?
Solved

Concerns about ISA , Radius protocol use, when replacing existing server thats a domain controller?

Posted on 2011-09-28
3
Medium Priority
?
455 Views
Last Modified: 2012-05-12
We currently are still running a Windows 2000 server as our domain controller. We have one central location, with over 60 remote locations. We have all the locations connected using vpn's. We are currently using ISA on the server for Radius for the Vpn users on the network. We need to replace this server with a new domain controller. They are looking at either Windows 2008 R2, or Windows SBS 2011 for a new domain controller. Basically the thought was that we could demote the current domain controller, and leave the ISA set up as is to continue to authenticate the use of the vpn on the company network. They don't want to have to re-enter all the accounts and set it all back up again. Then the old domain controller would just be a member of the domain as a server and still satisfy this task, and the new domain controller will be for the office tasks in general, file and print sharing and so fourth. Is there any reason that this wouldn't work ?? We don't want to demote the old server and add it to the new domain controller only to find out for some reason this will not work this way.  Just to add the plan for the new domain controller is to start fresh with its configuration, no migrating from the previous domain controller. The only thing that would be moved from the old domain controller to the new is the user data, common shared folders. Everything else including user accounts were to be set up as new.
0
Comment
Question by:holcomb_frank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 36718205
Where are the user accounts for the VPN users stored now?  That has me confused.
0
 

Author Comment

by:holcomb_frank
ID: 36718234
right now it's all on the windows 2000 server that acts as the current domain controller. there are so many, the boss doesn't want us to have to re-enter these on a new server, assuming that ISA would work the same on the new server.  so that is why he wants us to demote this windows 2000 domain controller  to a stand alone server, but leave the user accounts as they are and continue to have this box do the authentication....does that help??
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 36718766
Okay, it's been a while since I've worked closely with ISA so bear with me but it's my recollection ISA uses local user accounts for access.  On a Domain Controller, there are no local accounts, only domain accounts.  If that's the case, you'll lose your ISA accounts when you destroy the old domain in favor of the new domain.  I may be wrong (but I don't think so), or I may be mis-understanding (which is possible).
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question