Join Log in
Score:0
mech avatar Server

Windows Server external but in Domain?

tr flag
mech

i'm trying to figure out what would be the best aproach to get an external server into my local domain.

the external server is directly connected to the internet, no hardware-firewall the internal server is behind a hardware-filewall (and of course there is nat)

i'm aware of thats it not a supported scenario by microsoft, but t should be possible, question is what would be the best

currently i could think of 3 maybe possible methods:

  1. manually set windows firewall on external server so that ad-communication is only possible to public ipof internal server, manually set dns for domain via hosts-file
  2. create a dial-in vpn-connection from the external server to the internal firewall and start it via task sheduler on system startup (and maybe disconnect/connect everey 2 hours or sojustto be safe itgets reconnected on some issues)
  3. setup RAS on the external server and let the internal firewall connect to the external server (if possible, don't know but should?)
  4. maybe an additional software on the server that is capable of automaticly connecting a vpn to the internal firewall even without user-login

any other ideas or what do you think is the most reliable and secure aproach?

42
0 + 0
vpn
djdomi avatar
za flag
djdomi
VPN connect and set the DNS manual to the PDC and then join normally, I do this for preparing laptops and computers for our customers every day.
0
Reply
mech avatar
tr flag
mech
thanks for your comment, and would you use windows built in vpn-connection or a dedicated software that creates a virtual network adaptor?
0
Reply
djdomi avatar
za flag
djdomi
it depends on the usage. openvpn and wireguard are easy to use. ppp isnt a real vpn
0
Reply
Semicolon avatar
jo flag
Semicolon
Why would you want your domain to be exposed to a machine that is directly connected to the internet? Why would you want a machine that is directly connected to the internet to maintain a direct link to your internal network? Whatever it is you're trying to do - you need to do a different way.
0
Reply
Score:0
bjoster avatar Server
cn flag
bjoster

VPN connect (just dial in), set the DNS correctly, join the domain. This is a supported scenario in general.

I'd additionally recommend using split tunnel and setting up a task that periodically checks if the VPN is still there (and reconnects if needed). Make sure your external machine is able to resolve your VPN endpoint.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.