Significant network changes upcoming - just wanted to check with the experts!

Hello experts!

Later today I am going to be making some significant network changes and I just want to check with the experts to see if there is anything I should watch out for.

Here's a little bit about my current setup:

Windows 2000 network w/ 2000 and XP clients (20 or so clients), active directory is installed as "". We're running one machine with windows 2000 server (SERVER1) and we have a WatchGuard firewall device doing DHCP and NAT so everything has an address of Several applications are "server based" - timeslips, a tax program, xerox network scanning, and some other. All company "files" are located on SERVER1, and right now mail is hosted by an outside company which we use OUTLOOK clients to POP to (so .pst's are stored on client computers).

Here is what I"m going to do:

1. Set up a Windows 2003 Enterprise Server (SERVER2) under the domain MYCOMPANY.LOCAL
2. Back up all the data on SERVER1
3. Relocate server-based applications (timeslips, tax program, xerox network scanning services) to SERVER2
4. Copy company files from SERVER1 to SERVER2
5. Create user accounts for everyone in the new .LOCAL domain
6. Create computer accounts in the new domain
7. Copy user profiles on each machine from c:\Documents and settings\%username% to c:\Documents and Settings\%username%-local
8. Verify that server-based applications are working.
9. Format SERVER1 and do a fresh install of Windows 2003 Enterprise for domain MYCOMPANY.COM
10. Install Exchange 2003 Standard on SERVER1 to accept mail for MYCOMPANY.COM
11. Open firewall setting for Exchange email and OWA
12. Set up "IGETMAIL" to catch email from the POP3 server and send to the Exhange server
13. Change MX records to point to the new server @ my IP
14. Set up batch file login script to map users drives

Phew! So, that's what I'm doing this weekend...I hope I can get it done in that amount of time. If anyone has any suggestions or warnings about this, please let me know.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You have used and mycompany.local. Are you really changing domain names? If you are then you are making a lot of work for yourself. Unless there is something seriously wrong with the old domain name I would stick with it, just upgrading the domain to a Windows 2003 AD. Then the new server can go in, transfer the domain roles across to the new server and DCPROMO out the old server. Once it has been DCPROMO out, drop in to a workgroup and then wipe.
Also save having to copy user profiles around and all that hassle.

Other things... being picky... OWA - put in SSL. Get a certificate from and start off well by using JUST HTTPS. (Port 443). Also allows you to use Forms Based Authentication which helps with the users logging in and security.

I would also consider changing IP subnet. Everyone+DOG uses 192.168.1.x
If you ever decide to setup a VPN then it will clash with anyone who has a home router. Try using a higher number. I like to use double digit numbers, 11,22,33 my favorite being 99. 192.168.99.x


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
neomage23Author Commented:
Hey Simon!

Thanks for you response...I ended up wiping out the Active Directory namespace altogether. Now everything is under the name mycompany.local.

SOmething weird happend though...

After joining all the computers to the new .local domain and copying thier profile, certain things didn't work...namely:

no recent programs history (XP)
no run history
MS Outlook failure in some .cpl file...

Because it was Sunday night at 10pm I had to find a workaround...and because administrator wasn't having problems... I had to add everyone to the domain admins group and then log on as admin on each XP machine and add the user to the HKEY_CURRENT_USER key by opening regedit and right clicking HKEY_CURRENT_USER and clicking permission and then adding user@mycompany.local to have full permission to that regkey.

That fixed everything to the point where they are able to use everything functionally, but how do I lock it down...?

When you copied the profile did you adjust the permissions as well?
I don't actually like copying profiles, I prefer to recreate them and then lift the data from the old profile. Most things can be recreated very easily, as long as you don't move the entire .dat files across as well (these are the user registry changes).

neomage23Author Commented:

Thanks for responding. I didn't adjust the permissions on the profiles files. Here's what I did to create the profile...

1. Log on as the user (this created c:\documents and settings\%username%-MYCOMPANY.LOCAL\ folder)
2. Log of user and log on as Adminsitrator
3. Copy c:\documenst and settings\%username% to c:\documents and settings\%username%-MYCOMPANY.LOCAL\

Is the method you use different? Why?

And are you saying that I need to add the user to the permissions (full control) of thier profile folder to make it work? What about the registry do permission changes need to be made there as well? I don't know how effectively I can experiment with this in the middle of the day.

Thanks again for all your help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.