Concerns about ISA , Radius protocol use, when replacing existing server thats a domain controller?

Posted on 2011-09-28
Medium Priority
Last Modified: 2012-05-12
We currently are still running a Windows 2000 server as our domain controller. We have one central location, with over 60 remote locations. We have all the locations connected using vpn's. We are currently using ISA on the server for Radius for the Vpn users on the network. We need to replace this server with a new domain controller. They are looking at either Windows 2008 R2, or Windows SBS 2011 for a new domain controller. Basically the thought was that we could demote the current domain controller, and leave the ISA set up as is to continue to authenticate the use of the vpn on the company network. They don't want to have to re-enter all the accounts and set it all back up again. Then the old domain controller would just be a member of the domain as a server and still satisfy this task, and the new domain controller will be for the office tasks in general, file and print sharing and so fourth. Is there any reason that this wouldn't work ?? We don't want to demote the old server and add it to the new domain controller only to find out for some reason this will not work this way.  Just to add the plan for the new domain controller is to start fresh with its configuration, no migrating from the previous domain controller. The only thing that would be moved from the old domain controller to the new is the user data, common shared folders. Everything else including user accounts were to be set up as new.
Question by:holcomb_frank
  • 2
LVL 35

Expert Comment

by:Paul MacDonald
ID: 36718205
Where are the user accounts for the VPN users stored now?  That has me confused.

Author Comment

ID: 36718234
right now it's all on the windows 2000 server that acts as the current domain controller. there are so many, the boss doesn't want us to have to re-enter these on a new server, assuming that ISA would work the same on the new server.  so that is why he wants us to demote this windows 2000 domain controller  to a stand alone server, but leave the user accounts as they are and continue to have this box do the authentication....does that help??
LVL 35

Accepted Solution

Paul MacDonald earned 2000 total points
ID: 36718766
Okay, it's been a while since I've worked closely with ISA so bear with me but it's my recollection ISA uses local user accounts for access.  On a Domain Controller, there are no local accounts, only domain accounts.  If that's the case, you'll lose your ISA accounts when you destroy the old domain in favor of the new domain.  I may be wrong (but I don't think so), or I may be mis-understanding (which is possible).

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question