Help... moving from workgroup to domain

A

Atherton213

[H]ard|Gawd
Joined
Dec 21, 2004
Messages
1,863
ok... ive got the basic networking skills and the company i worked for asked if i could find out and then set up a domain... roaming profiles and such... we have server 2003... if someone could point me in the right direction... company is about 25 people... so its not a huge job... but ive never really done domain stuff... so please help... :D
 
Time to invest in a server 2k3 book. It will not be a waste of money (try and find one specifically referencing sp1).
 
you should get Sams teach yourself windows server 2003 in 24 hours http://www.amazon.com/gp/product/06...281279/ref=sr_1_1/002-7391023-5721648?ie=UTF8

i recently finished reading it and it covers everything you need to setup a domain with windows server 2003 and all the stuff you would need to do.

really good book, now that i know the basics i just got the Mastering windows server 2003 wich is 1600 something pages
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
atherton213 said:
ok... ive got the basic networking skills and the company i worked for asked if i could find out and then set up a domain... roaming profiles and such... we have server 2003... if someone could point me in the right direction... company is about 25 people... so its not a huge job... but ive never really done domain stuff... so please help... :D
Click to expand...

The company should spring for a professional to do the job. Nothing is worse than trying to learn it as you go. Quite frankly there are alot of things you need to consider before deployment that a book simply will not teach you.

Ask the professional if they can help you learn in the process, but you shouldn't take this on your own. Many things can go wrong with a couple mis settings that will take you days to figure out yourself or by using online forums.

YeOldeStonecat said:
<==not a fan of roaming profiles though....
Click to expand...

No? Gee.. i have the exact opposite, in the networks I have deployed roaming profiles, everyone loves that capability.
 
SJConsultant said:
No? Gee.. i have the exact opposite, in the networks I have deployed roaming profiles, everyone loves that capability.
Click to expand...

I like roaming profiles because at very least it is a backup of the users settings. I've seen too many users save crap to the desktop as well. The big problem with roaming profiles is that it really helps to have the same apps loaded on all the machines. I've had a few calls where people couldn't figure out why something wouldn't work when it wasn't installed on the machine they went too.

To the OP. Why do they already have server2k3 if they are not using a domain. If they have a production server in place already and want you to make it a domain controller walk away now and get a pro to do it. If they have a server that they are getting in you can prob do it with a book and some time playing around with it. Also setup can vary depending on what version of server you are running. I found out the hard way that sbs really wants you to use the wizards to set it up(which work well)
 
SJConsultant said:
No? Gee.. i have the exact opposite, in the networks I have deployed roaming profiles, everyone loves that capability.
Click to expand...

In a controlled setup..where you've built the machines, they're all pretty much the same OS, same software installed...it's good. But in a lot of setups I come into...you have all sorts of different PCs..different video cards, different versions of Orifice, different versions of Windows even, tons of different littls apps. So you end up with ooldes of broken icons in quicklaunch, on the desktop, blah blah.

I tend to have clients where people don't roam either..they all have their desk, their PC..they dont' like anyone else near it anyways.

The way I setup my networks..My Docs are redirected to a users folder on the server, and Outlook is either Exchange..or the PST resides on that folder on the server too...so stuff is backed up.

Can certain see circumstances where it's an advantage though. Just..as long as I was in control of it from the get-go.
 
yeah for us roaming profiles will be good because we have all the same machines with the same software one all of them but not everyone has their own desk... and there is a few people that will "roam" between computers... plus what the company does i work for does is scans digital backups of government documents deeds, mortgages, such and such... so it will also benifit in that they can log in at a scanner station... scan all therer stuff... then log in at any verify/rename station and still have all those files... thanks for the info.... ill pick up that book one day next week... read it and talk to my company
 
swatbat said:
I like roaming profiles because at very least it is a backup of the users settings. I've seen too many users save crap to the desktop as well. The big problem with roaming profiles is that it really helps to have the same apps loaded on all the machines. I've had a few calls where people couldn't figure out why something wouldn't work when it wasn't installed on the machine they went too.

