views:

29

answers:

1

I want to acess my active directory directly through my firewall so that i can make changes into the user and group users directly from the firewall.Is there any command or method to enable this process?

A: 

Warning: There are security implications to exposing Active Directory outside your firewall. Proceed with caution.

The most secure way to do this is to enable remote desktop on a machine joined to the domain that sits inside the firewall and then connect to that machine thru the firewall with VPN.

Another less secure method is to expose your domain controller(s) through secure LDAP (AKA LDAP over SSL). You would open holes in the firewall to the domain controller(s) port 636. Each exposed domain controller would need a PKI certificate so that it could talk over SSL. And you would need an ldap browser. I suggest Softerra Ldap Administrator. See http://ldapadministrator.com/ (I do not think Microsoft's Active Directory Computers and Users MMC snap-in can be configured to access the domain over LDAPS)

[Note: I would not recommend this second method as it would expose your domain to direct internet attacks such as brute force password cracking]

Mark Arnott