How Do I Edit the Domain Controllers Computer Set?
Many people have wondered how to edit the pre-defined Domain Controllers computer set. I have to admit that I’ve never seen this computer set in any of my ISA firewall deployments and don’t know what the scenario is for when it’s created. Nevertheless, many other people have seen this Computer Set and want to know how to edit it.
Sbmoore from the ISAserver.org message boards has come up with a solution. Check this out:
I called Microsoft Support to resolve this issue. It maybe too late for you but here’s the fix.
PROBLEM: Cannot add domain controllers in the ’Domain Controllers’ Computer set.
CAUSE: Bug with ISA.
RESOLUTION:
Modified the following registry value.
HKLM\Software\Microsoft\Fpc\Storage\Array-Root\Arrays\{GUID}\RuleElements\ComputerSets and found the GUID for the “Domain Controllers” computer set.
Changed the msFPCPredefined from TRUE to FALSE.
You can now edit the "Domain Computers" computer set.
If you look at other pre-defined Computer Sets you will notice the same key exists.
====================
You can find the thread to this post at: http://forums.isaserver.org/m_2002014363/mpage_1/k...021473
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP — ISA Firewalls
Jeroen Landheer Says:
May 1st, 2007 at 5:06 pm
Thanks for the hint
In the Enterprise edition, this can be achieved using ADSI Edit on the configuration storage server.
Connect to the CN=FPC2 partition on :2171 and go to Array-root/CN=/RuleElements/CN=Computersets/CN= {Check the msFPCName attribute’s value to find the domain controllers property} and edit the msFPCPredefined attribute to set this from either “Not defined” or “TRUE” to “FALSE”.
Restart the ISA Management console before making any changes, or you might get the message: “Changes cannot be made to the predefined item”.
Best regards,
Jeroen.
Thomas Shinder Says:
May 3rd, 2007 at 11:39 am
Hi Jeroen,
Thanks! That’s great info.
Tom
alanmara Says:
May 16th, 2007 at 4:21 am
ISA 2004 Enterprise
Go to Start/All Programs/ADAM/ADAM ADSI Edit
Connect to:
connection name: connection
Server name: localhost
Port: 2171
Connect to the following node
Distinguished name (DN) or naming context: CN=FPCConfiguration
Click OK
Expand “CN=FPCConfiguration/CN=Array-Root/CN=Arrays/CN={GUIARRAY}/CN=RuleElements/CN=ComputerSets
Locate the GUI that refers to your DCs
click right-mouse on GUI and then Properties
in the Attribute Editor window locate the object “msFPCPredefined” and set to TRUE
Jim Harrison Says:
June 19th, 2007 at 9:09 am
This is a bad idea and takes you straight into unsupported territory.
Unless you’re directed by PSS (directly or via KB), you should never directly modify ISA storage.
THe correct answer is to create another CS that you can actually manage and manage your DC list there.
Alan Says:
February 5th, 2008 at 4:25 am
Try this, it works on ISA 2004 Array:
ADSIEDIT
Connect to:
Name: Configuration
Connection Point select “Select or type a DN or Naming Context: CN=FPCConfiguration (LEAVE CAPITAL LETTERS ABOVE othewise doesn’t work)
Advanced: set PORT to 2171
Click OK then go to the added connection and navigate to:
–>Configuration (server name)
–>CN=FPCConfiguration
–>CN=Array-Root
–>CN=Arrays
–>CN=GUID
–>Rule Elements
–>ComputerSets
–>CN={320FD4A2-F152-4510……}
Right click on this GUID
Select attribute “msFPCPredefined” and set to “FALSE”
Now open ISA console and you will be able to set Domain Controllers objects