RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 May 2005 06:01:01 -0700
Hi Amanda,
Thanks again for your help, with regards to the dhcp and dns on a second
site, i understand i can install dhcp on a different subnet, but would it be
a good idea to install dns on this server too, or should i keep it to only
one dns server for the whole domain?
At present in my test environment i have setup both the servers on the same
subnet, and have created the additional subnet in Sites and Services, of
course i cant do anything with the server as is on the same hub and not
connected via a router. So should i leave the Sites and Services part until
the second server is on the correct subnet and up and running and when what
additional if any changes do i need to make on the dc with will be in site
two with subnet 192.168.86.0 in order for it to communicate with the dc in
192.168.8.0 via the vpn connection.
Thanks again
MO
"Amanda Wang [MSFT]" wrote:
> Hello,
>
> Thanks for your update.
>
> Your understanding is correct that you can add second DC in another subnet
> as long as there is router can provide the route. Adding DHCP in
> 192.168.86.0 subnet to provide DHCP function for 192.168.86.0 scope will be
> better than using the original DHCP server in 192.168.82.0 subnet. The
> former method can help you reduce the network traffic. You only need to set
> their respective subnet in DHCP settings, and then DHCP in that site will
> distribute the IP address which is during the specific subnet to that site.
>
> About the questions of how to restrict access to certain websites and
> stopping users from being able to download programs and installing them
> etc, and is there a facility on the server to stop users from using chat
> programs etc, it is not related migration and in order to make the thread
> clear and you can get the most efficient and professional support, I
> suggest you send these questions separately and post them to the respective
> newsgroup as following:
>
> You can use ISA or group policy to restrict access to certain websites, for
> more information about ISA, please post the question to ISA newsgroup in
> Microsoft.public.isa. For more information about group policy, please post
> the question to Microsoft.public.windows.activedirectory.
>
> About Restrict installing program, you may use GPO to achieve, for more,
> you post:
>
> Microsoft.public.windows.activedirectory
>
> HTH!
>
> Thanks & Regards
>
> Amanda Wang [MSFT]
>
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================================
>
> --------------------
> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
> >thread-index: AcVbfdmmDe0ZjEHuRsqw1h19gqHfsg==
> >X-WBNR-Posting-Host: 82.68.91.165
> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
> <EAKf9FgWFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
> <33CB16CB-6051-407B-A89A-8F6E2F562848@xxxxxxxxxxxxx>
> <Buz3fvtWFHA.3928@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
> >Date: Wed, 18 May 2005 00:47:33 -0700
> >Lines: 328
> >Message-ID: <543178A2-6775-4FA5-8C2D-A800976CD7A6@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.migration
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10221
> >X-Tomcat-NG: microsoft.public.windows.server.migration
> >
> >Hi Amanda,
> >
> >Thank you for your very detailed answer. I have installed a new copy of
> >win03 on both of the servers which are new. Since our user base is only
> 35,
> >i will recreate the users, computers and most users use a local profile
> >anyway.
> >
> >At present ive setup the two new servers on the same subnet, but i will
> need
> >to set the second server on a different subnet, so i understand it would
> be
> >good practice to have on dhcp and dns server for the two sites. The two
> >sites are connected via a VPN over an ADSL line.
> >
> >so how do i go about setting up the second server to be on a subnet
> >192.168.86.0 and the first site will remain on 192.168.82.0 and if the
> >routers do not provied dhcp, should i setup a separte dhcp for each of the
> >sites, my main concern is to reduce the amount of traffice between the
> sites.
> >
> >Not sure if this is relevent here, but how would i go about restricting
> >access to certain websites and stoping users from being able to download
> >programs and installing them etc, and is there a facility on the server to
> >stop users from using chat programs etc.
> >
> >Thanks for all your help
> >
> >MO
> >
> >"Amanda Wang [MSFT]" wrote:
> >
> >> Hello,
> >>
> >> Thanks for your update.
