Question

Locked

Deploying a Windows Server 2003 Domain

By PMMC SA ·
I am working on a project to upgrade our infrastructure. I currently have a Windows 2000 domain with relatively old DCs. I plan to get two new identical servers and make them both DCs so that one can take over if the other fails. I am planning on creating the domain from scratch because we will also be implementing a new file server and structure. I do not want to bring the old security groups and users to the new domain because they will not apply to the new file structure and they are already unorganized and need to be redone.

My main questions are: what is the best way to migrate to the new domain and file server? and can the new domain that I create have the same domain name as the current one and be on the same subnet without causing conflicts?

My current plan for migrating to the new file server and DCs is to create the new file structure on an existing server that has space, purchase the file server and move the new file structure to the new file server. I would then purchase the DCs, set them up, create the security for the new file structure, remove all computers from the old domain and join them to the new domain.

I am trying to come up with the best method of implementing this to save rework. I also need to work around not being able to purchase too much hardware at the same time.

Thank you

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Well the main thing first

by OH Smeg In reply to Deploying a Windows Serve ...

Talk to Accounting and see what you have in your budget. If you don't have enough stick with what you've got as it works.

As for Migrating from a W2K Server to a W2003 unit you need to follow these directions

http://tinyurl.com/2bvzqv

While redundancy is great it's also expensive and if the company doesn't have th money you can not do the change but if you proceed you'll need to promote the 2003 Server to DC and demote the old server and so on till you have the migration complete.

Col

Collapse -

don't see the question...

by CG IT In reply to Deploying a Windows Serve ...

not to be critical but this is what you said,

I am planning on creating the domain from scratch because we will also be implementing a new file server and structure. I do not want to bring the old security groups and users to the new domain because they will not apply to the new file structure and they are already unorganized and need to be redone.


I do not want to bring the old security groups and users to the new domain because they will not apply to the new file structure and they are already unorganized and need to be redone.

My main questions are: what is the best way to migrate to the new domain and file server

you've already answered your own question.

your creating a new domain from scratch with new security groups, new user accounts, new file system etc so there isn't any migration involved. your not bringing in anything from the old domain except you want to keep the same domain name.

Collapse -

Clarification

by PMMC SA In reply to don't see the question...

I guess it was kind of an opinion question. What makes the most sense? Do I start fresh by making a new clean AD setup, remove everyone from the old domain and join them to the new one? Or do I migrate the existing setup to the new hardware (upgrading the domain to 2003) and then clean AD up afterwards?

The users will be the same. Only the security groups, resources, and some of the GPOs will be changing. Even them some will still apply.

My other major question was about duplicate domain names. Can two domains with the same name be on the same subnet without there being conflicts or problems?

Collapse -

what's wrong with the security groups?

by CG IT In reply to Clarification

if someone went hog wild and created a ton of security groups [global groups] for NTFS permissions, you don't necessarily have to scrap the entire setup.There would be work in having departments specify what their file/folder security needs are, then create global groups, assign permissions, test it, move users around but if you start from scratch you'll do this anyways.

Same with GPOs. you can always unlink/disable GPOs so they don't apply, create the ones you want, apply them where needed, get rid of the ones not needed. This is also true with OU structure. If someone messed this up, you can always create the structure you want, then get rid of the OUs you don't need.

you can have 2 domains with the same Domain name on the same subnet. physical networking and addressing doesn't apply to domains. [exception is DNS].

What you can't do is have the same NetBIOS name, server name [can't be 2 servers named server],and ip address. This is true no matter what and also true if you are going to migrate user accounts using ADMT. you can have users log on to both domains if they exist on the same network, as long as the server name,NetBIOS name and IP address are different.

Redoing folder and file structure doesn't effect Active Directory. Files/folders in AD are objects, as is user accounts, security groups, OUs and the lot. Though moving around OUs [changing OU structure] isn't advised if it's the structure you implemented, AD doesn't care. GPOs care and getting GPOs to work right cares, moving around users in security groups, the security groups don't care, so don't see what the problem is there either.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums