    Re: ideal place to put AD DS

    Not in any of them
    The 3-tier architecture you refer to is for applications.
    AD is infrastructure and is separate.

    The only issue will be if your web servers are in a DMZ, then you should not have DCs co-located with them, but should use AD LDS for authentication
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: ideal place to put AD DS

      Many thanks for the reply,
      Yes, the Webserver would be in DMZ, so shall we use RODC at DMZ and put Main DC along with the application servers?

      Comment


      • #4
        Re: ideal place to put AD DS

        You will need to discuss this with your application architects, but ask yourself -- do external web users need AD accounts or can they authenticate against some other service?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X