Re: AD Windows 2003 -- How to Reinstall in small office
From: Enkidu (enkidu_at_xyzcliffpxyz.com)
Date: 03/05/04
- Next message: Chan Ho: "Re: Windows 2000 Server AD Question - Primary and Backup"
- Previous message: Fredrik: "profiles"
- In reply to: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Next in thread: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Reply: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 05 Mar 2004 19:51:37 +1300
On Thu, 4 Mar 2004 12:17:19 +0100, "Sky" <forums@xact-solutions.com>
wrote:
Hi Sky,
I'm quite happy to help out with the answer to your questions but this
is getting a bit looooong! I can understand your need for information
but, really, you'll need to get some education either through
self-teach or classroom. Anyway, please see inline for a few
answers/suggestions.
Cheers,
Cliff
>Dear Cliff (and Scott):
>
>First, both, don't get me wrong: I would GLADLY, give the job back to a
>consultant ;-) ...but "c'est la vie!" and I've got to muddle through it...
>
>And both of you are being great helps. Really. Scott, I'm sorry my first
>comments back were... a little gruff. (I've had some coffee since...)
>
>DNS:
>Internal DNS. Sounds like we've covered the basics here.
>Gateway to External DNS.
>
>That corrects one perception I had: I thought that we were all one big happy
>worldwide DNS structure, just that it had to be Gatewayed to connect them.
>What I think I now understand is that they have little to do with each
>other...The internal DNS handles the names the computers in the office, and
>for addresses beyond that range, gateways to the External DNS server. As for
>the other way around the world cannot query the internal DNS? I mean not
>possible to somehow navigate from home to computer3@my-company.com
>(assuming firewall was off)... Not that I want to do this, but am interested
>in knowing how that half works...
>
Read up about private address ranges. Read up about NAT (Network
address translation. Briefly the only "external" address that is known
is your firewall's external address. The NAT box (gateway) keeps track
of who is talking to who, so is able to direct traffic to external
machines from internal machines. It can also direct traffic from
external machines to internal machines but a) this is a security risk,
and b) you have to specifically tell the NAT box to let the traffic
in. So it *is* possible, but it is complicated. By the way I think you
meant "computer3.my-company.com". The @ makes it an email address.
>
>DHCP:
>The DHCP ... Good to know that setting up in basic mode with no special
>Options setup is ok...
>Question: What services would you, personally, select in an office of 9
>clients of Win2000. Two more on WinXP. Could you list out which ones I
>should see as checked?
>
The DHCP options that are relevant are DNS server IPs and the gateway
IP address.
>
>AD...and NTBackup
>We had an NTBackup tape setup to do a full backup of D:\ (our data drive)
>every week, and an incremental of changes every night.
>We did not have one for C:\ (os & apps).
>I mention this because, when we tried to restore from the tape after our
>crash, the tape reported that it could not restore because it was unable to
>recreate its catalog. We tried everything...but nothing. It succeeded with
>the incrementals (because smaller size?) In the end, we were forced to copy
>from the damaged hard-drive as much as we could get, but we've been left
>with a whole bunch of excel files that are unable to be opened, and if so,
>not saved. Either it's because, the files have SID's on them from clients
>that no longer exist (? is this possible? Can this be cleared?) or simply
>they are damaged. Not sure yet.
>
>I mention this because at this point, we're very scared of NTBackup...didn't
>deliver when we needed to restore...So to use it again, to backup our whole
>server every night...You can understand our hesitation...
>
>But you mentioned that you can check it once in a while. I understand that I
>could restore a backup of D:\ to E:\ to check...but how do you restore an
>Server's C:\ drive to another drive to check it? The files might all be
>there, but...you don't actually know whether they 'work' together? Or did I
>misunderstand? Actually, considering this, if a server crashed, and you
>re-installed the OS, enough to run NTBackup, and restored...would that work?
>Or would there be conflict/ dll hell as you tried to restore one OS onto an
>existing OS?
>
I would suspect that the *tape* had a problem. You can make NTBackup
perform a validity check on what it has recorded, but that adds extra
time to the backup. Also you can restore a couple of files as a test.
Most tape drives need to have a cleaning tape run through them. I have
some tape DAT drives that I clean every week before the weekly backup.
I would not do a full restore as a test. Too time-consuming, too error
prone and you need to involve your live system. I would urge that you
make full backups every night. With a full/incremental system you
multiply the chances of a restore failure. Well, I prefer full backups
myself! A bad tape can be caused by using old tapes, having a dirty
drive or problems with the drive itself. Frequently used tapes stretch
and become unusable. NTBackup doesn't usually have problems.
>
>Now. Assuming that I mention getting another cheap box to the boss, and I
>don't get my head handed back on a spike, what are the steps?
>a) Install new OS.
>b) Install DNS. ? If so, what settings exactly?
You don't *have* to have DNS on all boxes. However it's a good idea!
Set the DNS as secondary to the other DNS. Set the box to use itself
for DNS.
>c) Install DHCP? Is so, what settings?
Only one DHCP!! It's not a good idea to have two DHCP servers on one
network.
>e) Install AD? If so, what settings?
Well, when you run dcpromo you get asked if you want to create a new
Domain (no) or new tree (no). All else is pretty obvious.
>
>f) Anything else that is needs to be done?
>
Should be sweet after that. Some people make all DCs into Global
Catalog servers but that's optional (and opinions differ!) and is part
of the "advanced" course!
>You described my current topology as "root server in the root domain of a
>one domain tree in a single tree forest!"....after that is done, does it
>become "a secondary server in a root domain of a one domain tree in a single
>forest?" (Just to verifying the lingo...)
>
Exactly!
>
>and finally, if server 1 crashes, what's the procedure to switch to server
>2? Vice versa, if server 2 crashes, nothing to do but resinstall, right? Do
>I have to backup both at night? Or just one? And by the way -- doesn't
>backing up all of C:\drive max out your tapes? And put a lot of wear on your
>hard-drives as it opens/reads/saves every single file on your computer every
>night?
>
I understand that you've had a disaster. But they are fairly rare.
Really! However you are right to be prepared, but I'll not go into it
here. It's complicated and depends on your setup. Conceptually you are
right. If one fails restore the failed one. However there are
considerations. Are they both GC servers? What FSMO roles did the
failed one hold? (Look up FSMO! They are roles that each exist on a
single DC in a Domain as opposed to AD itself which is on all DCs)
There is heaps of documentation (which will boggle you at first) on
the Microsoft site and elsewhere.
>
>Again, Scott, and Cliff -- thanks for all your help.
>Sky
>
Your are welcome!
Cheers,
Cliff
- Next message: Chan Ho: "Re: Windows 2000 Server AD Question - Primary and Backup"
- Previous message: Fredrik: "profiles"
- In reply to: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Next in thread: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Reply: Sky: "Re: AD Windows 2003 -- How to Reinstall in small office"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