> >>
> >> First, please help me to confirm whether you want to migrate or upgrade
> the
> >> domain form NT to 2K3.
> >>
> >> Migration is just as you have created a new 2k3 domain and just migrate
> the
> >> resources such as user account, computer account, group account, profile
> >> and so on from old domain to new domain by using ADMT. Upgrade keeps
> the
> >> original domain. If the original domain is very complex and there are
> many
> >> users and computers, we recommend you perform the upgrade process.
> >>
> >> If you want to migrate, you can refer to the following article to
> migrate
> >> from NT to 2k3:
> >>
> >> Migrating from Windows NT Server 4.0 to Windows Server 2003
> >>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-
> >> 8de0-19544062a6e6&DisplayLang=en
> >>
> >> Migrating from Windows NT Server 4.0 to Windows Server 2003
> >>
> <http://www.microsoft.com/seminar/shared/asp/view.asp?url=/Seminar/en/200303
> >> 24TNT1-74/manifest.xml>
> >>
> >> 326480:How to Use Active Directory Migration Tool Version 2
> >> http://support.microsoft.com/?id=326480
> >>
> >> If you want to upgrade, you can refer to the detailed steps in my
> previous
> >> post. It is called not in place upgrade. If you use this method to
> >> upgrade, it will be safer than in place upgrade because it brings in an
> >> additional server.
> >>
> >> Second, I will ask your questions:
> >> 1. You can add 2k3 exchange server into the new 2k3 domain.
> >>
> >> 2. If you want to migrate and the new 2K3 domain has been created, you
> >> cannot add NT BDC or PDC into this domain. However, just as I have
> >> mentioned in the previous reply, you can add NT member server into the
> 2K3
> >> domain. Therefore, if you want to add the previous NT PDC into the new
> 2k3
> >> domain, you may need to use the following third-party tool called
> UPromote
> >> to demote it to member server:
> >> http://utools.com/UPromote.asp
> >>
> >> 3. If you use upgrade, please don't worry about the previous NT PDC
> because
> >> after promote the 2k3 to a DC, the NT PDC will be demoted to BDC
> >> automatically.
> >>
> >> 4. We suggest you use one DHCP in one site and these two sites should
> use
> >> the different subnet. DHCP depends if the clients can contact the DHCP
> >> server or not; it does not fully depends on which site the DHCP located.
>
> >> For example, if these two sites' clients are in the different subnet and
> >> connected by the router. Does the router allow DHCP requirement package
> go
> >> through? If the router does not, then the clients can obtain IP from
> >> different subnet using the different DHCP on that site. In one word, if
> >> these clients on two sites are not in one broadcast, they can use the
> >> different DHCP in one site.
> >>
> >> I have searched and found more information about DHCP, please refer to:
> >> Dynamic Host Configuration Protocol
> >> http://www.microsoft.com/windowsserver2003/technologies/dhcp/default.mspx
> >>
> >> For further details about DHCP, I suggest that you post the question in
> >> microsoft.public.windows.server.networking newsgroup to get the most
> >> efficient and professional support on it.
> >>
> >> 5. Also don't worry about DNS because after performing the
> AD-intergrated,
> >> AD offers multimaster update and enhanced security. For example, DNS
> zones
> >> are replicated and synchronized to new domain controllers automatically
> >> whenever a new DC is added to an Active Directory domain. In addition,
> >> directory replication is faster and more efficient than standard DNS
> >> replication. Therefore,
> >>
> >> Active Directory integration
> >>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
> >> rHelp/0efc68a7-04c6-438c-b80b-c5c07e8e4c6e.mspx
> >>
> >> HTH!
> >>
> >> Thanks & Regards
> >>
> >> Amanda Wang [MSFT]
> >>
> >> Microsoft Online Partner Support
> >>
> >> Get Secure! - www.microsoft.com/security
> >>
> >> ====================================================================
> >>
> >> When responding to posts, please "Reply to Group" via your newsreader so
> >> that others may learn and benefit from your issue.
