Where is the guidance for Active Directory in the DMZ?
DMZ, which actually stands for demilitarized zone, is a very popular term to refer to the concept of a screened subnet, perimeter network, or essentially a network that is divided from your internal network by a firewall. The problem with the term DMZ is that it is actually a military and political term that is not allowed for use in official documentation on TechNet. So, when you are looking for guidance on TechNet related to firewalls, you should search on both screened subnet and perimeter network. That said, we are using social bookmarking, tagging, and blog entries (like this one) to try to surface our content when people search on DMZ using it as a network security term. So, the guidance on Active Directory in the DMZ is titled Active Directory Domain Services in the Perimeter Network. If you are looking for the network ports for Active Directory communications, you will want to review Active Directory and Active Directory Domain Services Port Requirements.
This posting is provided "AS IS" with no warranties, and confers no rights.