Server 2003 question on domain controller

Discussion in 'Hardware' started by kevlach, Oct 30, 2007.

  1. kevlach

    kevlach Private E-2

    I started working at a shop 10 years ago when we had 1 pc and 3 employees. Since then we've added about 10 more pc's and a poweredge server from dell with server 2003 installed. I am not real familiar with network administrating and as we added computers they were all tied together as peer to peer networking through a common workgroup. Now that we have more employees using the system I would like to change the server to add roles such as domain controller and turn on active directory (which I had no idea what it was when I first started using the server). Right now the employees just log on to there local pc's which have either XP or XP pro and can connect to shared files on the server or on another pc with shared folders. If I change the server to be a domain controller and turn on active directory will the other pcs still be able to log onto the server with the settings that are currently on them or will they be unable to log on until I can change the local settings? I would like to control the user profiles and make adjustments all through the server. Right now I have users set up at each computer. What is the best way to change things over with minimal down time for everybody?

    There is also one pc that has windows 98 that is used just to download nc files for a production machine.

    Thanks,
    Kevin
     
  2. JPSchwartz

    JPSchwartz Private E-2

    You can have some computers set up as part of the domain, and some not set up that way. The ones that are members, will have the added controls, and the ones that are not will work just the way they do now. Additionally, when you add a computer to the domain, all of it's local accounts will continue to work just as they did before.

    The big pain is dealing with profiles, even if your employee has the same login and password on the domain, the profile will be different. There is a profile management tool, right click My Computer, Properties, Advanced, Profiles. This tool can help transfer the settings to the new accounts.

    You may or may not even bother with the Windows 98 computer. About the only benifit would be central password storage for that box, but since 98 does not require a password, it is not really a security benifit, just a convienience.

    Just test a single computer at first, this way there is little impact on your business if you have to troubleshoot. Controlling settings from the server can be done with Group Policy. There is a little learning curve, so take it slow, one step at a time. Since this network supports your business, you may also consider getting professional help to get it set up, and a little training so you can manage it.
     
  3. kevlach

    kevlach Private E-2

    When I change the server over to domain controller, will the other pc's lose the peer-to-peer access to the shared folder on the server right away or will they still be able to connect to that folder. I was thinking that I would have to go around right away and join them all to the domain so that they would be able to communicate. Will the other pc's still have the workgroup shares that they have now (including to the folder on the server)? I would like to be able to remove the workgroup shares one at a time and then get the users roaming profiles.
     
  4. JPSchwartz

    JPSchwartz Private E-2

    When you upgrade to a domain controller, it will remove the local users and groups. This will effectively prevent access to your shares from all your computers. You will need to recreate the users on the server, if you use the same login names and passwords, and reapply the permissions to the shares, the workstations will be able to connect, even though they have not been joined to the domain yet. If you will be doing this yourself, do a bit of reading first, the DNS setup is critical for getting a domain to work. I'd start on a Friday evening before the weekend, so you have plenty of time. Also, you can make a backup of your System State (and all your data) before starting the dcpromo process. This way, if you decide to demote back to a workgroup, you can restore your local accounts.

    I can't tell how new your PowerEdge server is from your post, if it is anywhere near time for another server, it is much safer to implement using new hardware, or, even a small new server that just runs Active Directory. This way you don't have to worry about keeping your business going while you work it out.

    Check out the following links from MS. Both of these unfortunately are geared towards a new setup, not a migration with data on a server. The good news is that your data won't go anywhere, you just need to recreate users and shares. With only 10 people on the network this is not a big deal.

    How to migrate from Workgroup network model to Domain based model?
    http://support.microsoft.com/kb/555542/en-us

    How to create an Active Directory Server in Windows Server 2003.
    http://support.microsoft.com/kb/324753/en-us
     
  5. kevlach

    kevlach Private E-2

    Thanks,

    The server is about 5 or 6 years old. I'm mainly concerned with tightening up the security throughout the network and gaining control of the computers and users from one location. It's a pain setting up each pc at each location to let various users have access. I think I've done pretty good so far as keeping all the computers up and running and communicating. I would just like to move up to the next level.
     
  6. JPSchwartz

    JPSchwartz Private E-2

    Looks like you are moving in the right direction, a change to a domain will get you the centralized control you are looking for. If you change your existing server to a domain controller, give yourself a few days to get it all worked out. An easy way to do it, with little risk, is to make the change when you get a new server. At 5 or 6 years old, it's about time anyway. You may start having problems getting parts if it breaks, or have difficulty extending the warranty. If you do get a new server, set the domain up there, then you can join all the workstations and your old server. Since you don't have to promote the old server to a DC, all the local accounts will remain intact and your network will contine to function as it is, making for an easy transition. Move your shares to the new server, and remove the local accounts to complete the process. Nice and easy, with no downtime.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds