Re: ISA 2000 - role in domain? by Jeff
Jeff
Sat Oct 25 08:56:56 CDT 2003
As Chad said, you didn't by W2K Server with ISA, you bought SBS which
includes ISA in the licensing of SBS. SBS is by definition the root DC in
the domain, so you can't normally make SBS join an existing domain. It's
possible to upgrade your W2K domain to run with an SBS after the fact added,
but you must follow specific steps to accomplish that which are not provided
in the default installation of SBS scripting. Regardless, the licensing of
SBS requires that the ISA be installed on the SBS, and the SBS be the root
of the domain.
If you want to have this SBS added to your domain, and if you are willing to
do so by adding the SBS to the domain and allowing the SBS license
restrictions apply, it means that as Chad indicated, you are limited to 50
users and no trusts. If this is acceptable, you will need to install the SBS
by first installing the hardware using regular W2K Server media. At that
point, you should DCpromo this machine. Once it is a DC, you can then run
the normal SBS setup operations (the wizard opens on screen on the desktop
when you insert the media) which will then transfer root of the domain
operations to the SBS, and allow you to complete the installation of the SBS
normally. You will then have the ability to install ISA, as well as
Exchange, SQL and the other SBS specific product allowed by the license.
Note that the only licensed use of an SBS is with the SBS installed as the
root of the domain, with it's internal license manager and the mechanism of
using Windows media instead will not allow the other product like ISA to be
installed because you won't have proper install keys until the SBS setup is
completed. The method above simply emulates the idea of upgrading the DC of
your choice in an existing W2k Domain and making it the SBS, and root of the
domain in the process. Multiple DCs are allowed, but the SBS needs to be the
root server.
"Chad A Gross [SBS-MVP]" <chad.gross@laytonflower.nospam.com> wrote in
message news:OS$SNBmmDHA.1708@TK2MSFTNGP12.phx.gbl...
> Hi Vladimir -
>
> If you're installing full ISA on a full Win2k(3) server, then yes - you do
> want it as a member server in your domain. However, if you're installing
> SBS to get ISA - SBS cannot be a member server in an existing domain. SBS
> has several requirements, including that it must be a DC, must be the root
> of the AD forest, only allows a single domain, does not allow trusts and
is
> limited to 50 devices (75 users/devices in SBS2k3).
>
> BTW - dcpromo & forestprep are two commands you should never use on an SBS
.
> . . ;^)
>
> --
> Chad A Gross [SBS-MVP]
>
> SBS ROCKS!!!
>
>
> Majstor wrote:
> > Hello,
> >
> > Some time ago, I asked on one of these MS newsgroups about ISA
> > firewall box (2 NICs), what role this W2000 server should be to
> > internal W2000 domain (considering that it should be as safe as
> > possible from Internet attacks and any kind of instability), SO I WAS
> > TOLD THAT IT SHOULD HAVE BEEN MEMBER SERVER OF THE INTERNAL DOMAIN.
> > It sounded logical since there is no local administration and no AD
> > changeable.
> > Now, during DCPROMO on W2000 Server SBS 2000 pack (whom ISA belongs
> > to !!!!) I have discovered that MEMBER SERVER is the unavailable
> > option !!!!). That is not logical to me at all.
> > Or my logic is wrong?
> >
> > Thanks and regards,
> > Vladimir
>
>