Significant network changes upcoming - just wanted to check with the experts!

Posted on 2004-10-29
Medium Priority
Last Modified: 2010-03-18
Hello experts!

Later today I am going to be making some significant network changes and I just want to check with the experts to see if there is anything I should watch out for.

Here's a little bit about my current setup:

Windows 2000 network w/ 2000 and XP clients (20 or so clients), active directory is installed as "mycompany.com". We're running one machine with windows 2000 server (SERVER1) and we have a WatchGuard firewall device doing DHCP and NAT so everything has an address of 192.168.1.xxx. Several applications are "server based" - timeslips, a tax program, xerox network scanning, and some other. All company "files" are located on SERVER1, and right now mail is hosted by an outside company which we use OUTLOOK clients to POP to (so .pst's are stored on client computers).

Here is what I"m going to do:

1. Set up a Windows 2003 Enterprise Server (SERVER2) under the domain MYCOMPANY.LOCAL
2. Back up all the data on SERVER1
3. Relocate server-based applications (timeslips, tax program, xerox network scanning services) to SERVER2
4. Copy company files from SERVER1 to SERVER2
5. Create user accounts for everyone in the new .LOCAL domain
6. Create computer accounts in the new domain
7. Copy user profiles on each machine from c:\Documents and settings\%username% to c:\Documents and Settings\%username%-local
8. Verify that server-based applications are working.
9. Format SERVER1 and do a fresh install of Windows 2003 Enterprise for domain MYCOMPANY.COM
10. Install Exchange 2003 Standard on SERVER1 to accept mail for MYCOMPANY.COM
11. Open firewall setting for Exchange email and OWA
12. Set up "IGETMAIL" to catch email from the POP3 server and send to the Exhange server
13. Change MX records to point to the new server @ my IP
14. Set up batch file login script to map users drives

Phew! So, that's what I'm doing this weekend...I hope I can get it done in that amount of time. If anyone has any suggestions or warnings about this, please let me know.

Question by:neomage23
  • 2
  • 2
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 12449663
You have used mycompany.com and mycompany.local. Are you really changing domain names? If you are then you are making a lot of work for yourself. Unless there is something seriously wrong with the old domain name I would stick with it, just upgrading the domain to a Windows 2003 AD. Then the new server can go in, transfer the domain roles across to the new server and DCPROMO out the old server. Once it has been DCPROMO out, drop in to a workgroup and then wipe.
Also save having to copy user profiles around and all that hassle.

Other things... being picky... OWA - put in SSL. Get a certificate from FreeSSL.com and start off well by using JUST HTTPS. (Port 443). Also allows you to use Forms Based Authentication which helps with the users logging in and security.

I would also consider changing IP subnet. Everyone+DOG uses 192.168.1.x
If you ever decide to setup a VPN then it will clash with anyone who has a home router. Try using a higher number. I like to use double digit numbers, 11,22,33 my favorite being 99. 192.168.99.x


Author Comment

ID: 12475317
Hey Simon!

Thanks for you response...I ended up wiping out the mycompany.com Active Directory namespace altogether. Now everything is under the name mycompany.local.

SOmething weird happend though...

After joining all the computers to the new .local domain and copying thier profile, certain things didn't work...namely:

no recent programs history (XP)
no run history
MS Outlook failure in some .cpl file...

Because it was Sunday night at 10pm I had to find a workaround...and because administrator wasn't having problems... I had to add everyone to the domain admins group and then log on as admin on each XP machine and add the user to the HKEY_CURRENT_USER key by opening regedit and right clicking HKEY_CURRENT_USER and clicking permission and then adding user@mycompany.local to have full permission to that regkey.

That fixed everything to the point where they are able to use everything functionally, but how do I lock it down...?

LVL 104

Expert Comment

ID: 12475816
When you copied the profile did you adjust the permissions as well?
I don't actually like copying profiles, I prefer to recreate them and then lift the data from the old profile. Most things can be recreated very easily, as long as you don't move the entire .dat files across as well (these are the user registry changes).


Author Comment

ID: 12475925

Thanks for responding. I didn't adjust the permissions on the profiles files. Here's what I did to create the profile...

1. Log on as the user (this created c:\documents and settings\%username%-MYCOMPANY.LOCAL\ folder)
2. Log of user and log on as Adminsitrator
3. Copy c:\documenst and settings\%username% to c:\documents and settings\%username%-MYCOMPANY.LOCAL\

Is the method you use different? Why?

And are you saying that I need to add the user to the permissions (full control) of thier profile folder to make it work? What about the registry do permission changes need to be made there as well? I don't know how effectively I can experiment with this in the middle of the day.

Thanks again for all your help.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question