Change domain membership of an ISA Server (Full Version)

All Forums >> [ISA 2006 General] >> General



Message

xpmtb -> Change domain membership of an ISA Server (25.Jun.2008 9:59:22 AM)

Hello,

I'm looking for recommendations or feedbacks before changing the domain membership of an ISA Server. The ISA Server is a 2006 Standard Edition. I already read the following article http://blogs.isaserver.org/shinder/2006/05/24/changing-isa-firewall-domain-membership/ . It seems there is no problem with Standard Edition but it is not 100% sure. What's your experience if you already perform one of these operations:

domain -> workgroup
workgroup -> domain
or my case: domain X -> domain Y (different Active Directory forest)

Thanks. 



tshinder -> RE: Change domain membership of an ISA Server (26.Jun.2008 8:46:31 AM)

You have to leave the domain by joining a workgroup, and then join the new domain.

Works well without problems, just make sure you put the ISA firewall in it's own OU that doesn't have the same settings as the other machines in your domain.

HTH,
Tom



paulo.oliveira -> RE: Change domain membership of an ISA Server (26.Jun.2008 2:36:20 PM)

Hi Tom,

why they canīt have the same settings? What kind of settings?

Regards,
Paulo Oliveira.



beldorion -> RE: Change domain membership of an ISA Server (27.Jun.2008 4:36:22 AM)

Hi Paula,
ISA Server is a very specific machine on your Domain and should not be part of an OU which might have some policy applied not corresponding to the security required for an ISA Server.
Olivier



xpmtb -> RE: Change domain membership of an ISA Server (17.Jul.2008 4:46:13 AM)

I have just performed the migration: looks ok.



paulo.oliveira -> RE: Change domain membership of an ISA Server (17.Jul.2008 7:41:57 AM)

Hi,

thanks for the follow up! And please let us know if there some problems.
Maybe I have to do it too. [:D]

Regards,
Paulo Oliveira.



tshinder -> RE: Change domain membership of an ISA Server (17.Jul.2008 8:17:47 AM)

I've done it many times and never had a problem.

Thanks!
Tom



paulo.oliveira -> RE: Change domain membership of an ISA Server (17.Jul.2008 8:27:50 AM)

Hi,

thanks Tom for the feedback.

Regards,
Paulo Oliveira.



HePa -> RE: Change domain membership of an ISA Server (21.Jul.2008 1:36:49 PM)

quote:

ORIGINAL: tshinder

You have to leave the domain by joining a workgroup, and then join the new domain.

Works well without problems, just make sure you put the ISA firewall in it's own OU that doesn't have the same settings as the other machines in your domain.

HTH,
Tom


I think that Tom refers to GPO's which are applied to OU's(?).
You don't want to apply application server settings onto a ISA server for example. Any way, good that you've solved the problem.



tshinder -> RE: Change domain membership of an ISA Server (22.Jul.2008 11:33:32 AM)

Hi Henrik,

That is correct. You don't want GPO settings meant for other machines to interfere with the ISA firewall configuration. You can create your own GPO for the ISA firewall's OU if you like.

Thanks!
Tom



Page: [1]