RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
- Date: Thu, 19 May 2005 11:07:57 GMT
Hello,
Thanks for your update.
Your understanding is correct that you can add second DC in another subnet
as long as there is router can provide the route. Adding DHCP in
192.168.86.0 subnet to provide DHCP function for 192.168.86.0 scope will be
better than using the original DHCP server in 192.168.82.0 subnet. The
former method can help you reduce the network traffic. You only need to set
their respective subnet in DHCP settings, and then DHCP in that site will
distribute the IP address which is during the specific subnet to that site.
About the questions of how to restrict access to certain websites and
stopping users from being able to download programs and installing them
etc, and is there a facility on the server to stop users from using chat
programs etc, it is not related migration and in order to make the thread
clear and you can get the most efficient and professional support, I
suggest you send these questions separately and post them to the respective
newsgroup as following:
You can use ISA or group policy to restrict access to certain websites, for
more information about ISA, please post the question to ISA newsgroup in
Microsoft.public.isa. For more information about group policy, please post
the question to Microsoft.public.windows.activedirectory.
About Restrict installing program, you may use GPO to achieve, for more,
you post:
Microsoft.public.windows.activedirectory
HTH!
Thanks & Regards
Amanda Wang [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================================
--------------------
>Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
>thread-index: AcVbfdmmDe0ZjEHuRsqw1h19gqHfsg==
>X-WBNR-Posting-Host: 82.68.91.165
>From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
<EAKf9FgWFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
<33CB16CB-6051-407B-A89A-8F6E2F562848@xxxxxxxxxxxxx>
<Buz3fvtWFHA.3928@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
>Date: Wed, 18 May 2005 00:47:33 -0700
>Lines: 328
>Message-ID: <543178A2-6775-4FA5-8C2D-A800976CD7A6@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.migration
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10221
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>Hi Amanda,
>
>Thank you for your very detailed answer. I have installed a new copy of
>win03 on both of the servers which are new. Since our user base is only
35,
>i will recreate the users, computers and most users use a local profile
>anyway.
>
>At present ive setup the two new servers on the same subnet, but i will
need
>to set the second server on a different subnet, so i understand it would
be
>good practice to have on dhcp and dns server for the two sites. The two
>sites are connected via a VPN over an ADSL line.
>
>so how do i go about setting up the second server to be on a subnet
>192.168.86.0 and the first site will remain on 192.168.82.0 and if the
>routers do not provied dhcp, should i setup a separte dhcp for each of the
>sites, my main concern is to reduce the amount of traffice between the
sites.
>
>Not sure if this is relevent here, but how would i go about restricting
>access to certain websites and stoping users from being able to download
>programs and installing them etc, and is there a facility on the server to
>stop users from using chat programs etc.
>
>Thanks for all your help
>
>MO
>
>"Amanda Wang [MSFT]" wrote:
>
>> Hello,
>>
>> Thanks for your update.
>>
>> First, please help me to confirm whether you want to migrate or upgrade
the
>> domain form NT to 2K3.
>>
>> Migration is just as you have created a new 2k3 domain and just migrate
the
>> resources such as user account, computer account, group account, profile
>> and so on from old domain to new domain by using ADMT. Upgrade keeps
the
>> original domain. If the original domain is very complex and there are
many
>> users and computers, we recommend you perform the upgrade process.
>>
>> If you want to migrate, you can refer to the following article to
migrate
>> from NT to 2k3:
>>
>> Migrating from Windows NT Server 4.0 to Windows Server 2003
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-
>> 8de0-19544062a6e6&DisplayLang=en
>>
>> Migrating from Windows NT Server 4.0 to Windows Server 2003
>>
<http://www.microsoft.com/seminar/shared/asp/view.asp?url=/Seminar/en/200303
>> 24TNT1-74/manifest.xml>
>>
>> 326480:How to Use Active Directory Migration Tool Version 2
>> http://support.microsoft.com/?id=326480
>>
>> If you want to upgrade, you can refer to the detailed steps in my
previous
>> post. It is called not in place upgrade. If you use this method to
>> upgrade, it will be safer than in place upgrade because it brings in an
>> additional server.
>>
>> Second, I will ask your questions:
>> 1. You can add 2k3 exchange server into the new 2k3 domain.
>>
>> 2. If you want to migrate and the new 2K3 domain has been created, you
>> cannot add NT BDC or PDC into this domain. However, just as I have
>> mentioned in the previous reply, you can add NT member server into the
2K3
>> domain. Therefore, if you want to add the previous NT PDC into the new
2k3
>> domain, you may need to use the following third-party tool called
UPromote
>> to demote it to member server:
>> http://utools.com/UPromote.asp
>>
>> 3. If you use upgrade, please don't worry about the previous NT PDC
because
>> after promote the 2k3 to a DC, the NT PDC will be demoted to BDC
>> automatically.
