Announcement

Collapse
No announcement yet.

To Start from new or try and repair

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • To Start from new or try and repair

    Hello:

    I have inherited a mess. we have 2 Domain controllers that were originally setup on a windows 2000 server then migrated to a server 2003 and then migrated to a server 2008. We are now down to approx a total of 11 employees total.

    We have 17 ex employees that are disabled
    Approx 35 computers listed that are not in use
    Folder redirection has ceased to operate
    Internal network slower than you know what.

    My predecessor setup the internal network with a routable ip range.

    So the question is do i try to clean all this up or just start new and redo the whole network.

    i realize that i would have to disconnect all client computers, file server email server from the domain then demote everything. Then reconfigure 2 new domain controllers and rejoin everything back to the new domain. Plus trouble shoot all problems i create.

    So that is my thinking just wondering if anyone has any suggestions and / or comments

  • #2
    IMHO (and other opinions may differ), you would be best to start again
    a) Small environment (10-ish computers/users)
    b) Legacy accumulated c**p
    c) Chance to make all the changes you want

    Blow away one DC and use it to build up the new domain, move the clients, then blow away the other DC once the new one is up and running properly
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      I was pretty sure i was leaning the right way - thank you

      Comment


      • #4
        Okay now that i am no longer sick and holidays are out of the way i would like some more advice on this matter.

        what would be the easiest and proper way to do the following:

        I want to create a new domain and domain IP range is changing

        so i would create a new DC and File server.
        setup the DC with active directory, DNS, DHCP (add scopes) folder redirection add users

        then would disconnect each user individually and move them over to the new domain individually one at a time along with their files eventually exiting old domain completely.

        Where i lack the skill is moving the files from oldfileserver olddomain to newfileserver newdomain and keeping the shares and permissions correct.

        advice most welcomed at the moment

        Comment


        • #5
          Use robocopy for your files transfer. This is typically what i would use if i were transferring files from one server to another.

          I'll try and find the exact command but its not very difficult to get.

          Comment


          • #6
            "My predecessor setup the internal network with a routable ip range." - There's nothing inherently wrong with that. You're no less secure than if you use RFC 1918 addresses internally. Securing the internal network from the internet is a function of your firewall, not your ip address space.

            Comment


            • #7
              Okay Question is i have 2 domain controllers running now. As you have read up top that i am going completely new for everything do i have to transfer FSMO and Global Catalog or can i just create a new DC and point to one of the existing DC and enter new Group policy , users etc.then once everything is created i can then point DHCP to the new DC Server. then i should only have to copy the shares from the registry of old DC and import into new DC and robocopy fileserver to new server

              Comment


              • #8
                I would do the latter - create a whole new AD forest
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  thank you for the response

                  just to make sure I understand - would it be easier if I just basically disconnected all client computers from the domain turned off domain controllers

                  Created a new AD Forest named exactly like the other one was including domain name
                  then created a new domain controller install Active directory, DNS, DHCP and promote to a DC then add the 11 users back into the domain and rejoin all client computers to the domain. Copy the shares registry key from old domain Controller and insert it on new Domain controller.

                  The only thing that i am really leery about is the fileserver disconnect from the original domain and then rejoin to the new domain what is going to happen to the NTFS permission

                  Does this sound right

                  Comment


                  • #10
                    Essentially yes - it is called a Swing Migration
                    You would need to re-set up permissions on the file server (and check for any encrypted files, decrypting them before the switch)

                    Note this is a chance to review your environment and redesign it - don't just duplicate the old one
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment

                    Working...
                    X