Announcement

Collapse
No announcement yet.

NT 4 and 2003 DC exists in same network problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NT 4 and 2003 DC exists in same network problem

    My company approves to invest money to migrate NT to 2003 server. We want to switch it to new environment with new domain name and new computer name / username.

    1. Can current NT PDC / BDC server exist with new installed 2003 server DC together w/ different domain name in same network?
    Then we will add current users/computers by department to new domain gradually (ie. add user's pc to new domain)

    2. For the naming of computer name, a newly employed network administrator suggests to use this naming scheme. computer name = deparment name + '-' + ip address.
    e.g. A staff in finance department using a PC with fix Ip 192.168.7.122, then his computer name = FIN-7122, username = FIN7122, email address = [email protected]

    He says that it is easier to locate the computer by MIS.
    But I don't agree with this coz the email address is not user friendly. We have only 150 computers. What naming scheme will be suggested? Pls advise. thanks.
    Last edited by userhk; 7th November 2008, 17:21.

  • #2
    Re: NT 4 and 2003 DC exists in same network problem

    Why not "upgrade" your existing domain to 2003? That way you don't need to split the migration.
    http://www.microsoft.com/windowsserv...4/default.mspx

    As to naming, personally I wouldn't use IP addresses as part of the name. Things would become a pain later on. Most of the time even the best naming conventions are bypassed for speed and it becomes a mess. You can find who logs onto what machine and ping for its IP. DHCP is a better solution than static anyway.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: NT 4 and 2003 DC exists in same network problem

      For #1, yes you can have two domains on the same subnet, no problem. Your machines on the new domain must point to proper DNS etc but other than that it is very straightforward.

      For #2..I don't see that as a good idea. NOT AT ALL. First, it would mean you are not using DHCP. Why would you not use DHCP for 150 workstations?

      Second, locating machines should be done by hostname.

      And third, having usernames in computernames is usually annoying as you have to rename machines all the time when people quit.

      How about finding another naming convention, and pushing bginfo on all the machines so the user has easy access to his IP and hostname when calling for support?

      Also, for the email address, how would a client be able to guess that person's email address? Emails should be related to names only..
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: NT 4 and 2003 DC exists in same network problem

        For #1, coz the previous net admin worker gave random name on network. so we hardly follow them.

        For #2, we also use dhcp but assign fix Ip with mac address coz we don't allow staff to connect network by using unauthorized device such as notebook...and we also restrict users to have internet access.

        For naming scheme, yes, agree. the newly employed net admin worker has strange thought and always strongly use his thought. we will dismiss him later.

        Comment


        • #5
          Re: NT 4 and 2003 DC exists in same network problem

          Originally posted by userhk View Post
          For naming scheme, yes, agree. the newly employed net admin worker has strange thought and always strongly use his thought. we will dismiss him later.
          Make sure you get a curry or two out of him first. And you have to go for lunchtime pints when someone leaves too

          My first university used the machine's MAC address as its hostname. And they renamed the machines whenever they had to replace a network adapter I never did find out if they had a procedure for naming machines with 2 adapters...
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: NT 4 and 2003 DC exists in same network problem

            Originally posted by userhk View Post
            For #1, coz the previous net admin worker gave random name on network. so we hardly follow them.

            For #2, we also use dhcp but assign fix Ip with mac address coz we don't allow staff to connect network by using unauthorized device such as notebook...and we also restrict users to have internet access.

            For naming scheme, yes, agree. the newly employed net admin worker has strange thought and always strongly use his thought. we will dismiss him later.

            Security through "not giving users the power to get an IP automatically so they have to assign one manually" is quite pointless in my opinion.

            Could you not simply use DHCP but lock your switches ? Use port security ! Most managed switches can be set in learning mode so the current MAC can be whitelisted and new ones can be denied. You could also have some ports where it's free for all, for example board rooms where consultants and/or external people can work on their computers. That way you retain convenience and you have even more security than before (people now have to spoof MAC instead of just assign an IP manually).
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: NT 4 and 2003 DC exists in same network problem

              Good suggestions. Filtering by IP address is hideoulsy out of date.
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: NT 4 and 2003 DC exists in same network problem

                Implement nap instead of following your own rule number 2.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: NT 4 and 2003 DC exists in same network problem

                  150 computers and allow 20 computers to have internet access. Any good method without any extra invest costs?

                  Comment


                  • #10
                    Re: NT 4 and 2003 DC exists in same network problem

                    Originally posted by Dumber View Post
                    Implement nap instead of following your own rule number 2.
                    I don't think NAP would be a good investment for that kind of stuff.

                    Sounds a bit overkill..

                    In any case, just make two VLANs, one for the 20 computers who need internet access and one for those who don't, and allow them to talk to each other, and filter it out on your gateway. That should do it for free.
                    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                    Comment


                    • #11
                      Re: NT 4 and 2003 DC exists in same network problem

                      Originally posted by userhk View Post
                      150 computers and allow 20 computers to have internet access. Any good method without any extra invest costs?
                      Setup your firewall to deny access to the WAN except from a certain IP range. Note as above though that filtering based on IP is not a good strategy. You should look into setting up a proxy if you really want to control this.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: NT 4 and 2003 DC exists in same network problem

                        Plenty of free proxy servers (or some that aren't expensive) that can run on an old workstation even.
                        cheers
                        Andy

                        Please read this before you post:


                        Quis custodiet ipsos custodes?

                        Comment


                        • #13
                          Re: NT 4 and 2003 DC exists in same network problem

                          @Gepeto
                          Why would NAP be overkill????
                          I think it's a great way to secure his network to disallow unmanaged computers to the network.
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: NT 4 and 2003 DC exists in same network problem

                            Because he doesn't own anything that can do NAP right now and he said he is looking at a way to do it without investing additional money..
                            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                            Comment


                            • #15
                              Re: NT 4 and 2003 DC exists in same network problem

                              While it is possible to implement some measure of security without spending money, at some point you have to accept that it is inevitable that you are going to have to invest in your infrastructure. Debian and Squid are both free, and can be used to setup a basic proxy. However, the priority should be to protect the network where it most vulnerable to misure, which is at the edge. Managed switches can be very expensive, but there are also some basic models which are available at very reasonable prices.
                              Gareth Howells

                              BSc (Hons), MBCS, MCP, MCDST, ICCE

                              Any advice is given in good faith and without warranty.

                              Please give reputation points if somebody has helped you.

                              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                              Comment

                              Working...
                              X