I know its not actually a 'lot of work" - but it sounds like a "lot of work" just for a VM that I might never use.
IMO - but I am just kinda gutsy like that (maybe a weakness) and I personally would just bring up the new DCs, forestprep, domainprep, move the FSMOS, let it set for a day, and then dcpromo down the old ones.. -----Original Message----- From: Charlie Kaiser [mailto:[email protected]] Sent: Wednesday, July 08, 2009 6:17 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain ....... Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: Jeremy Anderson [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 5:44 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > I did SMB consulting for a while and it made me CRY. I have > seen everything you guys have mentioned and more. > Anti-Virus? We don't need that, we have a firewall. And the > company I worked for still chose to work with that SMB, > because that SMB actually paid their bills. Basically, for > that customer, and MANY others, we told them their options, > but ended up designing a solution that fit the budget, never > best practices. > > > > And I HATED it. So I left. I went into the corporate world. > I started working for a large dot com that is on the Fortune > 100 list. I said to my self "There is no way these guys > don't get it, this is going to be awesome." Guess what? > They don't get it. Backups - what backups? At least now I > am actually running NTbackups, before I got there AD was not > even being backed up.. Exchange was backed up as a brick. I > fixed that too. Never mind that all 15 storage groups are in > use and each storage group is over 100 Gigs. I cant even > begin to imagine what it would be like to restore it. Weeks > of downtime. > > > > So I am leaving. I am going back to being a consultant. When > I went into my second interview, the owner was talking to me > about how he had to fire one of his largest accounts that > week. Yes, the company fired the client. Why? Because he > made a recommendation about the clients information security, > backups, and the client refuses to take the advice. He > doesn't want the client to come back at him if something bad > happens, and tries to blame his company. Nor does he want to > be in an "I told you so" situation. I am optimistic about > this new job. > > > > The moral of this story is that we can choose our clients > that we do business with, but someone out there will always > take the job. Personally, I hate doing things half assed and > working with clients that always want to half ass it, or run > with no policies, or no AV, or just a Linksys for a firewall > makes me angry. > > > > I personally feel that any company with a semi-realistic > budget can afford a solution that is "best practices". It > takes a good consultant to cater to that customer. The > amount of money we billed that poor schlub for hand removing > viruses and reloading machines could have been spent 5 times > over on a solid AV solution. But my boss liked the billable > hours and never made a graph to show that they spent $800 on > virus removal last month when Symantec cost $400 (I made > those numbers up, but you guys get the idea) . And sometimes > the client just won't listen. And that is when its time to > let the client go. > > > > Offsite backup? Most of the companies I have worked for in > the past go to the bank, get a safe deposit box and have them > take the tapes to the bank with them. Fed-Ex is AlWAYS > there, send the tapes somewhere FED-Ex, even if it's the > owners house. Is Fed-Exing the taps to the owners house the > best idea ever - no. Does it meet the needs of off site DR- > defiantly (and its relativity cheap). Again - risk vs reward. > > > > > > I hope I made some sense there and didn't go to far off on a rant. > > > > > > And back on topic, somewhat, is it just me, or would anyone > else just not want another domain controller existing, but > turned off for 3 or 4 days. In my head I see clients trying > to authenticate against it (its still in DNS) and the other > DCs trying to replicate to it, its not there. To me that > just kinda seems like a bad idea, but maybe I am off base here. > > > > Jeremy > > > > > > From: Ken Schaefer [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 17:13 > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > > > I'm sure a business would appreciate a quick restore of > services. There is no argument there. > > > > Would the business also appreciate it if your laptop was > stolen and potentially sensitive information was in the hands > of someone unscrupulous? We've had consultants literally held > up at gun point and their laptops taken. It does happen. > > > > Cheers > > Ken > > > > ________________________________ > > From: Maglinger, Paul [[email protected]] > Sent: Wednesday, 8 July 2009 10:48 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > IMHO... as long as you disclose what you are doing and why > you are doing it, and if the both you and the customer are > comfortable with it, then I don't see the problem. > Businesses that do have DR in place are savvy enough where > you won't get "blank stares" and will voice any objections at > the disclosure. I think any business would appreciate a > quick restore of services. > > > > ________________________________ > > From: Jake Gardner [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 7:19 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Budget? Most SOHO's don't have $1 set aside for an IT > budget. Just a couple years ago, I had a handful of > customers that were still using NT4! I got them quotes for > server upgrades and very very simple tape backup or > backup-2-ext disk and most of them said no new purchases just fix it. > > > > I had one customer that owed my $1200 and I would keep going > to his office asking for a check, he finally gave me $600 on > a Thursday and on Monday the office was under new management > and said my