Re: AD in DMZ
- From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 10 Jul 2003 10:38:36 -0700
At 10:01 AM 7/10/2003, you wrote:
http://www.ISAserver.org
Can anyone think of any reason to have a public DMZ domain placed in the
same forest as your internal AD domain?
Not any *secure* reason. You cannot prevent a domain admin in one domain
from being a domain admin in another domain in the same forest. I know of
people who do this for some freaky organization reason, but it is a grave
mistake security-wise.
t
Other related posts: