0

I have an AD filled with test data. I have automated tests that query this AD. I would quite like to be able to run these tests from anywhere, including outside of the domain.

I have seen the question Should I expose my Active Directory to the public Internet for remote users?. I don't really care about the shoulds, it's test data and my security requirements are minimal.

How do I set up my AD to be universally accessible?

I'm using the System.DirectoryServices libary to query the AD if that matters.

        using (var directoryEntry = new DirectoryEntry("LDAP://...", "username", "password"))
        using (var searcher = new DirectorySearcher(directoryEntry, "(givenName=*)", new[] { "attributeOfInterest" }))
        {
            return searcher.FindAll();
        }
Community
  • 1
Nathan Cooper
  • 123
  • 5

1 Answers1

3

In order to satisfy this one specific scenario, all you really have to do is open port 389 on whatever firewall separates the domain controller from the internet. Everything will be clear text over the wire. Kerberos will not be used. You may also desire some sort of externally resolvable DNS name (though not strictly technically required.) You may also have a NAT router that needs port forwarding set up to forward traffic over port 389 to your internal domain controller. Don't know the specifics of your network.

PS - To future readers who might stumble upon this - don't take this as an endorsement that I think this is a good idea. :)

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197