Announcement

Collapse
No announcement yet.

Upgrading of domains – need suggestions plz

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Upgrading of domains – need suggestions plz

    Hello everyone!
    I am a Junior IT admin but my employer is giving me a lot of responsibilities lately and as such I need some help. One of the challenges he gave me is to solve this scenario and propose a better setup. At the moment I have two sites which are geographically close to each other but not so close to be on CAT5 cabling. So there's a fibre link in between and their IP schemas are different. Moreover they are running different AD versions..one is Windows 2008 R2 and the other is the now obsolete Windows 2003.
    The scenario we want is to phase out BOTH ADs and move both sites on the same domain in such a way that if one of the ADs fails it will failover to the other AD. Therefore the sites must have distinguishable ADs but still pertain to the same forest. The users on this server will store their data on a central storage which preferably will be a SAN or something similar.
    What do you guys and dolls suggest for a setup like this? VMWARE, HYPERV, Veeam..?
    Thanks all
    J

  • #2
    I am (easily) confused - you say you want "both sites on the same domain" and also "distinguishable ADs" (which I read as different domains.

    Assuming you have a VPN between sites, IMHO the best way is a single AD domain (don't phase out both existing domains, just move objects from one to the other) with at least one DC in each site. Assuming AD Sites and Services is set up correctly with the right subnets, authentication will prefer a local DC but fail over to a remote one if no local DC replies

    As far as virtualisation goes, personal preference for HyperV but IMHO HV and ESX are equivalent. Veeam is (unless its changed recently) a backup solution
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      So you have 2 forests that you wish to make one??

      Create a new forest, create Sites,Create OU's, migrate users from both forests to the relevant OU's. Is pretty much an high level of what you need to do.

      But of by distinguishable ADs you actually mean child domains then this again is pretty simple. Create top level forest, create a child domain of the top level forest for each site, create OU's, migrate users.

      Option one will look something like this

      Forest Root
      --OU for Site 1
      --OU for Site 2

      Option 2 will look something like this

      Forest Root
      --Child domain 1
      ----OU for users
      ----OU for Computers
      --Child domain 2
      ----OU for users
      ----OU for Computers

      However more information is required to give a suitable answer.

      Agree with Ossian on his comments re virtualisation.

      Comment


      • #4
        Thanks for your prompt feedback.

        Instead of having two distinguishable ADs I thought of installing a new server running ESXi and install a VM running Windows 2012 with ample of RAM on it. For the data we can go for an entry level SAN instead of storing the data on the OS VM. On this Windows 2012 VM I will create a new domain controller with new OUs, users etc so it will be a clean slate with no relations to the old domains but with OUs which clearly indicate to which site they are referring. Then since both sites at present can ping eachother I will then disjoin all hosts from their old domains and join them on this new domain. Users will start using a new username and password, and their old accounts will be a thing of the past. Once all users are on the new domain, we will physically decommission the old servers.

        I just need to know how to make it possible so that if the domain controller fails for some reason, ALL users will keep working seamlessly...this is the part which is a big hurdle to me

        Comment


        • #5
          You will need multiple DCs
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Apologies for being such a newbie...do you mean I shall have two VMs running seperate DCs? can you kindly elaborate how I can accomplish this setup?

            Comment


            • #7
              Yes, you need 2 or more DCs (physical or virtual). This is very standard windows server administration, so I suggest you have a chat to your manager, and ideally get sent on a training course or two.

              An alternative would be to make a single DC highly available, but that would involve clustering of the virtual hosts and would generally be a much more expensive and complex operation than two DCs. With two sites, you will want a DC at each site anyway.
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment

              Working...
              X