• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2368
  • Last Modified:

IAS : Migration and requirement

I am upgrading our Active Directory from Windows 2000 to Windows 2003 R2. There is a 2000 DC with IAS-RADIUS server running doing authentication for CISCO WAP devices. I will be demoting that server and I would like move that IAS service to a Windows 2003 server. Questions:

1- Do you know the steps to migrate IAS settings from 2000 to a 2003 server? I already found the steps from 2000 to 2000 bu there is a disclaimer about not working when moving to a 2003 server. Here: http://www.webservertalk.com/archive123-2004-10-357884.html

2- Is it required for IAS to run on a Domain Controller and not just a member server? The reason I ask is due to this KB Article:http://support.microsoft.com/kb/317588

Thanks

0
JohnRamz
Asked:
JohnRamz
Advertise Here
  • 2
1 Solution
 
bbaoIT ConsultantCommented:
1. as per the following MS official document, "the configuration of IAS servers running on products in the Windows 2000 server family can be imported into products in the Windows Server 2003 family with set config. The reverse, however, is not possible."

Netsh commands for AAAA
http://technet2.microsoft.com/WindowsServer/en/Library/9ffd261c-62e4-4f41-aa35-2790bd2534771033.mspx

2. you may run IAS on a member server. actually, installing an IAS on a domain controller is a bit unusual. that's probably why MS published two KB articles regarding "how to configure a Primary/Secondary Internet Authentication Service Server on a Domain Controller."

hope it helps,
bbao
0
 
bbaoIT ConsultantCommented:
basically, where to put an IAS depends on your security architecture. you have to find a tradeoff between security and performance. for example, installing IAS on DC avoids the traffic between IAS and DC, but it allows IAS clients to "touch" the DC where stores the most sensitive credentials of an organization.

hope it helps,
bbao
0
 
JohnRamzAuthor Commented:
I appreciate your answer, I believe that would do it. I will test it next week and rate your answer

Thanks

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Go Premium
  • 2
Advertise Here
Tackle projects and never again get stuck behind a technical roadblock.
Join Now