All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anyone with Microsoft Active Directory Experience ?
Mahfuz_SS_EHL
Host Rep, Veteran
Hello,
Is there anyone here who has experience with Microsoft Active Directory Domain Service & Related System Administration ??
What I want is to setup Active Directory on Windows Server 2016/2019/2022 & then connect the Windows based devices/workstation (Windows 10 Pro/Windows 11 Pro) remotely, not necessarily under same network.
The issue is, I was able to setup active directory but it's can't be connected remotely. This service has less knowledgebase/tutorial available on the web. I went through the guidelines & setup necessary DNS Records but still it's not connecting. Necessary ports are open too. Tried Subdomains/Top Level Domain but nothing worked.
The main issue is, when the device searches the active directory domain, it's can't find it though it's already pointed to that Server 2016/2019/2022.
Even I tried to use the Windows Server's DNS server so that it can create necessary records but it still not working.
What I want, the member device/workstation can remotely connect to the Active Directory remotely from any network & do their tasks accordingly even outside the office time. We need the Active Directory system just to put restriction on some administrative priviledges.
Regards.
Comments
A little too vague for me to provide definitive answer but I vaguely recall this worked fine via VPN (where you have the corresponding ports and domains the same). I hope I am not sending you down a rabbit hole here since it's been quite a number of years I haven't use Active Directory. I don't think it might be a good idea to not use a VPN for such sort of communication but I always stand corrected if I say something wrong.
Via VPN ? Do you mean you use to connect to a VPN & then connect the ADDS in your Device ? Are you sure the Active Directory & Your connected Device wasn't under same network ?? Our one works when we are under same network but doesn't work if we try to connect remotely.
If you are connecting remotely, you need to connect your device via VPN on the PC first. Or make things simple, use site to site vpn
Is your domain controller available on internet i.e. any PC around the world can ping it using its forest/domain name?
Yes, it is. Yet, the devices e.g. Workstation can't find it & connect to it.
Mentally strong people have workstations on-site to join the domain before sending them to remote workers.
I have some experience working with Active Directory currently, though in my situation everyone is located remote but we're all connected through a VPN client that keeps everyone within a global network.
Active Directory works fine in this situation and behaves the same as though we were all located at the office, policy changes are made and then applied when users connect through the VPN (starts up with the computer) or manually run
gpupdate /forceon their machines to pull the latest policy configurations.If you're trying to run a more "public" AD server, that's not something I've personally seen. But if you want to apply AD configurations to remote users, you should be able to do so using a VPN as long as the AD server is reachable within the network.
You may want to have DNS settings configured at the network level so the AD server and the workstations can communicate between each other. Without this, the policies from the AD server will not be updated or enforced on the workstations.
Our implementation is that we have an Azure AD server as well as an "on-prem" AD server hosted through AWS. These servers are still accessible through the global network and VPN client that we're using, so any connected workstations receive and follow all policy changes regardless of where they are located around the world. However, this is still a private network that uses internal DNS routing for all connected users.
Please don't open a domain controller's ports to the internet. AD designed to be run on an internal network and isn't secure on the internet - if you want a cloud first system you should be looking at Azure AD + Intune, if you still want on premises AD you should VPN clients so they can connect to the network.