cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Joining a DMZ server to the domain

RippieUK
Brass Contributor

‎Apr 16 2021 03:24 AM

‎Apr 16 2021 03:24 AM

Joining a DMZ server to the domain

Hi all,

 

Quick question. I have a Read-Only Domain Controller in my DMZ who has access to 2 writeable domain controllers through the firewall.

 

Yesterday i had to disjoin a server in the DMZ and rejoin but it would not let me join. once I added a temp firewall rule to allow the server in question to reach the 2 writeable domain controllers it went straight through.

 

Is this expected? I know the domain controller in the DMZ is a Read Only DC but I had it in my mind that it would "forward" the request to the 2 writeable DCs?

 

I could of course have put it on the inside LAN network for a few minutes and then back out in the DMZ.

Labels:
6,895 Views
0 Likes
3 Replies
Reply
3 Replies
Dave Patrick

‎Apr 16 2021 05:16 AM

‎Apr 16 2021 05:16 AM

Re: Joining a DMZ server to the domain

Seems the firewall may be too restrictive.

 

What operations fail if the WAN is offline, but the RODC is online in the branch office?
- If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail:
- Password changes
- Attempts to join a computer to a domain
- Computer rename
- Authentication attempts for accounts whose credentials are not cached on the RODC
- Group Policy updates that an administrator might attempt by running the gpupdate /force command

 

RODC Frequently Asked Questions | Microsoft Docs

 

 

0 Likes
Reply
RippieUK

‎Apr 16 2021 08:36 AM

‎Apr 16 2021 08:36 AM

Re: Joining a DMZ server to the domain

Hmm will do a test next week i think where i open all ports for a 10 min period from the RODC in DMZ to the 2 writeable DCs. Thank you for that link.
0 Likes
Reply