settings up active directory accessible from the internet


For my small company i want to setup a domain controller

  • I want users to be able to access the domain controller from their laptops via the internet.
  • I need the DC for policies & management of users.
  • I'm aware of the consequences of exposing the DC to the Internet.
  • Yes at some point there might be a VPN on the Computers / DC.
  • Would like the machine to be hosted on AWS EC2 instance.

My problem is that i tried already doing it my self ,but i might be missing something.

  • Say my company is called
  • I have already created a machine with the DC. (Windows 2008 rc2 DataCenter edition)
  • I assign a static IP using EC2 Elastic IP Address
  • I created a subdomain DNS record to direct to the static IP (Using GoDaddy).
  • When i ping the address (Or remotly connect) to the server responds. for the sake of it my company is

But when i try to add computers to the DC , it constantly fails.

what i get is:

The following error occurred when DNS was queried for the service location (SRV)
esource record used to locate an Active Directory Domain Controller (AD DC) for domain 

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for

EDIT: Following the comments below. i'm doing it for research purposes to understand what will work for my company and what will be the end solution that will be suggested. i have managed many AD before, but i have never tried to do it with some of my users being able to access it from the internet. I'm also using this method to test VPN providers like F5 & CheckPoint to go along with this solution. As for EC2 & AWS As it easier to experiment with that environment rather than using actual servers inside my company.

Any help will be much appreciated.

{Please don't leave comment like don't do it.}

asked on Server Fault Nov 7, 2013 by koby meir • edited Nov 8, 2013 by koby meir

1 Answer


Ignoring how unbelievably insecure this idea is going to be...

I created a subdomain DNS record to direct to the static IP (Using GoDaddy).

OK, but what about the rest of the zone? As the error states, it's looking for a SRV record. This likely doesn't exist in your public zone hosted with GoDaddy.

Obligatory: Why on earth are you trying to do this? What's wrong with implementing something like a DirectAccess VPN?

answered on Server Fault Nov 7, 2013 by Chris McKeown • edited Nov 7, 2013 by voretaq7

User contributions licensed under CC BY-SA 3.0