D
Daniel
What is the purpose of setting AD to FQDN instead of it can be just set
as .local ? Thanks
Rgds
Daniel
as .local ? Thanks
Rgds
Daniel
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
P
Paul Bergson
The FQDN or Fully Qualified Domain Name is the joining of the domain and its
host name. When you speak of .local you are referring to the root of a
domain that isn't recognized by external dns. So the question you ask
doesn't correlate.
I assume what you wanted to know why use .local as compared to a .com (For
instance). If you use the .local nobody from the internet is going to get
into your network. You can create a dmz and have non-domain members with
definable dns names that can serve up pages to the web for business
purposes.
So the short answer is more secure and you won't have to worry about
duplicate names.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
host name. When you speak of .local you are referring to the root of a
domain that isn't recognized by external dns. So the question you ask
doesn't correlate.
I assume what you wanted to know why use .local as compared to a .com (For
instance). If you use the .local nobody from the internet is going to get
into your network. You can create a dmz and have non-domain members with
definable dns names that can serve up pages to the web for business
purposes.
So the short answer is more secure and you won't have to worry about
duplicate names.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
Paul, under what circumstances will user login remotely to AD ?
Regards
Daniel
Regards
Daniel
P
Paul Bergson
You need to provide more info to preface this. I don't follow what you are
asking.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
asking.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
Paul, do you mean ppl can login to my domain remotely ? But if i use
secure dynamic update will they still login ?
Rgds
Daniel
secure dynamic update will they still login ?
Rgds
Daniel
P
Paul Bergson
I'm sorry I don't know what you are asking? Dynamic Update is usually used
in reference to DNS when records changed they are automatically updated to
the new name and address.
I don't know what ppl is?
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
in reference to DNS when records changed they are automatically updated to
the new name and address.
I don't know what ppl is?
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
What i meant is if using .com in AD, user can login to my domain from
internet. But if i'm using AD secure dynamic update, user won;t be able
to login to my domain without my permission right ? Sorry ppl is
people. typo error.
Rgds
Daniel
internet. But if i'm using AD secure dynamic update, user won;t be able
to login to my domain without my permission right ? Sorry ppl is
people. typo error.
Rgds
Daniel
D
Dave Shaw [MVP]
The purpose of naming an Active Directory domain with a Top-Level Domain
(TLD) extension of ".local" or (as I do sometimes) ".prv" is to help ensure
that the internal name of the domain remains hidden from the Internet
itself. There are many different ways to name an Active Directory - this
being one of them.
When users outside the network require access to the internal domain, they
do so by passing their requests through a firewall, NAT, or proxy of some
kind. This is usually accomplished by creating a "public DNS" presence that
the users can access from the outside - and after proper authentication -
are redirected to resources within the network as necessary. When properly
designed and installed, users from the outside never "see" the identifying
information of the internal domain.
-ds
(TLD) extension of ".local" or (as I do sometimes) ".prv" is to help ensure
that the internal name of the domain remains hidden from the Internet
itself. There are many different ways to name an Active Directory - this
being one of them.
When users outside the network require access to the internal domain, they
do so by passing their requests through a firewall, NAT, or proxy of some
kind. This is usually accomplished by creating a "public DNS" presence that
the users can access from the outside - and after proper authentication -
are redirected to resources within the network as necessary. When properly
designed and installed, users from the outside never "see" the identifying
information of the internal domain.
-ds
D
Daniel
How does the external user connected to the internal domain ? is it
same as vpn or just directly join the domain ? When you say bypassing
firewall what port should i open, any help if i set secure dynamic
update does it prevent them to join the domain unless they get
permission ?
Rgds
daniel
same as vpn or just directly join the domain ? When you say bypassing
firewall what port should i open, any help if i set secure dynamic
update does it prevent them to join the domain unless they get
permission ?
Rgds
daniel
P
Paul Bergson
Forget the secure dynamic update it has nothing to do with authentication.
You want to use it but as far as login authentication they are two seperate
issues. See previous note to you on this.
If you want users to gain access to your internal AD then you should setup a
vpn in your dmz, the vpn will have connections to the internal domain and
users who want access to your domain would then generate a vpn session over
the internet.
ISA
http://www.microsoft.com/isaserver/default.mspx
ISA and vpn config
http://support.microsoft.com/kb/837355/en-us
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
You want to use it but as far as login authentication they are two seperate
issues. See previous note to you on this.
If you want users to gain access to your internal AD then you should setup a
vpn in your dmz, the vpn will have connections to the internal domain and
users who want access to your domain would then generate a vpn session over
the internet.
ISA
http://www.microsoft.com/isaserver/default.mspx
ISA and vpn config
http://support.microsoft.com/kb/837355/en-us
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
I thought vpn has nothing to do with domain authentication ? Even in
workgroup i also can have vpn server setup right ?
Rgds
Daniel
workgroup i also can have vpn server setup right ?
Rgds
Daniel
P
Paul Bergson
It has nothing to do with domain authentication. If you want external
access to your internal lan bridge them with vpn.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
access to your internal lan bridge them with vpn.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
Is this consider joining to the domain ? are they authenticated ?
Daniel
Daniel
P
Paul Bergson
No and Yes
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
D
Daniel
Dave, anywhere i can learn how to let user from outside access the
internal domain ? any example ? Thanks
Regards
Daniel
internal domain ? any example ? Thanks
Regards
Daniel
D
Daniel
Dave, what are the differences if connect using VPN to login to
internal network and using domain authentication to login into domain
?
Rgds
daniel
internal network and using domain authentication to login into domain
?
Rgds
daniel