Duplicate IAS Server Configurations
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When you deploy more than one IAS server to provide the same authentication, authorization, and accounting service to RADIUS clients and proxies, you must copy the configuration of one IAS server computer to the other IAS servers. To duplicate the configuration of one IAS server to multiple IAS servers, use the IAS snap-in. This duplication method is useful when the number of configuration changes is small or if you are duplicating the configuration to only a few IAS servers. You can use the snap-in to manage both local and remote IAS servers. If you make a configuration change to one IAS server, you must make the same configuration change to all of the IAS servers that provide the same service.
To duplicate one IAS server configuration when there are a large number of configuration changes or a larger number of IAS servers, you can copy the configuration of one IAS server to another IAS server in the following way:
Make configuration changes on the primary IAS server.
On the primary IAS server, use the netsh aaaa dump command to export the configuration of one IAS server to a Netsh script file. The dump command displays the configuration of the IAS database file (Ias.mdb) as a Netsh command script that you can use to duplicate the configuration of the server on which the command is executed. The Netsh command script contains the configuration of the IAS server, including the registry keys and database file (Ias.mdb), in a compressed text format as a large data block. This large data block is used by the set config command within the script to import the configuration of a saved data block into an existing IAS database on the same or another computer, which you can perform by using the netsh exec command. To save the Netsh command script to a file, type: netsh aaaa show config >Path\File.txt
On the target computers, use the netsh exec command to import the primary IAS server configuration to the other IAS servers.
By using these two Netsh commands, you can automate the process in a simple batch file or script for multiple IAS servers.
Use this method to manage RADIUS and remote access policy configurations in a large enterprise network.
The netsh aaaa commands also provide a way to export and import individual aspects of the IAS server configuration rather than the entire configuration. For example, you can export and import only the remote access policies, or you can export and import only the RADIUS clients configured on a server.