RE: FW: RE: Domain Error After Quick Start Guide

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 6 Jul 2004 12:32:34 -0500

Hi Troy,
 
It would work, but what is the scenario in which you would want to
create this type of config? (I know of one, but wondering what you're
thinking of here)
 
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

        -----Original Message-----
        From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] 
        Sent: Tuesday, July 06, 2004 12:23 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] FW: RE: Domain Error After Quick Start Guide
        
        
        http://www.ISAserver.org
        
        Let's review:
         
        Couldn't a one way trust be set up to take care of that issue?
(The eternal question with the assumption that it was not in the same
domain as all the other computers)
        A domain trust is just that, a trust between domains. (True,
extreamly true, and that let's you have access to users, groups, ((AD
objects)) etc.....)
        Are you saying the ISA server is its own domain? (Ah, another
question that needs to assume the system was designed with a workgroup
in mind, because you can not have a domain without AD in W2k)
        Why should it not be? (A question to answer a question, sounds
like my girlfriend's kid...)
        While that can work, why create the extra overhead and work?
(That assumes that having another AD domain to administrate would be
more work than having it in a work group, which is the only other real
option, which would remove all of that wonder features you're about to
bring up.)
        ISA is designed to be a member of an AD domain to obtain the
full use of all of its features.(Which is true, which is why I asked the
first question of why not have a trust between two AD domains)
         
        So, I believe that having 2 seperate domains running active
directory with a trust from the ISA domain to the protected domain so
that the ISA domain can access objects and see that users that are
authenticated would be a good thing.  That also means that running it in
a work group would be a bad thing, since you'd lose so much of the good
features of the software........
         

                -----Original Message-----
                From: John Tolmachoff (Lists)
[mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
                Sent: Tuesday, July 06, 2004 11:20 AM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] RE: Domain Error After Quick Start
Guide
                
                
                http://www.ISAserver.org
                

                While that can work, why create the extra overhead and
work? ISA is designed to be a member of an AD domain to obtain the full
use of all of its features.

                 

                 

Other related posts:

• » FW: RE: Domain Error After Quick Start Guide
• » RE: FW: RE: Domain Error After Quick Start Guide
• » RE: FW: RE: Domain Error After Quick Start Guide
• » RE: FW: RE: Domain Error After Quick Start Guide
• » RE: FW: RE: Domain Error After Quick Start Guide

1. Home
2. isalist
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---