I'm managing a local domain and want to use my domain user account to access it remotely. A previous commenter suggested that installing Tailscale on my domain controller (DC) would simplify connecting to my network and other resources. However, I'm concerned about security. Is it really safe to set this up, and are there better alternatives for accessing my domain securely through Tailscale?
5 Answers
I agree; your domain controller should focus solely on its primary role. If you need to configure a subnet router for Tailscale, consider using a dedicated server instead and allow it to handle that routing functionality. Also, make sure to set DNS correctly for proper Active Directory operations.
Definitely avoid running Tailscale directly on a DC. Instead, look into setting up a VPN or using a different dedicated server. Your firewall might even have built-in solutions that are better suited for this purpose without compromising your DC's integrity.
Running Tailscale on your domain controller? That's a risky move, in my opinion. A domain controller should stick to one role, and adding extra software just opens the door for more attack vectors. It's usually best to keep it as simple as possible.
Exactly! We keep any unnecessary apps off our DCs. If a new program needs DC access, we install it on a separate server after it passes security checks.
For home networks, I sometimes create a dedicated DC with Tailscale installed in a secure config. But for enterprises, caution is key! Using tools like Azure AD for secure access might be a safer route than risking your DC.
I’d steer clear of multi-homing your DC. They should serve one purpose only. Consider more straightforward setups, like a Linux VM in front of your DC, for additional functionalities.
Are there specific routers or VMs you'd recommend for this setup?