extending active directory to external (hosted) and 3rd parties

["Witmer, Robert" <r.witmer () SNHU EDU>]

Our university is considering external environments/3rd party connectivity that leverages our internal Active Directory 
structure from internet.   I think some organizations use a meta-directory tool.  For example, in the MS world, 
employing Identity Lifecycle Management to create a replicated (cloned) A/D structure in the DMZ).  Others allow 
connectivity directly to their internal A/D structure (this just sounds wrong), but I have no experience.  Can anyone 
provide input on a "best practice" for this challenge?  What are the security concerns beyond the obvious.
Thanks for your input,
Bob



Please consider the environment before printing this e-mail.