An organization has a network architecture similar to that d

An organization has a network architecture similar to that discussed in class, with a DMZ and an internal network. Should the organization\'s Active Directory server go in the DMZ or the internal network. Explain your answer in about a paragraph. (If you\'re not familiar with Active Directory, do some research!)

Solution

Domain controllers are some of the most extremely appreciated resources within the organization. These are the servers that manage the access to the resources on a Windows network, including the Active Directory database. If an attacker is capable to compromise a domain controller, then the attacker basically haves the entire Windows infrastructure. Therefore, given a huge significance of keeping it secured. It is not suggested to place a domain controller within a DMZ.

The most common solution is to build the DMZ servers as standalone servers. If Active Directory authentication is required to let the internal user fortunate access to those servers. Use LDAP authentication back to the domain controller on the interior network. If a domain controller inside the DMZ to facilitate specific services is required, then creating a different Active Directory forest inside the DMZ and then using a one-way trust mechanism that allow systems in the DMZ to trust user accounts within the internal forest is suggested.