RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 May 2005 00:47:33 -0700
Hi Amanda,
Thank you for your very detailed answer. I have installed a new copy of
win03 on both of the servers which are new. Since our user base is only 35,
i will recreate the users, computers and most users use a local profile
anyway.
At present ive setup the two new servers on the same subnet, but i will need
to set the second server on a different subnet, so i understand it would be
good practice to have on dhcp and dns server for the two sites. The two
sites are connected via a VPN over an ADSL line.
so how do i go about setting up the second server to be on a subnet
192.168.86.0 and the first site will remain on 192.168.82.0 and if the
routers do not provied dhcp, should i setup a separte dhcp for each of the
sites, my main concern is to reduce the amount of traffice between the sites.
Not sure if this is relevent here, but how would i go about restricting
access to certain websites and stoping users from being able to download
programs and installing them etc, and is there a facility on the server to
stop users from using chat programs etc.
Thanks for all your help
MO
"Amanda Wang [MSFT]" wrote:
> Hello,
>
> Thanks for your update.
>
> First, please help me to confirm whether you want to migrate or upgrade the
> domain form NT to 2K3.
>
> Migration is just as you have created a new 2k3 domain and just migrate the
> resources such as user account, computer account, group account, profile
> and so on from old domain to new domain by using ADMT. Upgrade keeps the
> original domain. If the original domain is very complex and there are many
> users and computers, we recommend you perform the upgrade process.
>
> If you want to migrate, you can refer to the following article to migrate
> from NT to 2k3:
>
> Migrating from Windows NT Server 4.0 to Windows Server 2003
> http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-
> 8de0-19544062a6e6&DisplayLang=en
>
> Migrating from Windows NT Server 4.0 to Windows Server 2003
> <http://www.microsoft.com/seminar/shared/asp/view.asp?url=/Seminar/en/200303
> 24TNT1-74/manifest.xml>
>
> 326480:How to Use Active Directory Migration Tool Version 2
> http://support.microsoft.com/?id=326480
>
> If you want to upgrade, you can refer to the detailed steps in my previous
> post. It is called not in place upgrade. If you use this method to
> upgrade, it will be safer than in place upgrade because it brings in an
> additional server.
>
> Second, I will ask your questions:
> 1. You can add 2k3 exchange server into the new 2k3 domain.
>
> 2. If you want to migrate and the new 2K3 domain has been created, you
> cannot add NT BDC or PDC into this domain. However, just as I have
> mentioned in the previous reply, you can add NT member server into the 2K3
> domain. Therefore, if you want to add the previous NT PDC into the new 2k3
> domain, you may need to use the following third-party tool called UPromote
> to demote it to member server:
> http://utools.com/UPromote.asp
>
> 3. If you use upgrade, please don't worry about the previous NT PDC because
> after promote the 2k3 to a DC, the NT PDC will be demoted to BDC
> automatically.
>
> 4. We suggest you use one DHCP in one site and these two sites should use
> the different subnet. DHCP depends if the clients can contact the DHCP
> server or not; it does not fully depends on which site the DHCP located.
> For example, if these two sites' clients are in the different subnet and
> connected by the router. Does the router allow DHCP requirement package go
> through? If the router does not, then the clients can obtain IP from
> different subnet using the different DHCP on that site. In one word, if
> these clients on two sites are not in one broadcast, they can use the
> different DHCP in one site.
>
> I have searched and found more information about DHCP, please refer to:
> Dynamic Host Configuration Protocol
> http://www.microsoft.com/windowsserver2003/technologies/dhcp/default.mspx
>
> For further details about DHCP, I suggest that you post the question in
> microsoft.public.windows.server.networking newsgroup to get the most
> efficient and professional support on it.
>
> 5. Also don't worry about DNS because after performing the AD-intergrated,
> AD offers multimaster update and enhanced security. For example, DNS zones
> are replicated and synchronized to new domain controllers automatically
> whenever a new DC is added to an Active Directory domain. In addition,
> directory replication is faster and more efficient than standard DNS
> replication. Therefore,
>
> Active Directory integration
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
> rHelp/0efc68a7-04c6-438c-b80b-c5c07e8e4c6e.mspx
>
> HTH!
>
> Thanks & Regards
>
> Amanda Wang [MSFT]
>
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================================
>
> --------------------
> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
> >thread-index: AcVaKZz7JSF5P3WJThapr/3ZzMoHwg==
> >X-WBNR-Posting-Host: 82.68.91.165
> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
> <EAKf9FgWFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
> >Date: Mon, 16 May 2005 08:12:02 -0700
> >Lines: 179
> >Message-ID: <33CB16CB-6051-407B-A89A-8F6E2F562848@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.migration
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10196
> >X-Tomcat-NG: microsoft.public.windows.server.migration
> >
> >Hi Amanda,
> >
> >Thanks for your help, but i am doing a fresh install of win 03. Currently
> >our two sites use nt4, site one has the pdc and site two has the bdc. I
> am
> >looking to install a dc to include exchange 03 at site one and a dc in
> site
> >two, keeping the domain in mixed mode, so i can join my old nt servers.
> >
> >How do i go about setting up the sites and can i install dns and dhcp on
> >each of the servers, therefore reducing the amount of traffice via the
> >ADSL/VPN connection.
> >
> >Thank You
> >
> >MO
> >
> >"Amanda Wang [MSFT]" wrote:
> >
> >> Hello,
> >>
> >> Thanks for your post.
> >>
> >> I understand you want to upgrade NT PDC and BDC to 2k3. If I have
> >> misunderstood, please feel free to let me know.
