0 votes

Hi,

We're looking at using Adaxes in an MSP environment with around 30 clients, each with their own domain. Some of these clients are hybrid on-prem/Azure, while others are Azure AD only. Some of the clients have on-prem domains with the .local TLD. Some have on-prem domains with .com and have a website hosted on the same domain on a different IP than their DC server. Et cetera.

I'm looking to get as much info as is practical about how Adaxes talks to managed domains that aren't on the same network as the server that the Adaxes service is installed on, so that I can apply it to as many different situations as possible.

First - I have a vague understanding from this question that I need to set up conditional forwarders on the MSP DNS server pointing to each of the client DNS servers, but I'd like to get some more info about that - where specifically does it need to point? What about .local on-prem domains?

Second - I figure that all the ports listed here need to be open to the internet on the client DC servers - are there security implications here?

Thanks, Max

by (40 points)

1 Answer

0 votes
by (289k points)

Hello Max,

First - I have a vague understanding from this question that I need to set up conditional forwarders on the MSP DNS server pointing to each of the client DNS servers, but I'd like to get some more info about that - where specifically does it need to point?

In the post you referenced, it was a customer request to create conditional forwarders based on custom attributes. To be able to manage a domain in Adaxes you just need to make sure that the service can connect to the domain using the ports provided in the article you referenced and configure the DNS records accordingly. Adaxes does not have specific requirements as to DNS records. It uses standard approaches. The following Microsoft article might be helpful: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/integrating-ad-ds-into-an-existing-dns-infrastructure.

I figure that all the ports listed here need to be open to the internet on the client DC servers - are there security implications here?

The ports need to be open from the computer where Adaxes service is installed towards the domain controllers of the domains you want to manage. In your case, it seems to be required to open the ports over the Internet. There should be no security implications. However, it is a good idea to enable traffic encryption for operations you will be performing in Adaxes. The following article will be helpful: https://www.adaxes.com/help/EncryptTraffic.

Related questions

0 votes
1 answer

I gone throught Adaxes License is based and its based on user. I wanted to understand, does the license user count is on technical assistance user or AD objects?

asked Jan 23, 2020 by subbu (20 points)
0 votes
1 answer

Will it use 1 license for an Active Directory user and his azure account or 2 licenses?

asked Nov 7, 2023 by johanpr (120 points)
0 votes
1 answer

First off I have to say that Adaxes is really extraordinary and has been such a massive help to delegate a lot of the day-to-day AD management across mutiple untrusted forests. ... how it functions under the hood, and a lot of SDK documentation left to read.

asked Sep 27, 2023 by McMyers183 (20 points)
0 votes
1 answer

Hello, How it works if I have multiple accounts in one domain, and other accounts in others domains managed by Adaxes ? Thank you. Regards. Pierre

asked Jun 9, 2021 by pierre.saucourt (40 points)
0 votes
1 answer

Hello I try to query the schema- and Exchange-schema-Version from our managed domains, but I don't find script samples. regards Helmut

asked Nov 2, 2020 by a423385 (510 points)
3,547 questions
3,238 answers
8,232 comments
547,809 users