Publishing Active Directory through ForeFront TMG or ISA Server
| Published date | Fri, 2009-11-27 16:42 |
| Category | |
| Author | Wan Ziyang, Triston |
| Printable Version | Email this Article | |
|
|
|
| Post to del.icio.us | Furl it | Spurl it | |
|
|
|
I have been tasked to explore on how to publish the internal LDAP server(MS Active Directory) to public internet with authentication.
After few days of struggling, I am finally able to get it done.
I decided to publish it so that others will not have to suffer like me. :-)
Step 1: Start the "Publish Non-Web Server Protocols"
Step 2 : Give your rule a name
Step 3: Specify your LDAP Server(Active Directory) IP Address
Step 4: Create a new protocol
Step 5: Give your new protocol a name
Step 6: Create a new port range
Step 7: Select "TCP" --> "Inbound" and port is "389" for both
Step 8: Click on "New" to create another one
Step 9: Select "UDP" --> "Recieve" and port is "389" for both
Step 10 : Click "Next" to proceed
Step 11: Leave it as default and go to next step
Step 12: Click "Finish" to complete the wizard
Step 13: Click "Next" to proceed
Step 14: Check "External" Interface and click on "Address"
Step 15: Follow the setting below, highlight on the IP Address you want the server to listen to, and click on "Add"
Step 16: Click "Finish" to complete the wizard
Step 17: You need to modify the rule before it will work. Double click on the newly created rule
Step 18: Go to "To" Tab and choose "Request appear to come from the Forefront TMG computer" or "Request appear to come from the ISA Server computer"
Step 19: Click on "Apply" to active the changes.
Now you need to configure your client to test the rule. I am using "Windows Mail" in Vista
Step 1 : Launch Windows Mail and go to "Tools"-->"Accounts" and click on "Add"
Step 2: Select "Directory Service"
Step 3: key in the public resolvable name of your ForeFront or ISA server and check on "My LDAP server requires me to log on"
Step 4: key in your domain account credential
Step 5: Select "No" for this step
Step 6: Click on "Finish" to complete this wizard
Step 7: go back to "Tools" --> "Accounts" and select your newly creately directory service and click on "Properties"
Under "Advanced" tab, key the "Search base", it's recommended to narrow down the search into a specific OU for best performance, but you can still use domain root as search base.
Step 8: Locate this icon in Windows Mail and click on "People"
Step 9: Select the new directory service
Step 10: key in your search query, and here comes the results :-)
Have fun folks..
Discuss/Post to digWin
About Wan Ziyang(Triston)
Wan Ziyang (Triston) is Sr.Consultant with a System Integrator based in Singapore. He is MCSE since year 2005 and MVP in Exchange Server. Triston leads Singapore MessagingTalk User Group activities where folks interested in Microsoft Messaging Technologies gather for learning and networking. He has done several implementation on various versions of Exchange Servers. He is also Redhat Certified Engineer on EL4.
Recent Articles by the author
- Publishing Active Directory through ForeFront TMG or ISA Server
- Exchange 2010 RC Certificate ( Generate, Import & Enable )
- Download MT FAX/SMS Tool - A Microsoft Outlook Add-in
- Step by Step guide on how to install Exchange Server 2010 Beta - Part 2
- Step by Step guide on how to install Exchange Server 2010 Beta - Part 1
Featured Links
-
VirtualServerTalk.com: Fresh look at virtualization community.
Get all tips, guides, reviews you need to know today. -
WorkStationTalk.com: Gateway to Imaging & Maintenance of your WorkStation.