>>
>> 4. We suggest you use one DHCP in one site and these two sites should
use
>> the different subnet. DHCP depends if the clients can contact the DHCP
>> server or not; it does not fully depends on which site the DHCP located.
>> For example, if these two sites' clients are in the different subnet and
>> connected by the router. Does the router allow DHCP requirement package
go
>> through? If the router does not, then the clients can obtain IP from
>> different subnet using the different DHCP on that site. In one word, if
>> these clients on two sites are not in one broadcast, they can use the
>> different DHCP in one site.
>>
>> I have searched and found more information about DHCP, please refer to:
>> Dynamic Host Configuration Protocol
>> http://www.microsoft.com/windowsserver2003/technologies/dhcp/default.mspx
>>
>> For further details about DHCP, I suggest that you post the question in
>> microsoft.public.windows.server.networking newsgroup to get the most
>> efficient and professional support on it.
>>
>> 5. Also don't worry about DNS because after performing the
AD-intergrated,
>> AD offers multimaster update and enhanced security. For example, DNS
zones
>> are replicated and synchronized to new domain controllers automatically
>> whenever a new DC is added to an Active Directory domain. In addition,
>> directory replication is faster and more efficient than standard DNS
>> replication. Therefore,
>>
>> Active Directory integration
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
>> rHelp/0efc68a7-04c6-438c-b80b-c5c07e8e4c6e.mspx
>>
>> HTH!
>>
>> Thanks & Regards
>>
>> Amanda Wang [MSFT]
>>
>> Microsoft Online Partner Support
>>
>> Get Secure! - www.microsoft.com/security
>>
>> ====================================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================================
>>
>> --------------------
>> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
>> >thread-index: AcVaKZz7JSF5P3WJThapr/3ZzMoHwg==
>> >X-WBNR-Posting-Host: 82.68.91.165
>> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >References: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
>> <EAKf9FgWFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
>> >Subject: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
>> >Date: Mon, 16 May 2005 08:12:02 -0700
>> >Lines: 179
>> >Message-ID: <33CB16CB-6051-407B-A89A-8F6E2F562848@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.migration
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:10196
>> >X-Tomcat-NG: microsoft.public.windows.server.migration
>> >
>> >Hi Amanda,
>> >
>> >Thanks for your help, but i am doing a fresh install of win 03.
Currently
>> >our two sites use nt4, site one has the pdc and site two has the bdc.
I
>> am
>> >looking to install a dc to include exchange 03 at site one and a dc in
>> site
>> >two, keeping the domain in mixed mode, so i can join my old nt servers.
>> >
>> >How do i go about setting up the sites and can i install dns and dhcp
on
>> >each of the servers, therefore reducing the amount of traffice via the
>> >ADSL/VPN connection.
>> >
>> >Thank You
>> >
>> >MO
>> >
>> >"Amanda Wang [MSFT]" wrote:
>> >
>> >> Hello,
>> >>
>> >> Thanks for your post.
>> >>
>> >> I understand you want to upgrade NT PDC and BDC to 2k3. If I have
>> >> misunderstood, please feel free to let me know.
>> >>
>> >> Based on my experience, you are right that first upgrade PDC to 2k3
and
>> >> then BDC. Between the sites, we recommend you using AD integrated
DNS.
>> >> This make the Windows 2k3 domain between the two sites maintain a
same
>> DNS
>> >> database. It would perform a synchronization every a period of time.
>> >> Additional, the additional Windows 2k3 DC at the remote site would
have
>> a
>> >> replica AD database with the Windows 2k3 PDC. So all the user and
>> computer
>> >> account information reside in the same AD database.
>> >>
>> >> For your current situation, we highly recommend a "not in place"
upgrade
>> >> path for security purpose.
>> >>
>> >> As a kind reminder, please backup the whole system before you take
any
>> >> action. Also, it is best if you perform the upgrade process during a
>> >> non-business time such as the weekend. :)
>> >>
>> >> Performing a "not in place" upgrade
>> >> ======================
>> >>
>> >> 1.Install NT 4.0 BDC on the new box.
>> >>
>> >> 2.Promote the BDC to the PDC, which demotes the PDC to a BDC.
>> >>
>> >> 3.Do a full backup of the former PDC and remove it from the
>> >> network.
>> >>
>> >> 4.Upgrade the new PDC to Windows Server 2003.