To the OP. Why do they already have server2k3 if they are not using a domain. If they have a production server in place already and want you to make it a domain controller walk away now and get a pro to do it. If they have a server that they are getting in you can prob do it with a book and some time playing around with it. Also setup can vary depending on what version of server you are running. I found out the hard way that sbs really wants you to use the wizards to set it up(which work well)
Click to expand...


they have a dell server that came with 2k3 on it... it is in place right now but its not doing anything except working as a file server.. which even that its not really doing much of... the boss is setting me up with a user account and remote desktop so i can check it out... ill fill everyone in with more details on the server later... if that will maybe help me out
 
Server details are the least of what you should be looking at. At this point if your not even considering the possibility of hiring a professional, my best advice would be to prepare for hours of troubleshooting, stress, unhappy users, and possibly a great deal of lost sleep.

There are business issues, requirements, and downtimeto consider when you do the migration.

Honestly, you absolutely have no idea what your getting into changing that many users to from workgroup to domain. :p

Definitely not a weekend job for one novice person unless you plan on working 48 hours straight. ;)
 
i would have to say that if you only have to move 25 users and if you are moving them all out of the same workstation into the same domain it really should not be that huge of a job even with no knowledge of ad

you should be able to read a book or 2 about ad and plan it out figure out the services that will have to get migrated in with ad the user privledges and then go from there

if i was you i would get a hold of a copy of vmware and 2003 server as well as whatever other operating systems the client computers are and TEST until you figure out what you are doing before even thinking about going live
 
cooltron said:
i would have to say that if you only have to move 25 users and if you are moving them all out of the same workstation into the same domain it really should not be that huge of a job even with no knowledge of ad

you should be able to read a book or 2 about ad and plan it out figure out the services that will have to get migrated in with ad the user privledges and then go from there
Click to expand...

I can't imagine your speaking from experience, otherwise you wouldn't say:

cooltron said:
if i was you i would get a hold of a copy of vmware and 2003 server as well as whatever other operating systems the client computers are and TEST until you figure out what you are doing before even thinking about going live
Click to expand...

Experience tells me this is a job where you need at least one or two days to eval the environment before doing anything else. A clear set of goals and business requirements need to be developed and agreed upon before any timelines can be set.

Changing a production environment from peer to peer to client/server is not a task to be taken lightly and you can't possibly gain any real *business relevant* experience by using vmware.

Yes you might learn how to accomplish certain tasks, but consider what will you do if you run into problems? How will you "roll back" the environment? How do the business goals and requirements change your deployment plan? What timeline must you complete your tasks? How will you allow business to continue if you can't finish in time?

Many more questions come to mind, however a forum isn't a viable method of evaluating, planning, or creating deployment plans.
 
SJConsultant said:
I can't imagine your speaking from experience, otherwise you wouldn't say:



Experience tells me this is a job where you need at least one or two days to eval the environment before doing anything else. A clear set of goals and business requirements need to be developed and agreed upon before any timelines can be set.

Changing a production environment from peer to peer to client/server is not a task to be taken lightly and you can't possibly gain any real *business relevant* experience by using vmware.

Yes you might learn how to accomplish certain tasks, but consider what will you do if you run into problems? How will you "roll back" the environment? How do the business goals and requirements change your deployment plan? What timeline must you complete your tasks? How will you allow business to continue if you can't finish in time?

Many more questions come to mind, however a forum isn't a viable method of evaluating, planning, or creating deployment plans.
Click to expand...


EXACTLY its a really bad idea to test using an os you have never used before doing something you have never used before virtually so you cant mess up the production environment

did your certifications tell you you cant learn anything using vmware

i never once said that you would not need a buisness plan

gg
 
cooltron said:
EXACTLY its a really bad idea to test using an os you have never used before doing something you have never used before virtually so you cant mess up the production environment

did your certifications tell you you cant learn anything using vmware

i never once said that you would not need a buisness plan
Click to expand...

You might want to back off a bit and calm down. Your obvious but ineffectual attempt at trying to attack my credentials is lame.

While it is useful for some things VMware is not a substitute for real world experience. Setting up a network in a controlled environment is one thing, but production networks in small businesses are not typically well controlled.

You completely glossed over the fact that there are other variables involved that can make or break a migration the least of which have anything to do with whether you know how to follow a few steps in a book.

It would help if you learned the difference between a "business plan" and a "contingency plan". Next time you might not show off how little you know about business IT.
 
ok.. i typed a big long post and then net went down and i lost it.... sooo ill do cliff's :mad:

test idea sounds good ill see if i can do that... also will pick up a book
Def not a spur of the moment thing it will be planned
Might be moving office to a bigger location so it could happen in that down time
i have to create a project plan (boss said "learn how to do it.. we will work from there")
so what are pros cons of domain vs workgroup
(roaming profiles are a big pro and one of the main reasons we are going to do this)
 
My advice is this; read as much as you can. If you are not going to get a pro, be prepared to have all sorts of issues, as YeOlde and SJ said, because NOTHING in our line of work ever goes exactly to plan. Just be careful, and if you get stumped, and don't know what to, don't go on, because you might fuck something up really bad.
 
SJConsultant said:
You might want to back off a bit and calm down. Your obvious but ineffectual attempt at trying to attack my credentials is lame.

While it is useful for some things VMware is not a substitute for real world experience. Setting up a network in a controlled environment is one thing, but production networks in small businesses are not typically well controlled.

You completely glossed over the fact that there are other variables involved that can make or break a migration the least of which have anything to do with whether you know how to follow a few steps in a book.

It would help if you learned the difference between a "business plan" and a "contingency plan". Next time you might not show off how little you know about business IT.
Click to expand...

wow i never even mentioned anything in my first post about a "business plan" or a "contingency plan"

First
you bash me about how "A clear set of goals and business requirements need to be developed" i say in my next post "i never once said that you would not need a business plan" because i never did

Second
you bash me saying that i dont know the difference between a " buisness plan" and a "contingency plan" when i never even talked about a contingency plan at all in any of my posts

Finally
you bash me recommending vmware and how it is "not a substitute for real world experience" when all you tell the op is that he should "spring for a professional to do the job"

well he asked for help about what he should do

he has NO experience with active directory as he stated
he just got a server running windows 2003 and has little to no experience with it based on the questions hes asking
he wants to learn what he should do to LEARN

why dont you stop pointing out the obvious that vmware not the "real world"

i would love to hear what you would recommend for him to learn on
all of the "buisness plans" or "contingency plans" in the world are not going to help him learn about how to set this up

which is exactly why i told him to read some books and set up a vmware test environment of what he will be doing so that he can experience some of the pitfalls that he might encounter in a test environment before he even starts to do anything

i cant wait to read your next post and see all the helpful information you have in it for the op
you definitely are 2[H]4Me

back on topic
to the op:

some advantages of a domain:
single seat administration
ie. group policy, and having the users and groups in one location
makes it easier to manage
authentication
allows for the access to network resources through one login
scalability
you can increase the numbers of users and computers very easily

disadvantages:
requires knowledge to set up and maintain
requires servers

and roaming profiles are something that are really on a case by case basis, as swatbat and YeOldeStonecat both said in there posts
 
I really think the OP should listen to SJ about getting a pro to do it. If the server is already in use then yea you don't want the downtime. If you do really want to do it yourself what I would do is prob do a reload on the server if it is sbs because I've seen some weird issues if they are not setup right from the beginning. If it is a normal server copy like std then you can prob get away without doing a reload. Anyway I would read up on it with a book or 2 and on the first weekand setup the server and make sure everyone still can connect how they were connecting right now. If it works ok spend weekand number 2 putting them on the domain and copying the profiles over. Remember this will take a good amount of time. Also are all the machines xp pro, windows 2k, 98 etc that will support domains? We are getting ready to upgrade a customer to a domain and I've spent 1.5 weekands(3 days) preparing the network for a domain server. In my case we had to upgrade everymachine to pro and format 2 machines that had media center on them(media center doesn't upgrade to pro). In the process we found 1 machine with a failing hd, replaced a few and upgraded the ram in pretty much all of them (had 256 ram in p4 systems). We will still need to build the server and setup a domain then when we put it in place take at least a full saturday to move the profiles over and set everyone up with exchange so we can drop the webmail they are using. In the end I would think at least 4 weekands will be used for this but doing it this way we should be able to kill any downtime if everything goes ok.
 
