Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Change domain membership of an ISA Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Change domain membership of an ISA Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Change domain membership of an ISA Server - 25.Jun.2008 9:59:22 AM   
xpmtb

 

Posts: 2
Joined: 25.Jun.2008
Status: offline 		Hello,

I'm looking for recommendations or feedbacks before changing the domain membership of an ISA Server. The ISA Server is a 2006 Standard Edition. I already read the following article http://blogs.isaserver.org/shinder/2006/05/24/changing-isa-firewall-domain-membership/ . It seems there is no problem with Standard Edition but it is not 100% sure. What's your experience if you already perform one of these operations:

domain -> workgroup
workgroup -> domain
or my case: domain X -> domain Y (different Active Directory forest)

Thanks. 
Post #: 1
RE: Change domain membership of an ISA Server - 26.Jun.2008 8:46:31 AM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline 		You have to leave the domain by joining a workgroup, and then join the new domain.

Works well without problems, just make sure you put the ISA firewall in it's own OU that doesn't have the same settings as the other machines in your domain.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to xpmtb)
Post #: 2
RE: Change domain membership of an ISA Server - 26.Jun.2008 2:36:20 PM   
paulo.oliveira

 

Posts: 768
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi Tom,

why they canīt have the same settings? What kind of settings?

Regards,
Paulo Oliveira.

(in reply to tshinder)
Post #: 3
RE: Change domain membership of an ISA Server - 27.Jun.2008 4:36:22 AM   
beldorion

 

Posts: 16
Joined: 27.Jun.2008
From: Ireland
Status: offline 		Hi Paula,
ISA Server is a very specific machine on your Domain and should not be part of an OU which might have some policy applied not corresponding to the security required for an ISA Server.
Olivier

(in reply to paulo.oliveira)
Post #: 4
RE: Change domain membership of an ISA Server - 17.Jul.2008 4:46:13 AM   
xpmtb

 

Posts: 2
Joined: 25.Jun.2008
Status: offline 		I have just performed the migration: looks ok.

(in reply to xpmtb)
Post #: 5
RE: Change domain membership of an ISA Server - 17.Jul.2008 7:41:57 AM   
paulo.oliveira

 

Posts: 768
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

thanks for the follow up! And please let us know if there some problems.
Maybe I have to do it too.

Regards,
Paulo Oliveira.

(in reply to xpmtb)
Post #: 6
RE: Change domain membership of an ISA Server - 17.Jul.2008 8:17:47 AM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline 		I've done it many times and never had a problem.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to paulo.oliveira)
Post #: 7
RE: Change domain membership of an ISA Server - 17.Jul.2008 8:27:50 AM   
paulo.oliveira

 

Posts: 768
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

thanks Tom for the feedback.

Regards,
Paulo Oliveira.

(in reply to tshinder)
Post #: 8
RE: Change domain membership of an ISA Server - 21.Jul.2008 1:36:49 PM   
HePa

 

Posts: 135
Joined: 9.May2008
From: Sweden, Gothenburg
Status: offline
quote:

ORIGINAL: tshinder

You have to leave the domain by joining a workgroup, and then join the new domain.

Works well without problems, just make sure you put the ISA firewall in it's own OU that doesn't have the same settings as the other machines in your domain.

HTH,
Tom


I think that Tom refers to GPO's which are applied to OU's(?).
You don't want to apply application server settings onto a ISA server for example. Any way, good that you've solved the problem.

_____________________________

HePa

(in reply to tshinder)
Post #: 9
RE: Change domain membership of an ISA Server - 22.Jul.2008 11:33:32 AM   
tshinder

 

Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Henrik,

That is correct. You don't want GPO settings meant for other machines to interfere with the ISA firewall configuration. You can create your own GPO for the ISA firewall's OU if you like.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to HePa)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Change domain membership of an ISA Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts