• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Do I need to update the schema?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Do I need to update the schema? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Do I need to update the schema? - 2.Mar.2007 2:02:45 PM   
markwilson

 

Posts: 12
Joined: 2.Mar.2007
Status: offline
I'm in the process of planning an ISA Server 2006 (Standard Edition) implementation; however I'm not clear as to whether this will require an Active Directory schema edit?  I seem to recall that previous versions of ISA Server extended the schema but does 2006 do this?

TIA, Mark
Post #: 1
RE: Do I need to update the schema? - 3.Mar.2007 3:14:46 PM   
Dan Pink

 

Posts: 26
Joined: 11.Jun.2006
Status: offline
I have not come across a visible upgrade to schema in my experience of single standard and enterprise servers. They needn't be members of Windows domains.

(in reply to markwilson)
Post #: 2
RE: Do I need to update the schema? - 3.Mar.2007 8:23:30 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi,
You don;t need to update the schema.To create an additional layer of security, install it in a workgroup or a separate domain.

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to markwilson)
Post #: 3
RE: Do I need to update the schema? - 4.Mar.2007 12:09:38 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

They needn't be members of Windows domains


quote:

To create an additional layer of security, install it in a workgroup or a separate domain.



Woooow , hold your horses guys !!!

Check this first : Debunking the Myth that the ISA Firewall Should Not be a Domain Member


returning to the original poster :

quote:

I seem to recall that previous versions of ISA Server extended the schema but does 2006 do this?

U r correct , the schema was changed with ISA 2000 EE, but starting with ISA 2004 EE and also ISA 2006 EE, there is something called ADAM , Active Dirtectory Application Mode. It is an LDAP compliance directory and runs as a non-operating-system service and it does not require deployment on a domain controller. You might need to check more on this new technology , ADAM .


HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to royh)
Post #: 4
RE: Do I need to update the schema? - 4.Mar.2007 3:56:12 AM   
markwilson

 

Posts: 12
Joined: 2.Mar.2007
Status: offline
Thanks for your responses guys - back in ISA 2004 days I had a chat with Steve Lamb (Microsoft Security evangelist here in the UK) about whether an ISA server should be domain member or not and he didn't seem to have any concerns about it; having said that, I do take on board the point that a standalone server (i.e. not a domain member) could be seen as another layer of security.

The main reason I can see for leaving the ISA Server in a domain is manageability (automatic patching via group policy, etc.).

I know a little bit about ADAM... using it for ISA sounds interesting. I can't really see what the advantage would be though for a single server as there are no AD schema changes to worry about and if I just wanted a local account database I could use the SAM - I guess if I had multiple ISA servers then they could share ADAM for an organisation with a security policy that precluded domain-joined ISA Servers.

Cheers, Mark

< Message edited by markwilson -- 4.Mar.2007 3:57:26 AM >


_____________________________

Mark Wilson
http://www.markwilson.co.uk/blog/

(in reply to elmajdal)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Do I need to update the schema? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts