-1

I'd like to set up an HTTP redirect on our local domain, e.g.

https://intranet.local -> https://home.intranet.local

Our DNS servers are on our domain controllers, and intranet.local resolves to one of many domain controllers.

Microsoft does not recommend putting IIS on domain controllers, and we do not like the idea of adding IIS maintenance and new potential attack vector to all our DCs just for a redirect.

Is there another way to do this? I'm relatively new to the Windows Server world, so I may be missing something obvious.

Mark Thomas
  • 101
  • 5
  • What currently answers the request when someone browses to https://intranet.local ? Or is there nothing there since it's a DC which is why you're trying to make it so doing so ends up at the desired location? – PhonicUK Jan 16 '20 at 13:59
  • intranet.local does not currently respond to HTTP. – Mark Thomas Jan 20 '20 at 20:38

2 Answers2

1

An HTTP Server must tell the clients that there is a 30x redirect towards another URL.

With your example, "something" needs to listen on port 443, provide a valid SSL certificate (otherwise it will trigger an Invalid Certificate warning on the browsers before the redirection) and finally send the HTTP Redirect instruction.

You can use "ad.intranet.local" for Active Directory, and keep "intranet.local" for the web servers. Otherwise, you can keep "intranet.local" for Active Directory, but you'll have to instruct you users that the website they want is located at "home.intranet.local".

I don't recommend installing a web server on your DC, for the reasons you cite.

As a side note, using ".local" is not recommended

Swisstone
  • 6,725
  • 7
  • 22
  • 32
0

Try this on windows server 2019 and above to redirect https traffic to your webserver

netsh interface portproxy add v4tov4 listenport=443 connectaddress=home.intranet.local connectport=443 protocol=tcp
Hooman Valibeigi
  • 33
  • 7
  • This is unorthodox and just strange thing to do for an Active Directory Domain Controller in a business environment. It's basically a blinking light to notify everyone that there's probably more to discover. – Greg Askew Jul 17 '23 at 11:39