settings up active directory accessible from the internet [closed]

For my small company i want to setup a domain controller

  • I want users to be able to access the domain controller from their laptops via the internet.
  • I need the DC for policies & management of users.
  • I’m aware of the consequences of exposing the DC to the Internet.
  • Yes at some point there might be a VPN on the Computers / DC.
  • Would like the machine to be hosted on AWS EC2 instance.

My problem is that i tried already doing it my self ,but i might be missing something.

  • Say my company is called mycompany.com.
  • I have already created a machine with the DC. (Windows 2008 rc2 DataCenter edition)
  • I assign a static IP using EC2 Elastic IP Address
  • I created a subdomain DNS record to direct dc.mycompany.com to the static IP (Using GoDaddy).
  • When i ping the address (Or remotly connect) to dc.myxompany.com the server responds.
    for the sake of it my company is www.company.com

But when i try to add computers to the DC , it constantly fails.

what i get is:

The following error occurred when DNS was queried for the service location (SRV)
esource record used to locate an Active Directory Domain Controller (AD DC) for domain 
"dc.mycompany.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.dc.mycompany.com

EDIT:
Following the comments below. i’m doing it for research purposes to understand what will work for my company and what will be the end solution that will be suggested.
i have managed many AD before, but i have never tried to do it with some of my users being able to access it from the internet.
I’m also using this method to test VPN providers like F5 & CheckPoint to go along with this solution. As for EC2 & AWS As it easier to experiment with that environment rather than using actual servers inside my company.

Any help will be much appreciated.

{Please don’t leave comment like don’t do it.}

Answer

Ignoring how unbelievably insecure this idea is going to be…

I created a subdomain DNS record to direct dc.mycompany.com to the static IP (Using GoDaddy).

OK, but what about the rest of the zone? As the error states, it’s looking for a SRV record. This likely doesn’t exist in your public zone hosted with GoDaddy.

Obligatory: Why on earth are you trying to do this? What’s wrong with implementing something like a DirectAccess VPN?

Attribution
Source : Link , Question Author : koby meir , Answer Author : voretaq7

Leave a Comment