contract/payment had nothing to do with them. > At least I got half, grrr. > > > > > > > > Thanks, > > > > Jake Gardner > > TTC Network Administrator > > Ext. 246 > > > > > > ________________________________ > > From: Ken Schaefer [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 2:24 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Hi, > > > > Unless you have proper procedures for safegaurding this > stuff, and legals in place, I would do this all on the > customer's premises (or wherever they instruct you to work) > on their equipment. They must have a budget for this > (otherwise how are they paying you?), and it becomes a cost > of part of the project. If someone breaks into their offices > and steals a server, that's not your problem then. > > > > Now, I have a bunch of commercially sensitive stuff on my > laptop (as do most/all of our other consultants). But we have > our risk management in place (e.g. Bitlocker-ed laptops, > Exchange sync policy enforcement for phones, IRM/RMS, policy > documents we have to sign etc), and we have the contractual > stuff in place to indemnify us against customer lawsuits (and > no doubt the necessary insurance cover as well). > > > > Cheers > > Ken > > > > ________________________________ > > From: Erik Goldoff [[email protected]] > Sent: Wednesday, 8 July 2009 3:54 PM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > > > "What happens when you tell the customer you've made a backup > of their whatever and their office burns down a couple days later? " > > > > You're waaaay off base here ... there are too many > theoreticals ... what happens, if during the upgrade, > something goes wrong and the active directory metabase > becomes corrupt... they have no internal backups, I don't > make a copy, and now they cannot login to their network > resources ... I can still be sued for free, and the > probability of that scenario happening is much higher than a > bus running over my laptop. And if their office burns down, > they're gonna need more than the DC image I have, not to > mention that I explicitly state the purpose of the backup > copy I make, 'to recover if the upgrade process goes wrong' > ... period ... > > > > I understand your perspective on the situation, but sorry, it > just won't fly in the real world dealing with SOHO and Small > business sites. Your data center fires is a neat story, but > for Soho and Small business, their 'data center' is usually a > commandeered closet or corner with a collection of servers > ... note that this issue revolves around upgrading from > Windows 2000 ??? Not a technilogically current installation, > no spare server or desktop hardware, nor OS license to spare. > > > > I'm curious as to how you would handle the business > continuity planning for a problem with the upgrade ... > > > Erik Goldoff > > > IT Consultant > > Systems, Networks, & Security > > > > > > ________________________________ > > From: Brian Desmond [mailto:[email protected]] > Sent: Wednesday, July 08, 2009 1:34 AM > To: NT System Admin Issues > Subject: RE: Win2003 DC on Win2000 domain > > Yes pretty much. > > > > Here's another way I'd think of this. What's your liability > insurance got to say about this bonus service? What happens > when you tell the customer you've made a backup of their > whatever and their office burns down a couple days later? > Sure you can just restore that bonus backup except your > laptop got runover by a bus in between the backup and the fire. > > > > A colleague had some wise words for me the first time I did a > gig at a legal services customer - "Just remember, they can > sue you for free." > > > > > > Many customers I deal with, offsite backups consist of tapes > going in these heavy duty metal boxes with locks on them. The > boxes are barcoded or numbered or something and a guy comes > to pick them up, signs for them, and the offsite people > basically guarantee their safety until you sign for them when > they come back. The delivery guy also drops off any locked > tape boxes whose retention policies dictate their return as > they've expired. In the unlikely event of some major crisis, > the offsite people are on the nut to get your box of tapes > somewhere in some prearranged guaranteed time window. > > > > Some customers are also sending stuff live (e.g. replicas on > standby hardware) into a 3rd party datacenter designed for > this sort of fallback plan (e.g. Sungard). They also have > contracts where if their computer room burns down or > something the vendor is on the nut to provide K servers of > approximate configuration Z in location Y within X hours of > notification of the requirement. > > > > These vendors have the kind of capacity and capability to > deal with something like 9/11 or Katrina if the customer has > the action plan to respond. Or perhaps something more simple > like the two datacenter fires this past weekend - Seattle and > Toronto both had high rise carrier hotel fires. One of them, > I forget which, the electrical busing between floors was > completely hosed (literally) from what I heard. > > > > Thanks, > > Brian Desmond > > [email protected] > > > > c - 312.731.3132 > > > > Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ > <http://www.briandesmond.com/ad4/> > > Microsoft MVP - > https://mvp.support.microsoft.com/profile/Brian > <https://mvp.support.microsoft.com/profile/Brian> > > > > > > > > > > ***Teletronics Technology Corporation*** This e-mail is > confidential and may also be privileged.? If you are not the > addressee or authorized by the addressee to receive this > e-mail, you may not disclose, copy, distribute, or use this > e-mail. If you have received this e-mail in error, please > notify the sender immediately by reply e-mail or by telephone > at 267-352-2020 and destroy this message and any copies.? > > Thank you. > > ******************************************************************* > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
