Active Directory Across The Internet

[Guest]

we are wanting to implement active directory across the internet thus having several domain controllers in different locations making up a large active directory. the problem is each machine only has a public interface and if i disable client for microsoft networks on the nic's its like the dc stops being able to see itself. if i leave client for microsoft networks enabled i get hacked right away and have to spend countless hours cleaning ftp servers and other annoying programs off the server. can anyone help me with the theory behind this use of active direcrory or how i can do this and still be secure?

 

[SaltPeter]

we are wanting to implement active directory across the internet thus

having several domain >controllers in different locations making up a large
active directory. the problem is each >machine only has a public interface
and if i disable client for microsoft networks on the nic's >its like the dc
stops being able to see itself. if i leave client for microsoft networks
enabled i >get hacked right away and have to spend countless hours cleaning
ftp servers and other >annoying programs off the server. can anyone help me
with the theory behind this use of >active direcrory or how i can do this
and still be secure?

That's why VPNs + IPSec packet encryption were designed for. You can run a
domain with sites and provide an encrypted tunnel to link subdivisions
together through the public internet. I'ld suggest hiring a consultant to
set up the infrastructure, its certainly way too involved to explain in a
newsgroup. That would be money well spent and well worth the expense.

In the meantime, you can read all about it:
http://www.microsoft.com/windows2000/technologies/communications/vpn/default
..asp