And dont forget that for each of the users, when they log onto the domain, they will get a new profile, with all there previous settings (email, wallpaper, favorites, desktop icons, etc) GONE!

You will have to fix each one of those users , that'll take a bunch of time right there
 
dbwillis said:
And dont forget that for each of the users, when they log onto the domain, they will get a new profile, with all there previous settings (email, wallpaper, favorites, desktop icons, etc) GONE!

You will have to fix each one of those users , that'll take a bunch of time right there
Click to expand...

Yup...these are the things that will bog you down.

Reading a book on how to build a server is easy...
Building a server in some sterile VMWare environment is fun...for the purpose of learning and fiddling.

Stepping out into the real world..to go flip a network that's been in production for a while....and moving them to a new server...even for a seasoned vet, can be a handful.

"This went so easy in my VMWare world" you say as it blows up after attempt after attempt.

*You have existing computers, being used, in questionable states of health. Network settings possibly on the edge of the cliff because of ad/spyware, go to change something on the rig..reboot..and it unravels. DOH...there goes an hour or two nursing this PC back to health.
*You have existing mail POP3 mail accounts...do you have all the documentation? Is it 100% accurate? Or stale? Hopefully you have a root/admin account for their virtual mail host...so you can log in and manage users mailboxes. Because you're almost guaranteed to have a few stumbles here.
*Before flipping a peer to peer, or any network, to a new server, I need to know that all existing PCs are fully up to date with windows updates, and clean from viruses. I'm not going to plop down a new server I built into an infested network..and try to deal with it later.
*Speaking of antivirus, now's the time to introduce a centrally managed business grade AV product..like NOD32 Enterprise Edition, or Kapersky Business suite.
*You have all sorts of unknowns all over the place because it's an existing networks that's become habit for these people of the years. Odd shared printer nuances, so-and-so shared their folder to so-and-so, and soso-and-soso shared their folder to those other 3 upstairs, and..and....
*The users are used to their environment..and it's a big change moving them from peer to peer, to a domain environment. It's a steep learning curve for the clients....who are historically resistant to change.
 
Cooltron,

It is obvious you feel as though I am bashing or attacking you when that is not the case. You are taking things way too personally when you don't know the difference between constructive criticism and "bashing". I never said learning was bad, nor did I ever say the OP shouldn't try to learn.

Others here have agreed with my assessment of hiring a professional because they KNOW what can go wrong if the migration is not properly planned from beginning on through the end.

Too many times, IT projects like the OPs situation result in a haphazard setup that never works correctly from the beginning. Most times a professional is called in to clean up the problems and it winds up costing the business DOUBLE what it could have cost if it had been done right the first time. Business Owners do not like to spend more money than they have to, they especially get upset when they have to pay for the same thing twice.

Hiring a professional to design, implement, and manage the network is in the business's best interest. Like it or not, in this case the business's best interest takes priority over the OPs opportunity to learn. However the OP could request for the professional to teach him during the process so that the OP can learn how to properly handle things and at least he would have a "backup" person to call in case the OP can't figure out a problem.

If you still feel that I am bashing you or if anyone thinks I'm not contributing to this thread, feel free to report me to the mods to see what they think. ;)
 
dbwillis said:
And dont forget that for each of the users, when they log onto the domain, they will get a new profile, with all there previous settings (email, wallpaper, favorites, desktop icons, etc) GONE!

You will have to fix each one of those users , that'll take a bunch of time right there
Click to expand...

as of right now we have alot of newly formated systems that all the wallpapers are default and most dont have email through the company

i will mention getting someone to do it.. but like i said if we move locations there will be downtime then that all this can happen
 
I like the advise to this point.

Definatly read up on what you are getting into and have a good project plan.

I would suggest that if you are just using a workgroup servers as a file server (and it sounds like it has limited use at the moment) try and get a good workstation to use as a backup. During the migration you may also be able to use it during the migration to keep everyone going until you get all of the systems on the domain. Say moving one department at a time then syncing the data. Also if possible talk with a professional and make arrangements for support or help incase things don't go as planned.