>> >> If you want to expand the boot partition, please refer to the
>> >> following KB:
>> >>
>> >> 325857 How To Expand the Boot Partition During a Windows
Server
>> >> 2003 Upgrade
>> >> http://support.microsoft.com/?id=325857
>> >>
>> >> 5.Use the Windows Server 2003 Active Directory wizard to turn
on
>> >> the Active Directory service. The Active Directory service imports
the
>> >> existing user accounts, groups, and other settings from the PDC.
>> >>
>> >> How to Verify an Active Directory Installation
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;298143
>> >>
>> >> 6.Run for a test period.
>> >>
>> >> 7.If desired you can do a clean installation of Windows
Server
>> 2003
>> >> on the former PDC, and bring it online as an Active Directory domain
>> >> controller.
>> >>
>> >> 8.Transfer all Flexible Single-Master Operation (FSMO) roles
to
>> the
>> >> new Windows Server 2003 domain controller.
>> >>
>> >> 9.Verify all directory information has replicated.
>> >>
>> >> Verify successful replication to a domain controller
>> >>
>> >>
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Opera
>> >> tions/00e7f86b-ccd3-4cb8-9a01-bf747241b500.mspx
>> >>
>> >> 10.Demote the first domain controller to a member server, and
>> >> remove from the domain.
>> >>
>> >> Then perform the same steps above to upgrade the BDC in site 2.
>> Meanwhile,
>> >> I suggest you designate the BDC to be global catalog servers so that
the
>> >> BDC can perform the GC role in site 2. You can designate other
domain
>> >> controllers to be global catalog servers if they are needed. For
more
>> info
>> >> related GC, please refer to:
>> >>
>> >> Domain Controller Roles
>> >>
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechR
>> >> ef/c7ea7ed1-4241-4794-9ce8-471da6a3a727.mspx
>> >>
>> >> I suggest you check the following KB articles to migrate to Win2k3
from
>> NT4:
>> >>
>> >> Migrating Windows NT Server 4.0 Domains to Windows Server 2003 Active
>> >> Directory
>> >>
>>
http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4domt
>> >> oad.mspx
>> >>
>> >> Upgrading from Windows NT Server 4.0 to Windows Server 2003
>> >>
>>
http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/nt4/nt4tows
>> >> 03-2.mspx
>> >>
>> >> About your concern of that after having setup the first DC on a new
>> server,
>> >> how do you then join the second DC and NT servers to the domain,
please
>> >> don't worry about it.
>> >>
>> >> You can join the second DC just as add an additional server in domain
as
>> >> following:
>> >>
>> >> Create an additional domain controller
>> >>
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
>> >> rHelp/4aae5014-fbce-42dc-b5f7-e1dde3072f38.mspx
>> >>
>> >> You can add NT servers to win2k3 domain. However, we do not
recommend
>> you
>> >> doing so because there are many functions and GPOs in win2k3 domain
>> cannot
>> >> be used and applied on them.
>> >>
>> >> HTH!
>> >>
>> >> Thanks & Regards
>> >>
>> >> Amanda Wang [MSFT]
>> >>
>> >> Microsoft Online Partner Support
>> >>
>> >> Get Secure! - www.microsoft.com/security
>> >>
>> >> ====================================================================
>> >>
>> >> When responding to posts, please "Reply to Group" via your newsreader
so
>> >> that others may learn and benefit from your issue.
>> >>
>> >> =====================================================================
>> >>
>> >> --------------------
>> >> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
>> >> >thread-index: AcVXjZP9GqjW4ywjSLiGDyaoZwEM7w==
>> >> >X-WBNR-Posting-Host: 82.68.91.165
>> >> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >> >Subject: 2 x DC, 2 sites and NT4 servers same domain HELP
>> >> >Date: Fri, 13 May 2005 00:30:03 -0700
>> >> >Lines: 15
>> >> >Message-ID: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
>> >> >MIME-Version: 1.0
>> >> >Content-Type: text/plain;
>> >> > charset="Utf-8"
>> >> >Content-Transfer-Encoding: 7bit
>> >> >X-Newsreader: Microsoft CDO for Windows 2000
>> >> >Content-Class: urn:content-classes:message
>> >> >Importance: normal
>> >> >Priority: normal
>> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >> >Newsgroups: microsoft.public.windows.server.migration
>> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >> >Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >> >Xref: TK2MSFTNGXA01.phx.gbl
>> microsoft.public.windows.server.migration:10157
>> >> >X-Tomcat-NG: microsoft.public.windows.server.migration
>> >> >
>> >> >Hi,
>> >> >
>
.
- Follow-Ups:
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- References:
- 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- 2 x DC, 2 sites and NT4 servers same domain HELP
- Prev by Date: Re: Migrating Windows 2000 domain to Windows 2003
- Next by Date: Re: Real simple NT to Server 2003 replacement
- Previous by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Next by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Index(es):
Relevant Pages
|
