Internet Authentication Services?

[mlc9]

I have a Win 2003 Standard server acting as a domain controller. It is also serving up Internet Auth Services / Radius for us for a wireless access point.

I am wanting to demote this server from being a domain controller, and remove all aspects of Active Directory. If I do this, can the server still function in this role of Internet Auth Services for our wireless access point?

 

[Redfox1]

If this is the ONLY DC for a domain, then you might run into some issues... but I'm assuming that it's not...

If there is another DC, you might have to re-authorize the server to have access to the user's RAS settings. You may also need to look at your wireless policy and re-check any group permissions.

Are you using PEAP with a Server side certificate? If so you might export the Private/public keypair as a precaution in case you DO need to re-create the IAS settings/Policy.

I would also look at the netsh commands to backup/export the IAS settings:

http://technet.microsoft.com/en-us/library/cc780683(WS.10).aspx

Think of it like this a DC demotion means the server will stop relying on it's "local" Active Directory service (& user database) to authenticate users and switch back to it's pre-AD promotion local user account database (SAM). The additional services you have on the server do not get uninstalled just because you demoted the server.

I've done 5 demotions so var (2000 Dcs with a BUNCH of services on it) and they continued to function fine for them.

This is my 2 cents... but I'm not an expert.