Score:-1

Is it ok for a webserver to be a member of a domain?

cl flag

For security reasons, I'm moving my webserver to its own VLAN.

Is it safe to keep it as a domain member (with all the right firewall rules) or should it be a standalone server?

Lex Li avatar
vn flag
Usually, you might set up RODC or keep it a standalone server, https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/planning-domain-controller-placement The decision requires to be made by your domain administrators/security team, and then web applications can be developed/configured accordingly.
mx flag
In order for AD to work, you have to open up a lot of ports, which always introduce new/higher possibilities to be attached via this new channel. Security concerns aside, I am never a fan of providing AD service cross firewall, not even with RODC. AD cross firewall will cause many problems down the road, just not worth the headache.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.