First bad assumption - don't build your forest structure around ISA - build ISA into the forest structure. Design your AD before you worry about your edge. You can adapt the ISA deployment to that later. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Tuesday, September 27, 2005 16:06 To: [ISAserver.org Discussion List] Subject: [isalist] 2000 to 2004 Possible Upgrade Scenarios with Seperate ISA AD Forest http://www.ISAserver.org Environment: Servers: Windows 2000 SP4 AD: 2000 forest/domain from old NT 4.0 migration ISA: 2000 SP2, separate forest, one and only DC, with trust to other forest Clients: Windows 2000 Pro SP4 & XP SP2 - some with firewall client Goal: Implement new Windows Server 2003 Standard and ISA 2004 Standard Server to replace current without decreasing security posture. Possible implementation scenarios that comes to mind (in no particular order of preference): 1) Install 2004 in its own new 2003 based forest (only one DC would be available hardware-wise), create a trust between production domain (the one users actually log into), mirror the ISA 2000 config, somehow point the clients to the new server, break the old ISA 2000 trust, and kill that forest and server. 2) Add the new 2004 server to the ISA forest, mirror the ISA config, retire the old ISA server, and rename the 2004 server to original. 3) Install 2004 as a member server of the 2000 production domain, somehow point the clients to the new ISA server, retire the old ISA 2000 trust, forest, and server. I hope that I explained everything well enough, as the ISA 2000 server is dying, and tomorrow night may be our only window of opportunity in the next few weeks to perform the upgrade. Thank you! ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.