settings up active directory accessible from the internet [closed]

For my small company i want to setup a domain controller

  • I want users to be able to access the domain controller from their laptops via the internet.
  • I need the DC for policies & management of users.
  • I’m aware of the consequences of exposing the DC to the Internet.
  • Yes at some point there might be a VPN on the Computers / DC.
  • Would like the machine to be hosted on AWS EC2 instance.

My problem is that i tried already doing it my self ,but i might be missing something.

  • Say my company is called
  • I have already created a machine with the DC. (Windows 2008 rc2 DataCenter edition)
  • I assign a static IP using EC2 Elastic IP Address
  • I created a subdomain DNS record to direct to the static IP (Using GoDaddy).
  • When i ping the address (Or remotly connect) to the server responds.
    for the sake of it my company is

But when i try to add computers to the DC , it constantly fails.

what i get is:

The following error occurred when DNS was queried for the service location (SRV)
esource record used to locate an Active Directory Domain Controller (AD DC) for domain 

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for

Following the comments below. i’m doing it for research purposes to understand what will work for my company and what will be the end solution that will be suggested.
i have managed many AD before, but i have never tried to do it with some of my users being able to access it from the internet.
I’m also using this method to test VPN providers like F5 & CheckPoint to go along with this solution. As for EC2 & AWS As it easier to experiment with that environment rather than using actual servers inside my company.

Any help will be much appreciated.

{Please don’t leave comment like don’t do it.}


Ignoring how unbelievably insecure this idea is going to be…

I created a subdomain DNS record to direct to the static IP (Using GoDaddy).

OK, but what about the rest of the zone? As the error states, it’s looking for a SRV record. This likely doesn’t exist in your public zone hosted with GoDaddy.

Obligatory: Why on earth are you trying to do this? What’s wrong with implementing something like a DirectAccess VPN?

Source : Link , Question Author : koby meir , Answer Author : voretaq7

Leave a Comment