No announcement yet.

Linux Retirement.... moving forward with our AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Retirement.... moving forward with our AD

    Hello All

    You will have to bear with me on this one.....

    It would be great to get some expertise feedback on a problem which I have been tasked to help resolve..... Dont worry i wont be doing this myself. I will have colleagues and probably lots of external support to assist.

    I work for a worldwide organisation where the HQ is based in the UK. Our environment is 4 offices with our servers hosted in an external UK data center where we have a total of 5 AD controllers, 3 on the internal network and 2 in a DMZ which is purely to support our exchange environment which is in the cloud plus 500+ servers hosting a variety of applications and services, majority of these services are presented via Citrix as end users have a mixture of desktop pcs, laptops and thin client technology.

    All DCs are windows 2003 r2 apart from 1 DC which is on 2008 r2. All fsmo roles are on a 2003 server. The domain in the UK is the forest root domain. We have a single domain in single forest however there are many forest trusts to other domains to support our other countries. These are a mixture of external/forest and transititve and non transitive. The UK side also have other trusts with older legacy domains currently still in place to support legacy custom built applications, one being on Windows NT!!! And a Linux LDAP domain.

    The problem I have been given is to retire our Linux ldap infrastructure which also currently does dns and dhcp at the local office level as well as at the data center. Also upgrade our active directory structure as well as having windows DNS and DHCP to replace the Linux equivalents. We do have Windows DNS servers, however these are forwarded to our main DNS servers which are hosted on Linux at the top of the internal DNS tree, DHCP is fully managed on Linux and we even have a WINS server to make it hugely complicated, so if the DNS servers cannot resolve, we still have WINS which will do name resolution. WINS should have purely been used for legacy applications but i see evidence of newer applications still having a reliance on it.

    So where do I even begin to tackle this problem? Lol

    would i be worth tackling the upgrade of the existing 2003 AD environement first or tackling dns/dhcp at data center and office level first?

    Looking forward to the responses on this one....

    Many thanks