[Firewall Policy] Add Active Directory uses - 16.Mar.2005 6:12:00 PM
i think my question is rather simple, but i looked it up in T. Shinder's Book and google, but couldn't find the answer anywhere, perhaps because it's too simple ..
I want to add a firewall policy rule, and apply it for students. There is an OU in the active directory with all the students in it.
I made my ISA server part of the domain, and i'm loggin in using domain administrator credentials. But when i create a firewall policy and i want to add users, and i choose 'location', i can see 'whole active directory' and the name of our active directory, with a '+' on the left of it to fold it out, but when i click it, it disappears, and i can't see any users or groups. When i manually type in a username (e.g. administrator) it gives an error and says it couldn't be found.
When i make my ISA server backup domain controller i can see al the users and groups in the windows 2003 active directory users and groupes MMC, but still can't find them in ISA Server 2004.
What am i doing wrong (could it be something with DNS ? when i ping mainserver.ourdomain.local, i get a response ..)
thank you very much in advance (i've been trying all different kinds of things, but nothing seems to work)
Not only errors in the event viewer but is AD replication occuring between the GC and the DC you are using?
Take a look at the post RPC Failing in this forum for my answer to an AD replication problem I was having. Essentially, ISA cuts the DC off from the rest of the network so things such as AD replication fail. I solved this by Publishing RPC(All Interfaces) to the internal network. In all I have 13 seperate rules running on an ISA installed DC publishing various services to the internal interface.
I've learned that if you need access to a service then Publish it, if it is just access to a port or suchlike then use an access rule
i've formatted my ISA-server computer and installed a clean windows 2003 server OS and ISA server 2004. I've been checking the lgos, and the error that probably causes my problems is 1030: Windows cannot query for the list of Group Policy objects..
Does anybody have any experience with this error ? I've been searching google the whole day, but no solution was found yet.