Vpn connected users to communicate with ad server placed in dmz only.and to change the users password by clicking alt+cntrl+delete

Question

Dear team,

i have three active directory servers.

1)ad-a (primery domain controller)

2)ad-b ( secondery domain controller)

3) ad-c (domain controller placed in dmz )

i want my vpn connected users to communicate with my 3rd active directory server which is placed in dmz. i need to change vpn users to change their password by clicking alt+cntl+Delete keys. but they cant change the password ,because its communicating with primery ad only.

for vpn users we not allowed any communiction with primery and secondery ad from our firewall.we only given communication from active directory server which we placed in dmz region. but when we try change password its trying to communicate with primery ad automaticaly. that trafic i can see in my firewall.

i can update group policy .but i can not change user password.

what will be the reason and how we can resolve the issue.

i hope you understand the issue.your assistance will be appreciated.

Answer 1

Hi,

What's the error message when you tried to change the password?
Based on my test, user password can be performed on other DCs in the domain even can't connect to the PDC.
So, you may try to confirm the ports used to change the password on the clients and DCs in the DMZ.
Following information about the ports for your reference:
https://techgenix.com/domain-controllers-required-ports/
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.

Best Regards,