Solved

Concerns about ISA , Radius protocol use, when replacing existing server thats a domain controller?

Posted on 2011-09-28
3
437 Views
Last Modified: 2012-05-12
We currently are still running a Windows 2000 server as our domain controller. We have one central location, with over 60 remote locations. We have all the locations connected using vpn's. We are currently using ISA on the server for Radius for the Vpn users on the network. We need to replace this server with a new domain controller. They are looking at either Windows 2008 R2, or Windows SBS 2011 for a new domain controller. Basically the thought was that we could demote the current domain controller, and leave the ISA set up as is to continue to authenticate the use of the vpn on the company network. They don't want to have to re-enter all the accounts and set it all back up again. Then the old domain controller would just be a member of the domain as a server and still satisfy this task, and the new domain controller will be for the office tasks in general, file and print sharing and so fourth. Is there any reason that this wouldn't work ?? We don't want to demote the old server and add it to the new domain controller only to find out for some reason this will not work this way.  Just to add the plan for the new domain controller is to start fresh with its configuration, no migrating from the previous domain controller. The only thing that would be moved from the old domain controller to the new is the user data, common shared folders. Everything else including user accounts were to be set up as new.
0
Comment
Question by:holcomb_frank
  • 2
3 Comments
 
LVL 33

Expert Comment

by:paulmacd
Comment Utility
Where are the user accounts for the VPN users stored now?  That has me confused.
0
 

Author Comment

by:holcomb_frank
Comment Utility
right now it's all on the windows 2000 server that acts as the current domain controller. there are so many, the boss doesn't want us to have to re-enter these on a new server, assuming that ISA would work the same on the new server.  so that is why he wants us to demote this windows 2000 domain controller  to a stand alone server, but leave the user accounts as they are and continue to have this box do the authentication....does that help??
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 500 total points
Comment Utility
Okay, it's been a while since I've worked closely with ISA so bear with me but it's my recollection ISA uses local user accounts for access.  On a Domain Controller, there are no local accounts, only domain accounts.  If that's the case, you'll lose your ISA accounts when you destroy the old domain in favor of the new domain.  I may be wrong (but I don't think so), or I may be mis-understanding (which is possible).
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now