|
-
February 1st, 2005, 11:24 AM
#1
Senior Member
OWA and ISA
Hi, I readed that I must have a native w2k active directory in order to publish and Exchange 2003 OWA using ISA2004 RADIUS authenticated.
I have a 2003 Active directory that is migrated from a 2000 one which was migrated from NT 4.0 one, so I guess I don't have a w2k native directory...
My question is, how I could have a native w2k active directory? Is a complex process? Is there a risk of data loss????
Thank you.
[edit]
I found this but still I don't know what the implications are...
[/edit]
-
February 1st, 2005, 04:35 PM
#2
Senior Member
Hi DerekK!
If I understand it right, you are just fine usin Win2003. But you have to set your AD in Native Mode, compared to Mixed Mode. You set this by going to 'Active Directory Users and Computers', right click on your domain and select 'Raise Domain Functional Level...'.
I guess Exchange 2003 requires at least Win2000 Native Mode, but anything higher will do as well...
It's very simple to switch over to this mode, and the risks aren't that bad. Just takes a click!  As long as you don't have a bunch of old machines, still left running NT4... as BDC's ... ?
Hope that helps?
-
February 1st, 2005, 04:51 PM
#3
Uh Sawper...
It's very simple to switch over to this mode, and the risks aren't that bad. Just takes a click! As long as you don't have a bunch of old machines, still left running NT4... as BDC's ... ?
I don't think so. It's very simple to switch to this mode, making it work is a whole other story.
DerekK You need to do a lot of research on mixed and native mode. Start at TechNet
-
February 1st, 2005, 04:51 PM
#4
Senior Member
Hi SawPer, thank you for your reply!
Actually I've a Windows 2003 domain (only windows 2003 Dc's) with one Exchange 2000 and one Exchange 2003 with member servers 2k and 2k3 and w2k prof/xp prof clients (it's possible still remains some windows98), so Exchange 2003 works in mixed mode  Do you think I can just change it??!!
The things that just take a click are the ones which scare me!!!!!
-
February 1st, 2005, 04:57 PM
#5
Senior Member
Hi dinowuff, thkyou too... I don't have any BDC or NT4... just some windows98 that are not actual using domain infraestrcture except some IMAP4 email accounts in the exchange....
Do you think I should be worried about this change??
-
February 1st, 2005, 07:23 PM
#6
Senior Member
DerekK,
The main difference is that no older Domain Controllers will be able to work in your Domain.
If your older workstations with 98 on them, are not domain members, you can either download a utility to make them part of the Domain, or just leave them like they are, if your are using IMAP to check on email you can do that from anywhere anyway...even from home if it's available through your firewall.
All the Win2000/XP workstations will be fine, and so will all the Win2000/2003 member servers, it only affects the Domain Controllers, not the member servers.
You do get a whole bunch of new features though, you can see more of those if you hit 'Raise Domain Functional Level...' and on next screen hit the 'Help' button...
-
February 2nd, 2005, 09:19 AM
#7
Senior Member
I'm almost conviced to do it.... My two DC are windows 2003 so it should'nt be a problem.... If I finally do it, I'll keep you up to date! (btw, you know what I mean with "up to date" but is that the correct english expression?)
[edit]
I finally did it!! An all seems to be ok.... Thank you!
[/edit]
-
February 2nd, 2005, 04:00 PM
#8
Senior Member
-
February 2nd, 2005, 04:54 PM
#9
Senior Member
Finally I did it! I have publicated through a ISA2004 two web servers (one of them OWA 2003).
This isa server has a public address, is in a DMZ, is not memeber of the domain but authenticates domain users using RADIUS... great!
Now the point is... I use basic auth delegation to authenticate in ISA (which uses RADIUS afterwards to do the domain authentication)... Is there a way to use a custom form to send the authentication to the ISA server? I mean, the only thing you have to do is build the base64 string and send it to somewhere, right?
Thank you again
-
February 2nd, 2005, 09:30 PM
#10
Senior Member
I don't use ISA currently myself, so I'm not sure how it works.
But I did mess with it once, and I got my questions answeres at http://www.isaserver.org
Thomas Shinder, who is responsible for the site, is usually very good and fast in answering questions in his Message Boards.
He has a bunch of good articles and tutorials as well, which may cover your question.
Just in case nobody here knows the answer.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
