LDAP and A/D security over internet

Giganews Newsgroups
Subject: LDAP and A/D security over internet
Posted by:  Peter Hoffman (PeterHoffm…@discussions.microsoft.com)
Date: Tue, 6 Feb 2007

Hi, we are a college campus Win03 SP1, single domain. I have a request from
our State sponsor to be able to allow our employees access to their portal.
The sponsor wants to do LDAP queries from their servers in another city
against my DC's to authenticate our users against our AD to allow access to
their portal. I have no experience doing anything like this.

I'm concerned about security. My DC's are on an internal network, not on the
DMZ. The sponsor is asking us to config our firewall to allow LDAP access
from their servers through the firewall to one of my DC's.

What should I be concerned about here as far as security? What are the best
practices? Any help is very much appreciated!!
Thanks, - Pete

P Hoffman, MCSA, MCP, MSCE