That is pretty scary from a risk management perspective that you're walking off with a copy of the customer's AD.
Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Erik Goldoff [mailto:[email protected]] Sent: Tuesday, July 07, 2009 9:18 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yep, FALLBACK is my concern. I'll be doing most of the work remotely, as the two new 2003 servers are in place and on the wire. Low level help desk type will be on site, but as of yet, no spare/temp machine as a 2000 DC ... ( I normally bring in my laptop with a 2000 server and a 2003 server running virtually and promote to DC to grab a copy for 'just in case' in the first few days, but I won't be on site this time ) once forestprep & domainprep run, it's a one way race to the finish Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Jon Harris [mailto:[email protected]] Sent: Tuesday, July 07, 2009 10:05 AM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain Agreed. The only difference is since you have Exchange on a DC you might want to make a 2000 DC on some desktop as a fall back. Once the fall back is finished with the sync turn it off. Do the domain/forest prep if all go well put the fall back on the network again let it sync again then turn it off while bringing up the new DC's. Once all is well and good bring it up and kill it off. Jon On Tue, Jul 7, 2009 at 9:59 AM, KenM <[email protected]<mailto:[email protected]>> wrote: Why not just install 2003 on the new hardware run dcpromo /forestprep and /domainprep and run dcpromo on 2003 servers and transfer roles. On Tue, Jul 7, 2009 at 9:54 AM, Erik Goldoff <[email protected]<mailto:[email protected]>> wrote: Client wants to bring in two new servers ( forklift new hardware ) into their current Windows 2000 domain, but wants to upgrade Active Directory to 2003 ... two new servers will ultimately replace two existing 2000 servers which are File/Print/DC and Exchange/DC My normally cautious method would be to bring in a temp 2000 box, promote it to DC in the 2000 domain, move FSMOs to it, then demote existing DCs... upgrade OS on temp box to 2003, then promote new 2003 servers to DC, moving FSMOs to one of them. Question : Is there an unreasonable risk to promoting a 2003 server to DC on the 2000 domain with 2000 DCs in place when there is no plan ( or license ) to upgrade the OS on the 2000 boxes to 2003 ? Erik Goldoff IT Consultant Systems, Networks, & Security ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
