On 21 Jan 2013, at 09:47, Andy Swiffin <[log in to unmask]> wrote:
> I was wondering - what do other people do to secure their AD LDAP servers? I assume you don't all have your AD domain name the same as your real domain?
We actually do have our AD in a global namespace – our FQDN is "ad.kent.ac.uk" and our DCs live in that namespace.
However we don't use JANET certs on a lot of our "Windows only" type systems, opting instead for our internal CA infrastructure... so all our DCs have certificates issued by our local Root CA which is added to Domain Joined PCs as they join the domain so is trusted implicitly.
Matthew Slowe <[log in to unmask]> | Tel: +44 (0)1227 824265
Server Infrastructure Team, IS | Fax: +44 (0)1227 824078
University of Kent, Canterbury, Kent | Web: http://www.kent.ac.uk/