(Updated Oct 5, 2010)
I’ve seen a number of questions asking if there was a method you could use to migrate your Windows DirectAccess configuration to a UAG DirectAccess deployment.
The answer to this question is that there is no automated method to do this. However, the manual steps aren’t very difficult. Here’s what you need to do:
That’s all there is to it!
Now you can install UAG on the server that you had configured as the Windows DirectAccess server, or you can install UAG on a completely different server.
Let me know if you run into any issues with your migration from Windows DirectAccess to UAG DirectAccess. If this scenario is popular enough, I’ll put together a Test Lab Guide that demonstrates the process!
(Thanks to Yaniv Naor for the heads up on this)
(Thanks to Pat Telford for the information included in the update)
Tom Shinder firstname.lastname@example.org Microsoft DAIP iX/SCD iX UAG Direct Access/Anywhere Access Group (AAG) The “Edge Man” blog (DA all the time): http://blogs.technet.com/tomshinder/default.aspx Follow me on Twitter: http://twitter.com/tshinder Facebook: http://www.facebook.com/tshinder
...and if you went far enough along in your WIndows DirectAccess deployment that you set up Active Directory subnets corresponding to your previous ISATAP prefix, you should probably remove those IPv6 subnets from AD in teh name of tidiness. If you are not going to re-use them, you might want to revoke the certificates on the server you used for IP-HTTPS and IPsec too.
How are client workstations affected?
If thre a way to leave the existing DA server in place and stand up UAG DA with a different Security Group and the new GPOs then move the computers from the old group into the new so they can pull gpupdate over directaccess and transfer to the new UAG server?
I am looking for a way to get existing DA clients to use a new UAG server on a new IP / Internet connection without needing them to bring their laptops in to the office.