Any time we do an upgrade or major systems change we almost always have a fail back to system or a restore point.
 
This is something that I run into several times a week, someone gets tasked with creating a domain who never have done it or someone who has read a bunch of books then creating a domain. I usually have to come in behind and spend over 24hrs fixing the challenge, where it would have been more cost effective to hire a Pro to come in and design the domain from the ground up. I agree with SJ strongly with this, you will have less downtime, less people being upset with you, blaming you for their not being able to work.
 
I'm with SJC and lone wolf and others who have already said that it is a bad idea to go at this alone. Getting someone in there who is at least comfortable with the fundementals of such an environment and familiar with the technology is going to save you months (and possibly years) of struggle down the road.

I stepped into a company of about 75 users that had been experiencing exponential growth over the prior year and a half (more than 300%). Their usual professional IT guy, a consultant from a firm who handles a lot of different companies with different environments, had already set up the AD, Exchange, and network infrastructure. This was done by someone who has been doing this for years.

However, because the company had been growing at a ridiculous rate, the former guy's setup was woefully insufficient and needed to be brought up to snuff quickly: the backups were over-capacity, network performance was spotty, and there were so many daily fires to put out that it took a full-time person just to mitigate those fires (let alone any other tasks). I originally jumped on as a contractor/consultant, because they needed someone fast and wanted to make sure they were getting a solution, not just another expense. The first month alone saw many changes made, which wound up saving money for them and convincing them that they needed me managing the IT for all three of the sub-companies that are under the main company's banner. That was back in February, and by now they have a better-organized AD structure, the Exchange mailboxes are not on the verge of exploding any more, there is an issue-tracking system in place where there wasn't one previously, and network performance has improved greatly.

I don't say all this to toot my horn, because plenty of other guys could have come in and done the same thing. What I am trying to point out is that I had to walk into a situation that was do-or-die, very similar to what you are attempting to get done with your move to AD, and it wouldn't have been possible had there not been a lot of experience backing up the work I had to do. Like I said, I'm not tooting my horn-- I got a lot of integral assistance from a friend of mine who has even more experience than I do. In the process I learned a lot more than I already knew of the Microsoft systems, and applied what I did know to help the company take more advantage of the systems they had instead of tossing more money into third-party solutions that would have done the same thing. That's quite an accomplishment for a company that is experiencing normal growth, but this company is still growing on an order of between 25-30% every six months. Even now it's sometimes a pain in the ass to manage alone, which is why having friends who are peer professionals (and some have more experience) has made this a lot less painful than it could have been. Counting myself and just two of my friends who have given me help, there has been more than 30 years of collective professional experience put into just this one company's infrastructure (and my experience was the least, to be honest).

What I'm trying to say is that things like this, that are not usually considered important by companies until there are problems, are only able to be held together stably by people who have experience in the real world and training on real situations. Books are definitely helpful, and have given me some ideas that I will be implementing here in the near future, but if I had walked into this situation without the background I've had and the support of other professionals, this whole IT infrastructure (that spans four offices located across the country) would have crashed hard. Never underestimate the value of someone who has seen things like what you are experiencing, because you will likely find that their experience is going to be critical. On the less-doomsday-ish side of things, anyone who comes in after you have moved on will also be highly grateful that things were set up cleanly before they came in. Also, you can make the case later that doing things right the first time put the company on a road to saving more costs later on down the line.

I'm not saying hire a professional to come in and do everything for you, but I'm saying it isn't a bad idea to have a local consultant or contractor come in and help implement the thing from the ground up the right way the first time. It will save you headache later and will actually get the job done faster.
 
Technically all you have to do is type dcpromo at the cmd prompt...

I don't recommend this. Hire someone to do it for your, or go to class...

Say MS Course 2276 and Course 2277.

But even then expect to deal with lots of small frustrations initially, teaching each user how to log in, setting up their profile correctly, etc. etc.

I recommend hiring someone not because you can't do it, of course you can, but this gives the users someone to hate that they will not see every day, and once he is gone you can be the hero that keeps the network running. Instead of the villian that broke it in the first place.

==>Lazn
 
You must log in or register to reply here.
Back
Top