active directory in data center -- security

[Terry]

Hello,

We have a large environment of servers with mixed permissions and uses. For
example, we have servers that serve as web servers. These webservers may
require the customer to have administrative permission on the box.

Other than the obvious of users being able to query AD and get all of our
customer information, what other security concerns should I be aware of?

Our goals:
1) DHCP
2) DNS (dynamic)
3) centralized identity store
4) group policy

I just have concerns with putting all of our servers in a single domain (to
keep DCs to a minimum).

I have tossed around the idea of using linux and dhcpd/bind to serve the
obvious needs and we are probably going with a more robust IDM platform
anyways so that leaves group policy.

Anyone using AD in this type of volatile environment?

[JPolicelli [MVP-DS]]

There's a lot for you to be concerned with.

For starters though, you need to consider that some computers/servers in
your environment may not be properly secured. For example, people tend to
create shares and grant the Authenticated Users group read and sometimes
write access to the share. If you knowingly or unknowingly have these shares
in your environment, then these customer accounts may have access to this
information.

In general, I strongly discourage the use of customer accounts in a
corporate AD environment.

"Terry" <Te...@discussions.microsoft.com> wrote in message
news:C9F4BE52-EE3C-48AB...@microsoft.com...