RE: [ActiveDir] new 2003 domain controller in windows 200 forest.

[joe]

I am going to throw a little monkey wrench at this one. :o)  Mostly because I like harrassing Guido.   Depending on what is meant by this being a DR site, it might be valuable for this to have its own forest and domain. The question is, define the disasters it is supposed to help with. If it is simply physical location disasters, same domain/forest is fine. But if it is to also help with the forest going toes up and you need something people can work in as fast as possible with that time being measured in minutes, then separate forest and domain is something to consider.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, January 31, 2005 5:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] new 2003 domain controller in windows 200 forest. ok - that puts a little different touch to your story.   in this case (esp. as a DR site and on separate HW with physical security in place), you're fine to host a DC in that site.   Yes, you can add it to your 2000 domain and you've already supplied the solution as well: you'll need to prepare the schema of the forest via ADPREP /forestprep and then prepare the domain you'll join the DC to via ADPREP /domainprep. If you have Exchange 2000 first apply the E2k schema fix (read Q314649)    Check here for all the details: http://www.microsoft.com/resources/documentation/windowsserv/2003/all/deployguide/en-us/dssbf_upwn_overview.asp   But definitely don't start a new domain (for which you'd still need to upgrade the schema) - an OU is perfectly fine for your situation.   /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Kraus Sent: Monday, January 31, 2005 10:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] new 2003 domain controller in windows 200 forest. physical security is not an issue. locked computer room only pt admin and manager has access. this office will eventully become a disaster recovery location housing  a bunch of blade servers and replicated disk. The need for a domain controller is like you said -- network connectivity and access- this office supports a few key personel ( money makers !!) so the cost of a few servers a some 2003 licenses and an exchange server is not a big deal speed and relibility are more important.   but i'm still dealing with the question of     1: we are planning to upgrade our headquarters the 2003 in about 3 -4 months. can we setup the new server with 2003 as domain controllers so we won't have to upgrade them later ?     if so anything special we need to do ? IE: forest prep ?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Reijnders Sent: Monday, January 31, 2005 3:50 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] new 2003 domain controller in windows 200 forest. Hi,   I could not agree more with Guido! The security aspect is the most important reason to go for the suggested solution. However, there's one thing to keep in mind in this scenario namely the trustworthiness of your network. If you're not placing a DC in the remote location, network connectivity becomes a must to enable a user to do his/her work. Sure, there's a thing as cached credentials on a client, but logon on to a domain is important for a lot of services.   Cheers! John Reijnders (soon to change his e-mail address into a MSFT one)   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: maandag 31 januari 2005 21:18 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] new 2003 domain controller in windows 200 forest.   definitely give them an OU and I'd also urgently suggest you don't make the machine in that remote office a DC at all => first of all it's not required for 15 folks - you'll need it for other things such as file/print (they should easily be able to authenticate to your main office; assuming NW connectivity - which you'd also need to setup replication...) => secondly, it's much more secure, as you will likely not have much physical security in an office of 15 people and if you're using the one box for everything it's unsecure from a delegation perspective   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Kraus Sent: Monday, January 31, 2005 7:19 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] new 2003 domain controller in windows 200 forest. Hi, we are setting up a remote office if about 15 people that will be linked by a vpn. we are buying new servers that have win2003 on them.     I have a coupe of questions,I hope you would indulge me with your opinions.   1: we are planning to upgrade our headquarters the 2003 in about 3 -4 months. can we setup the new server with 2003 as domain controllers so we won't have to upgrade them later ?     if so anything special we need to do ? IE: forest prep ?   2: We have a raging debate weather  to set  them up as a domain or a org unit in their own site. we have a part time adiminstrator there htat we need to give right to  for day to day admin work.   thanks for your help.     Jeff Kraus   Network Manger NIC Holding Corp. 25 Melville Park Rd Melville NY, 11747 Voice: 631.753.4272 Fax:    631.753.4305       This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.