Re: re: Microsoft Active Directory security concerns

[adam.dawson () glowrm com]

Dave

Exposing your AD to external attack is certainly not a good idea as you intimate.  Is it really necessary for the 
external user base to be managed within your internal AD or are your developers just keen to use AD as they can 
integrate with it simply?  If so, I would conosider suggesting that they use a feature called Active Directory 
Application Mode (ADAM), this allow you to extend a customised AD service to external users without compromising the 
internal AD.

I believe that ADAM offers improved ways of synchronising with your main forest over LDAP or other directory services.  

Also as ADAM operates as a non-operating-system service, it doesn't require domain controllers, cutting down on the 
amount of infrastructure required.

Best wishes, Adam Dawson