none
Multiple DirectAccess Servers RRS feed

  • Question

  • I'm trying to figure out how and if its possible to setup multiple DirectAccess servers for different locations on a single domain with a single forest (stretch forest).  We have multiple sites across the US and don't necessarily want everyone come back to one point.  When trying to setup a second DirectAccess server for testing we found that the it overwrote the group policy that was created by the first DirectAccess server.

    Is there a way so that when it creates the group policy that it doesn't overwrite the existing policy? 

     

    Thanks!

    Wednesday, June 16, 2010 2:37 PM

Answers

  • At this time (as menitoned above) I am pretty sure that you need to apply a modified version of the DA script to AD manually and then assign the respective unique GPOs to different DA client groups.

    I think Tom mentioned distributed deployments within the same forest/domain are currently a little challenging ;)

    The other option is to have some form of site-level IP load balancing solution in front of UAG.  

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Marked as answer by Erez Benari Wednesday, June 16, 2010 11:31 PM
    Wednesday, June 16, 2010 3:59 PM
    Moderator

All replies

  • Not sure its what you want, but in the "deploy group policy" bit you could export the script & modify the policy names before running it. That way you would then have a "UAG_Policy_StateA" and "UAG_Policy_StateB" etc...

    It would make administration harder but i'm not sure how else you would do it?!

    Lets hope someone else has a better idea...

     

    Ben.

    Wednesday, June 16, 2010 2:56 PM
  • At this time (as menitoned above) I am pretty sure that you need to apply a modified version of the DA script to AD manually and then assign the respective unique GPOs to different DA client groups.

    I think Tom mentioned distributed deployments within the same forest/domain are currently a little challenging ;)

    The other option is to have some form of site-level IP load balancing solution in front of UAG.  

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Marked as answer by Erez Benari Wednesday, June 16, 2010 11:31 PM
    Wednesday, June 16, 2010 3:59 PM
    Moderator
  • Hi Joey,

    How would you like to control how users connect to each gateway?

    Would you like to specify a specific group of computers to always use gateway A, and another group always use gateway B?

    Or would you like a way to control it over DNS? (for example, computers from both groups use the same URL to connect, and by controling the public internet DNS, you would forward them to the IP address of the desired gateway)

    Friday, June 18, 2010 2:28 PM