> >>
> >> =====================================================================
> >>
> >> --------------------
> >> >Thread-Topic: 2 x DC, 2 sites and NT4 servers same domain HELP
> >> >thread-index: AcVaKZz7JSF5P3WJThapr/3ZzMoHwg==
> >> >X-WBNR-Posting-Host: 82.68.91.165
> >> >From: =?Utf-8?B?bWFobWFk?= <mahmad@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >> >References: <9B95562D-08AD-4AFD-9445-796D556F198E@xxxxxxxxxxxxx>
> >> <EAKf9FgWFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
> >> >Subject: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
> >> >Date: Mon, 16 May 2005 08:12:02 -0700
> >> >Lines: 179
> >> >Message-ID: <33CB16CB-6051-407B-A89A-8F6E2F562848@xxxxxxxxxxxxx>
> >> >MIME-Version: 1.0
> >> >Content-Type: text/plain;
> >> > charset="Utf-8"
> >> >Content-Transfer-Encoding: 7bit
> >> >X-Newsreader: Microsoft CDO for Windows 2000
> >> >Content-Class: urn:content-classes:message
> >> >Importance: normal
> >> >Priority: normal
> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >> >Newsgroups: microsoft.public.windows.server.migration
> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >> >Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.migration:10196
> >> >X-Tomcat-NG: microsoft.public.windows.server.migration
> >> >
> >> >Hi Amanda,
> >> >
> >> >Thanks for your help, but i am doing a fresh install of win 03.
> Currently
> >> >our two sites use nt4, site one has the pdc and site two has the bdc.
> I
> >> am
> >> >looking to install a dc to include exchange 03 at site one and a dc in
> >> site
> >> >two, keeping the domain in mixed mode, so i can join my old nt servers.
> >> >
> >> >How do i go about setting up the sites and can i install dns and dhcp
> on
> >> >each of the servers, therefore reducing the amount of traffice via the
> >> >ADSL/VPN connection.
> >> >
> >> >Thank You
> >> >
> >> >MO
> >> >
> >> >"Amanda Wang [MSFT]" wrote:
> >> >
> >> >> Hello,
> >> >>
> >> >> Thanks for your post.
> >> >>
> >> >> I understand you want to upgrade NT PDC and BDC to 2k3. If I have
> >> >> misunderstood, please feel free to let me know.
> >> >>
> >> >> Based on my experience, you are right that first upgrade PDC to 2k3
> and
> >> >> then BDC. Between the sites, we recommend you using AD integrated
> DNS.
> >> >> This make the Windows 2k3 domain between the two sites maintain a
> same
> >> DNS
> >> >> database. It would perform a synchronization every a period of time.
> >> >> Additional, the additional Windows 2k3 DC at the remote site would
> have
> >> a
> >> >> replica AD database with the Windows 2k3 PDC. So all the user and
> >> computer
> >> >> account information reside in the same AD database.
> >> >>
> >> >> For your current situation, we highly recommend a "not in place"
> upgrade
> >> >> path for security purpose.
> >> >>
> >> >> As a kind reminder, please backup the whole system before you take
> any
> >> >> action. Also, it is best if you perform the upgrade process during a
> >> >> non-business time such as the weekend. :)
> >> >>
> >> >> Performing a "not in place" upgrade
> >> >> ======================
.
- Follow-Ups:
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- References:
- 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: mahmad
- RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- From: Amanda Wang [MSFT]
- 2 x DC, 2 sites and NT4 servers same domain HELP
- Prev by Date: ADMT and FAT32
- Next by Date: Re: Cannot browse the network after migration
- Previous by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Next by thread: RE: 2 x DC, 2 sites and NT4 servers same domain HELP
- Index(es):
Relevant Pages
|
