I need information on a new ISA Server 2004 domain installation

I need information on a new ISA Server 2004 domain installation (Full Version)

All Forums >> [ISA Server 2004 General ] >> Installation

Message

wooj -> I need information on a new ISA Server 2004 domain installation (7.May2008 6:20:04 PM)
Our old ISA server 2004 standard edition is on very old hardware and is also not working correctly. On our old isa server we have active directory and dns and it is also a domain controller for our internal network. Active directory is not replicating because it is past its tombstone lifetime on this old server. We would like to totally remove this old server from our network at some point. We have just receieved a brand new server that I was tasked with installing Windows Server 2003 and ISA Server 2004 Standard Edition on to replace the much older and faulting machine. Knowing nothing about ISA Server 2004 I decided to lookup information about its installation and found this website. What I would like to know is if i should remove the old isa server from being a domain controller and just replace NIC settings and isa server policy onto this new machine to just straight out replace it or should I run this new server side by side with the old one. Also I noticed the article on this site about it being a good idea to make ISA server a member of the Domain but not be a Domain controller and was wondering If this new server should be put in its own forest as per the microsoft recommendation http://technet.microsoft.com/en-us/library/cc302501.aspx or if it would not be a problem just making this new server a part of our pre existing domain. I have already installed Windows Server 2003 Standard Edition with Service Pack 2 and ISA Server 2004 Standard Edition with Service Pack 3 and I am now just looking at the proper course of action to deploy this new (and hopefully well functioning) ISA Server

noddles -> RE: I need information on a new ISA Server 2004 domain installation (15.Aug.2008 10:02:16 AM)
Hello, I would like to say that it's not advisable to make your ISA Server a Domain Controller. This is because the ISA is actually your gateway to the internet (World), if a hacker breaks your ISA then he has access to your Internal Domain (which would be very bad for you!!!). So make the ISA a member Server of your domain, so that you can make use of the security facilities in the ISA (Authentication), so make a server the domain controller of your network (which would have everything), then install the ISA on another machine, then join that machine to the domain and make everybody pass thru it to get outside your network (make him your Gateway!!). Now if you are not particullar about using the authentication facilities on the ISA Server, then install the ISA Server and make it a stand-alone server (it own forest), he should still be the gateway for your network, everybody still passes through him. Now, if a hacker breaks your network he'll be lost and not gain access to your real network. Will act like a DMZ. Hope this helps......

Page: [1]