B
Bob RJC
[Apologies for the long post - I wish to provide as much
info as possible]
We currently have a W2K AD environment, comprising two AD
Sites (in two different countries) joined by a 256kbps
frame relay link, 4 x DCs in the head office site (40
users), and 2 x DCs in the branch site (30 users). All PCs
run either W2kPro or XP. We also run an Exchange 5.5
server in each site. Our current problem is that our AD
appears to be unstable/corrupted, to the extent that
*sometimes* you cannot get into AD Users & Computers, AD
Sites & Services; replication does not work, etc. We've
also run the various server tools (dcdiag, netdiag, etc)
to try and fix the myriad of problems.
To cut a long story short, the decision has been made
(politically and technically) to build a new AD, and to
recreate (!) user accouts etc (we don't think migrating
will be a good idea since this might bring some of
the 'corruption' to the new AD). Due to the time of year
(Christmas being a busy time, etc), we cannot do too much
to the production environment (which comprises W2K File &
Printer servers, SQL svr, Citrix Server, Exchange).
I am contemplating building a totally new AD (timeframe:
now) in the branch office, acquiring a new server (budget
has been approved), installing and building a W2003 Server
and AD, and an Exchange 2003 server. Because of the small
number of users (30), we will just re-enter user details.
Once the busy period is over (timeframe: after Christmas)
we will look at doing the same "upgrade" (i.e. of OS, AD,
Exchange) in the head office AD environment. In that
scenario, the HO servers will join the new AD that we will
create now. This means that the FSMO roles will be 'based'
on a server in the branch (although I would have preferred
to have this on a server in the HO).
Q1: Under this scenario, will users in this (new) AD
environment (nb. these are the branch users) be able to
access resources in the old AD (i.e. SQL Svr, Citrix are
mission-critical 'systems' which are still residing in the
old AD (nb. this is at HO)).
Q2: Can you suggest something better/less disruptive/more
likely to succeed.
Q3: There are a number of mobile (laptop) users who
normally authenticate via VPN (Firewall-based VPN) to
either/both site. Will the new AD affect these users?
Q4: Any further insights/input will be much appreciated.
Again, sorry for the long post.
TIA...Bob
info as possible]
We currently have a W2K AD environment, comprising two AD
Sites (in two different countries) joined by a 256kbps
frame relay link, 4 x DCs in the head office site (40
users), and 2 x DCs in the branch site (30 users). All PCs
run either W2kPro or XP. We also run an Exchange 5.5
server in each site. Our current problem is that our AD
appears to be unstable/corrupted, to the extent that
*sometimes* you cannot get into AD Users & Computers, AD
Sites & Services; replication does not work, etc. We've
also run the various server tools (dcdiag, netdiag, etc)
to try and fix the myriad of problems.
To cut a long story short, the decision has been made
(politically and technically) to build a new AD, and to
recreate (!) user accouts etc (we don't think migrating
will be a good idea since this might bring some of
the 'corruption' to the new AD). Due to the time of year
(Christmas being a busy time, etc), we cannot do too much
to the production environment (which comprises W2K File &
Printer servers, SQL svr, Citrix Server, Exchange).
I am contemplating building a totally new AD (timeframe:
now) in the branch office, acquiring a new server (budget
has been approved), installing and building a W2003 Server
and AD, and an Exchange 2003 server. Because of the small
number of users (30), we will just re-enter user details.
Once the busy period is over (timeframe: after Christmas)
we will look at doing the same "upgrade" (i.e. of OS, AD,
Exchange) in the head office AD environment. In that
scenario, the HO servers will join the new AD that we will
create now. This means that the FSMO roles will be 'based'
on a server in the branch (although I would have preferred
to have this on a server in the HO).
Q1: Under this scenario, will users in this (new) AD
environment (nb. these are the branch users) be able to
access resources in the old AD (i.e. SQL Svr, Citrix are
mission-critical 'systems' which are still residing in the
old AD (nb. this is at HO)).
Q2: Can you suggest something better/less disruptive/more
likely to succeed.
Q3: There are a number of mobile (laptop) users who
normally authenticate via VPN (Firewall-based VPN) to
either/both site. Will the new AD affect these users?
Q4: Any further insights/input will be much appreciated.
Again, sorry for the long post.
TIA...Bob