Is it ok for a webserver to be a member of a domain?

MojoDK

9/10/23, 11:15 AM

For security reasons, I'm moving my webserver to its own VLAN.

Is it safe to keep it as a domain member (with all the right firewall rules) or should it be a standalone server?

0 + 0

security

firewall

active-directory

domain

web-server

Lex Li

9/10/23, 11:52 AM

Usually, you might set up RODC or keep it a standalone server, https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/planning-domain-controller-placement The decision requires to be made by your domain administrators/security team, and then web applications can be developed/configured accordingly.

strongline

9/11/23, 6:51 PM

In order for AD to work, you have to open up a lot of ports, which always introduce new/higher possibilities to be attached via this new channel. Security concerns aside, I am never a fan of providing AD service cross firewall, not even with RODC. AD cross firewall will cause many problems down the road, just not worth the headache.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is it ok for a webserver to be a member of a domain?

TH: เว็บเซิร์ฟเวอร์สามารถเป็นสมาชิกของโดเมนได้หรือไม่?

RO: Is it ok for a webserver to be a member of a domain?

RU: Может ли веб-сервер быть членом домена?

VI: Máy chủ web có phải là thành viên của miền không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.