Announcement

Collapse
No announcement yet.

Confused about the type of AD installation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Confused about the type of AD installation

    Hello all,

    I have searched before i posted, but could not find anything concrete. I am a new sys admin and i have installed AD in a small environment before, but this is the first time where i have to migrate the whole infrastructure. I redesigned the whole infrastructure, upgraded the physical network from 100vg (yeah we still use it here) to fastethernet and now i have to migrate the old PDC to 2003 AD. Not many accounts here on the PDC so i don't have to use the ADMT tool. I can just recreate them, plus PDC has lots of bugs that i don't want carried over. Since i work for an NGO that has its own network structure, this school that i am upgrading is not on our network. So when i install AD, do i choose first domain in the domain tree or the 3rd option, separate domain in the tree?? Technically this network is not on ours so i would presume that i would choose the first option, but I am confused. At this point we have not decided if we're going to integrate the school network into ours, but if that is decided later, would i be able to change AD domains?

    Sorry for the confusing question...

    thanks in advance.....

  • #2
    Re: Confused about the type of AD installation

    You have the concepts of dommain and forests.
    You say that this new infrastructure should not be part of any existing infrastructure, so i would create a new domain in a new forrest. If in the future a conection is needed between the forests, you can create a trust between the two forests.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: Confused about the type of AD installation

      OK that makes sense, I can always use trust relationship.

      OK so as I initially stated, the old PDC has lots of bugs and I do not want to migrate them over. I do have an HP 2003 rack mount member server added to this NT domain, which I am going to promote to AD and rebuild accounts (only few) and move data over, but I would like to use the same Domain Name. Is there a way to keep the old PDC server up and simultaneously promote this 2003 to AD using the same domain name? This way I can have all the users still work while I build my AD and slowly move faculty over. Will it conflict? Only reason I ask is that I want as seamless migration as possible. I donít want the faculty to have to start screaming at me.

      Thanks in advance.

      Comment


      • #4
        Re: Confused about the type of AD installation

        If you do not want the old domain, then use the third option and create a new domain in a new forest so it will not use the old domain.

        Comment


        • #5
          Re: Confused about the type of AD installation

          Originally posted by howithink View Post
          OK that makes sense, I can always use trust relationship.

          OK so as I initially stated, the old PDC has lots of bugs and I do not want to migrate them over. I do have an HP 2003 rack mount member server added to this NT domain, which I am going to promote to AD and rebuild accounts (only few) and move data over, but I would like to use the same Domain Name. Is there a way to keep the old PDC server up and simultaneously promote this 2003 to AD using the same domain name? This way I can have all the users still work while I build my AD and slowly move faculty over. Will it conflict? Only reason I ask is that I want as seamless migration as possible. I don’t want the faculty to have to start screaming at me.

          Thanks in advance.
          If you want it to be a seamless migration for the users then you would also have to come up with a plan to add the user workstations and servers (if any) to the AD Domain.

          As you are building a completely new AD Domain, you can always have the NT Domain running in parallel and create new accounts for users. To achieve this you should first disjoin the HP Member server from the NT Domain and move it to a workgroup. Then you can promote it as a Domain Controller for your new Domain.

          Regarding using the same Domain Name as the NT Domain, I would strictly advise against it. Microsoft doesnt recommend having a single Label DNS Name for AD Domains. So, for eg. if your current NT Domain is called LEGACYNT, you shouldnt name your new AD Domain as LEGACYNT. You could name it as legacynt.com or legacynt.net etc.

          You can find more information regarding single label domains by clicking on the link below,
          http://support.microsoft.com/default.aspx/kb/300684

          MurTuzA
          Last edited by murtuza_13; 11th March 2008, 13:01. Reason: Added Link to MS Article
          The Never Ending Loop of User Rights
          START
          Q. Why is Windows so insecure?
          A. Because everyone runs as Administrator.
          Q. Why does everyone run as Administrator (even when they know better)?
          A. Because they don't understand security and are afraid they will be prevented from doing things.
          Q. Why don't they understand security?
          A. Because they run as Administrator, bypassing all security.
          LOOP TO START

          Comment

          Working...
          X