Agree with best practices, but with personal experience in dealing with consultants, we make them sign a contract/NDA that prohibits them from using any information or disclosing it outside our organization.
On Tue, Jul 7, 2009 at 11:47 AM, Erik Goldoff <[email protected]> wrote: > With all due respect, if they cannot trust a network security engineer > that helps to maintain and improve their security ( have remote access to > firewall and TS ) then they may as well still run on paper. Their internal > security knowledge, as well as any BCP is practically non-existant. > > But from a best practices perspective, you are right. > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > ------------------------------ > *From:* Brian Desmond [mailto:[email protected]] > *Sent:* Tuesday, July 07, 2009 12:28 PM > *To:* NT System Admin Issues > *Subject:* RE: Win2003 DC on Win2000 domain > > *That is pretty scary from a risk management perspective that you’re > walking off with a copy of the customer’s AD.* > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *c - 312.731.3132* > > * * > > *Active Directory, 4th Ed** - http://www.briandesmond.com/ad4/* > > *Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian* > > * * > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Tuesday, July 07, 2009 9:18 AM > *To:* NT System Admin Issues > *Subject:* RE: Win2003 DC on Win2000 domain > > > > Yep, FALLBACK is my concern. I'll be doing most of the work remotely, as > the two new 2003 servers are in place and on the wire. Low level help desk > type will be on site, but as of yet, no spare/temp machine as a 2000 DC ... > ( I normally bring in my laptop with a 2000 server and a 2003 server running > virtually and promote to DC to grab a copy for 'just in case' in the first > few days, but I won't be on site this time ) > > > > once forestprep & domainprep run, it's a one way race to the finish > > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > > > ------------------------------ > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Tuesday, July 07, 2009 10:05 AM > *To:* NT System Admin Issues > *Subject:* Re: Win2003 DC on Win2000 domain > > Agreed. The only difference is since you have Exchange on a DC you might > want to make a 2000 DC on some desktop as a fall back. Once the fall back > is finished with the sync turn it off. Do the domain/forest prep if all go > well put the fall back on the network again let it sync again then turn it > off while bringing up the new DC's. Once all is well and good bring it up > and kill it off. > > > > Jon > > On Tue, Jul 7, 2009 at 9:59 AM, KenM <[email protected]> wrote: > > Why not just install 2003 on the new hardware run dcpromo /forestprep and > /domainprep and run dcpromo on 2003 servers and transfer roles. > > > > > > > > > > On Tue, Jul 7, 2009 at 9:54 AM, Erik Goldoff <[email protected]> wrote: > > Client wants to bring in two new servers ( forklift new hardware ) into > their current Windows 2000 domain, but wants to upgrade Active Directory to > 2003 ... two new servers will ultimately replace two existing 2000 servers > which are File/Print/DC and Exchange/DC > > > > My normally cautious method would be to bring in a temp 2000 box, promote > it to DC in the 2000 domain, move FSMOs to it, then demote existing DCs... > upgrade OS on temp box to 2003, then promote new 2003 servers to DC, moving > FSMOs to one of them. > > > > Question : Is there an unreasonable risk to promoting a 2003 server to DC > on the 2000 domain with 2000 DCs in place when there is no plan ( or license > ) to upgrade the OS on the 2000 boxes to 2003 ? > > > > > > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
