Educause Security Discussion mailing list archives
Re: extending active directory to external (hosted) and 3rd parties
From: "Dr. Wole Akpose" <wole.akpose () MORGAN EDU>
Date: Wed, 16 Mar 2011 10:33:22 -0400
Have you considered read only domain controllers as part of your strategy? MS Forefront Identity Manager also offers a mature Federated Infrastructure. You can contact me offline if you need more info. W. Akpose On Mar 16, 2011 10:06 AM, "Witmer, Robert" <r.witmer () snhu edu> wrote:
Our university is considering external environments/3rd party connectivity
that leverages our internal Active Directory structure from internet. I think some organizations use a meta-directory tool. For example, in the MS world, employing Identity Lifecycle Management to create a replicated (cloned) A/D structure in the DMZ). Others allow connectivity directly to their internal A/D structure (this just sounds wrong), but I have no experience. Can anyone provide input on a "best practice" for this challenge? What are the security concerns beyond the obvious.
Thanks for your input, Bob Please consider the environment before printing this e-mail.
Current thread:
- extending active directory to external (hosted) and 3rd parties Witmer, Robert (Mar 16)
- Re: extending active directory to external (hosted) and 3rd parties Flynn, Gary - flynngn (Mar 16)
- Re: extending active directory to external (hosted) and 3rd parties Dexter Caldwell (Mar 16)
- Re: extending active directory to external (hosted) and 3rd parties Dr. Wole Akpose (Mar 16)
- Re: extending active directory to external (hosted) and 3rd parties Flynn, Gary - flynngn (Mar 16)