I have a Win2k server on our secure network as a PDC and another Win2k server that is a web/mail server in a DMZ on the other side of a firewall. What rules do I have to specify on my firewall to allow the Win2k server in the DMZ to participate in the secure domain? I don’t want to have to enroll our users in two different systems in order to allow these users to log into secure sites on our web server. I would like to be able to enroll a user only in our PDC on our secure network, and have permissions on the web server be granted to users from that PDC.
Should I make the web server a BDC? or just make it a member of the same domain? What firewall rules would be required to enable any of these options?