Solved

Concerns about ISA , Radius protocol use, when replacing existing server thats a domain controller?

Posted on 2011-09-28
3
442 Views
Last Modified: 2012-05-12
We currently are still running a Windows 2000 server as our domain controller. We have one central location, with over 60 remote locations. We have all the locations connected using vpn's. We are currently using ISA on the server for Radius for the Vpn users on the network. We need to replace this server with a new domain controller. They are looking at either Windows 2008 R2, or Windows SBS 2011 for a new domain controller. Basically the thought was that we could demote the current domain controller, and leave the ISA set up as is to continue to authenticate the use of the vpn on the company network. They don't want to have to re-enter all the accounts and set it all back up again. Then the old domain controller would just be a member of the domain as a server and still satisfy this task, and the new domain controller will be for the office tasks in general, file and print sharing and so fourth. Is there any reason that this wouldn't work ?? We don't want to demote the old server and add it to the new domain controller only to find out for some reason this will not work this way.  Just to add the plan for the new domain controller is to start fresh with its configuration, no migrating from the previous domain controller. The only thing that would be moved from the old domain controller to the new is the user data, common shared folders. Everything else including user accounts were to be set up as new.
0
Comment
Question by:holcomb_frank
  • 2
3 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 36718205
Where are the user accounts for the VPN users stored now?  That has me confused.
0
 

Author Comment

by:holcomb_frank
ID: 36718234
right now it's all on the windows 2000 server that acts as the current domain controller. there are so many, the boss doesn't want us to have to re-enter these on a new server, assuming that ISA would work the same on the new server.  so that is why he wants us to demote this windows 2000 domain controller  to a stand alone server, but leave the user accounts as they are and continue to have this box do the authentication....does that help??
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 36718766
Okay, it's been a while since I've worked closely with ISA so bear with me but it's my recollection ISA uses local user accounts for access.  On a Domain Controller, there are no local accounts, only domain accounts.  If that's the case, you'll lose your ISA accounts when you destroy the old domain in favor of the new domain.  I may be wrong (but I don't think so), or I may be mis-understanding (which is possible).
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question