General discussion


Copy local groups to non-trusted domain?

By mark_morris1 ·
Here is my problem:

Very secure NT domain has 15k plus users. Web developer needs to authenticate incoming internet users against this domain. Of course, the Web server is on the DMZ and can't have direct access to the secure domain. We can't afford the even the remotest possibility of admin usernames getting hacked on the web server and don't want the incoming internet users to actually log in to the domain.

How can I get the "non-admin" groups copied from the secure domain to the unsecure domain routinely and consistently?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Copy local groups to non-trusted domain?

by savatovic In reply to Copy local groups to non- ...

The answer is VPN.
I myself work for a large multinational company. Only Web servers that are placed on the DMZ are those for public use.
Our Intranet servers are placed on the inside LAN. Inside LANs of all branch offices are connected by VPN. Hence, employees can browse all Intranet servers when they are at work. Some selected users have access to the Intranet from Internet. To gain access to the Intranet they must be authenticated at selected few servers. We use SecuRemote from Checkpoint Software.

However, if you still insist on copying non-admin groups, NT is not a good solution. You may get better results with Windows 2000. You should study Active Directory Migration Tool (ADMT) and Clone Principal utility which can help you transfer SID history from one domain to another.

Related Discussions

Related Forums