Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IAS : Migration and requirement

Posted on 2007-12-01
3
Medium Priority
?
2,287 Views
Last Modified: 2013-12-04
I am upgrading our Active Directory from Windows 2000 to Windows 2003 R2. There is a 2000 DC with IAS-RADIUS server running doing authentication for CISCO WAP devices. I will be demoting that server and I would like move that IAS service to a Windows 2003 server. Questions:

1- Do you know the steps to migrate IAS settings from 2000 to a 2003 server? I already found the steps from 2000 to 2000 bu there is a disclaimer about not working when moving to a 2003 server. Here: http://www.webservertalk.com/archive123-2004-10-357884.html

2- Is it required for IAS to run on a Domain Controller and not just a member server? The reason I ask is due to this KB Article:http://support.microsoft.com/kb/317588

Thanks

0
Comment
Question by:JohnRamz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 1500 total points
ID: 20389525
1. as per the following MS official document, "the configuration of IAS servers running on products in the Windows 2000 server family can be imported into products in the Windows Server 2003 family with set config. The reverse, however, is not possible."

Netsh commands for AAAA
http://technet2.microsoft.com/WindowsServer/en/Library/9ffd261c-62e4-4f41-aa35-2790bd2534771033.mspx

2. you may run IAS on a member server. actually, installing an IAS on a domain controller is a bit unusual. that's probably why MS published two KB articles regarding "how to configure a Primary/Secondary Internet Authentication Service Server on a Domain Controller."

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:bbao
ID: 20389593
basically, where to put an IAS depends on your security architecture. you have to find a tradeoff between security and performance. for example, installing IAS on DC avoids the traffic between IAS and DC, but it allows IAS clients to "touch" the DC where stores the most sensitive credentials of an organization.

hope it helps,
bbao
0
 

Author Comment

by:JohnRamz
ID: 20389921
I appreciate your answer, I believe that would do it. I will test it next week and rate your answer

Thanks

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question