> >>
> >> Based on my experience, you are right that first upgrade PDC to 2k3 and
> >> then BDC. Between the sites, we recommend you using AD integrated DNS.
> >> This make the Windows 2k3 domain between the two sites maintain a same
> DNS
> >> database. It would perform a synchronization every a period of time.
> >> Additional, the additional Windows 2k3 DC at the remote site would have
> a
> >> replica AD database with the Windows 2k3 PDC. So all the user and
> computer
> >> account information reside in the same AD database.
> >>
> >> For your current situation, we highly recommend a "not in place" upgrade
> >> path for security purpose.
> >>
> >> As a kind reminder, please backup the whole system before you take any
> >> action. Also, it is best if you perform the upgrade process during a
> >> non-business time such as the weekend. :)
> >>
> >> Performing a "not in place" upgrade
> >> ======================
> >>
> >> 1.Install NT 4.0 BDC on the new box.
> >>
> >> 2.Promote the BDC to the PDC, which demotes the PDC to a BDC.
> >>
> >> 3.Do a full backup of the former PDC and remove it from the
> >> network.
> >>
> >> 4.Upgrade the new PDC to Windows Server 2003.
> >> If you want to expand the boot partition, please refer to the
> >> following KB:
> >>
> >> 325857 How To Expand the Boot Partition During a Windows Server
> >> 2003 Upgrade
> >> http://support.microsoft.com/?id=325857
> >>
> >> 5.Use the Windows Server 2003 Active Directory wizard to turn on
> >> the Active Directory service. The Active Directory service imports the
> >> existing user accounts, groups, and other settings from the PDC.
> >>
> >> How to Verify an Active Directory Installation
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;298143
> >>
> >> 6.Run for a test period.
> >>
> >> 7.If desired you can do a clean installation of Windows Server
> 2003
> >> on the former PDC, and bring it online as an Active Directory domain
> >> controller.
> >>
> >> 8.Transfer all Flexible Single-Master Operation (FSMO) roles to
> the
> >> new Windows Server 2003 domain controller.
> >>
> >> 9.Verify all directory information has replicated.
> >>
> >> Verify successful replication to a domain controller
> >>
> >>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Opera
> >> tions/00e7f86b-ccd3-4cb8-9a01-bf747241b500.mspx
> >>
> >> 10.Demote the first domain controller to a member server, and
> >> remove from the domain.
> >>
> >> Then perform the same steps above to upgrade the BDC in site 2.
> Meanwhile,
> >> I suggest you designate the BDC to be global catalog servers so that the
> >> BDC can perform the GC role in site 2. You can designate other domain
> >> controllers to be global catalog servers if they are needed. For more
> info
> >> related GC, please refer to:
> >>
> >> Domain Controller Roles
> >>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechR
> >> ef/c7ea7ed1-4241-4794-9ce8-471da6a3a727.mspx
> >>
> >> I suggest you check the following KB articles to migrate to Win2k3 from
> NT4:
> >>
> >> Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active
> >> Directory
> >>
> http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4domt
> >> oad.mspx
> >>
> >> Upgrading from Windows NT Server 4.0 to Windows Server 2003
> >>
> http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4tows
> >> 03-2.mspx
> >>
> >> About your concern of that after having setup the first DC on a new
> server,
> >> how do you then join the second DC and NT servers to the domain, please
> >> don't worry about it.
> >>
> >> You can join the second DC just as add an additional server in domain as
> >> following:
> >>
> >> Create an additional domain controller
> >>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
> >> rHelp/4aae5014-fbce-42dc-b5f7-e1dde3072f38.mspx
> >>
> >> You can add NT servers to win2k3 domain. However, we do not recommend
> you
> >> doing so because there are many functions and GPOs in win2k3 domain
> cannot
> >> be used and applied on them.
> >>
> >> HTH!
> >>
> >> Thanks & Regards
> >>
> >> Amanda Wang [MSFT]
> >>
> >> Microsoft Online Partner Support
> >>
> >> Get Secure! - www.microsoft.com/security
> >>
> >> ====================================================================
> >>
> >> When responding to posts, please "Reply to Group" via your newsreader so
> >> that others may learn and benefit from your issue.
> >>
> >> =====================================================================
> >>
> >> --------------------
> >> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
> >> >thread-index: AcVXjZP9GqjW4ywjSLiGDyaoZwEM7w==
> >> >X-WBNR-Posting-Host: 82.68.91.165
> >> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >> >Subject: 2 x DC, 2 sites and NT4 servers same domain HELP
> >> >Date: Fri, 13 May 2005 00:30:03 -0700
> >> >Lines: 15
> >> >Message-ID: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
> >> >MIME-Version: 1.0
> >> >Content-Type: text/plain;
> >> > charset="Utf-8"
> >> >Content-Transfer-Encoding: 7bit
> >> >X-Newsreader: Microsoft CDO for Windows 2000
> >> >Content-Class: urn:content-classes:message
> >> >Importance: normal
> >> >Priority: normal
> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >> >Newsgroups: microsoft.public.windows.server.migration
> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >> >Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.migration:10157
> >> >X-Tomcat-NG: microsoft.public.windows.server.migration
> >> >
> >> >Hi,
> >> >
.
- Follow-Ups:
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- References:
- 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- 2 x DC, 2 sites and NT4 servers same domain HELP
- Prev by Date: Re: how can we migrate 2000 to 2003 without rejoin user to new domain
- Next by Date: Re: Cannot browse the network after migration
- Previous by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Next by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Index(es):
Relevant Pages
|
Loading
