0 votes

Hi,

is it possible to manage a domain with Adaxes that is hosted in the DMZ?

For example we have one internal domain, lets call it 'internal.domain.com' where the Adaxes service is hosted and managing all objects in it.
Now we got an additional domain in our DMZ called 'external.domain.com' we use this one to authenticate external customers against our sharepoint site.
And here it comes, my managers want to know if it is possible to use the capabilities of Adaxes for the external domain too.

The domain controller inside the DMZ is reachable from the internal domain but there's no trust yet or anything else.

Is there any chance to get this working?

kind regards
Ingemar

by (960 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, it is possible to manage another domain using the same Adaxes service even if there are no trusts between them. The only thing you need is to open ports necessary for Adaxes service to access the domain. For a list of the necessary ports, see section Adaxes Service in the following FAQ article: What ports does Adaxes use?. When port are open, you'll need to register the domain in Adaxes service.

However, keep in mind that opening the ports can pose a certain security risk for your internal network. To mitigate the risk, consider installing a read-only domain controller (RODC) for the DMZ domain in your internal network. In this case, Adaxes service will be able to connect to the RODC, and you won't need to open the ports for Adaxes service to connect to the DMZ.

0

Thanks for the quick reply.

Can you quickly tell me what kind of permissions the account that will manage the external domain needs?

kind regards
Ingemar

0

Hello Ingemar,

By default, the account needs to be a member of the BUILTIN\Administrators, however this behavior can be overridden. You can disable the permission check in Adaxes and register the domain using any enabled and not expired account from that domain. For information on how to disable the permission check, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... mains.html.

Since Adaxes service will use the account to perform all operations within the domain, you'll need to make sure that the account is granted all the necessary permissions. E.g. if you want to use Adaxes to manage users from a particular Organizational Unit, make sure that the account has sufficient permissions to perform all the required operations on all the accounts you need.

0

Thanks again for your quick reply

kind regards
Ingemar

Related questions

0 votes
1 answer

This note is found in the documentation on how to configure allowed domains in Adaxes 2023. Allowed domain names can only be selected from the alternative UPN suffixes for on- ... required to pick up the change, or is there another way to trigger the update?

asked Jan 31, 2023 by dtb147 (290 points)
0 votes
1 answer

Hello, I have one Adaxes service that manage domain abc.com. I would like to manage another domain called xyz.com. The existing adaxes sevice's server is joined domain to ... server to xyz.com? and then after that, I add it to Adaxes Administration Console?

asked Dec 7, 2021 by fachmi (170 points)
0 votes
1 answer

I've got a few questions regarding the setup for the web interface and admin console in the DMZ found here. If we don't want the Admin Console accessible outside the network ... users also hit the RODC in the DMZ or would they use the internal DCs? Thanks!

asked May 5, 2020 by scoutcor (120 points)
0 votes
1 answer

Hi, We are currently still running an older version of Adaxes (2014.1) and having an issue with our 2nd server of Adaxes that is in our DMZ. I would like to resolve this ... done to the environment. I am wondering if I can get any assistance on this. Thanks,

asked Jun 6, 2017 by Kobe46 (390 points)
0 votes
1 answer

We have Exchange 2010 OnPrem and Office 365 Exchange Online in a full Hybrid environment. Using AD Active Sync. We have now moved all of our mailboxes to Exchange ... manage the OnPrem Exchange AD Attributes after the last Exchange 2010 server is removed?

asked Jun 1, 2020 by StevePogue (20 points)
3,326 questions
3,025 answers
7,723 comments
544,673 users