Significant network changes upcoming - just wanted to check with the experts!

Posted on 2004-10-29
Last Modified: 2010-03-18
Hello experts!

Later today I am going to be making some significant network changes and I just want to check with the experts to see if there is anything I should watch out for.

Here's a little bit about my current setup:

Windows 2000 network w/ 2000 and XP clients (20 or so clients), active directory is installed as "". We're running one machine with windows 2000 server (SERVER1) and we have a WatchGuard firewall device doing DHCP and NAT so everything has an address of Several applications are "server based" - timeslips, a tax program, xerox network scanning, and some other. All company "files" are located on SERVER1, and right now mail is hosted by an outside company which we use OUTLOOK clients to POP to (so .pst's are stored on client computers).

Here is what I"m going to do:

1. Set up a Windows 2003 Enterprise Server (SERVER2) under the domain MYCOMPANY.LOCAL
2. Back up all the data on SERVER1
3. Relocate server-based applications (timeslips, tax program, xerox network scanning services) to SERVER2
4. Copy company files from SERVER1 to SERVER2
5. Create user accounts for everyone in the new .LOCAL domain
6. Create computer accounts in the new domain
7. Copy user profiles on each machine from c:\Documents and settings\%username% to c:\Documents and Settings\%username%-local
8. Verify that server-based applications are working.
9. Format SERVER1 and do a fresh install of Windows 2003 Enterprise for domain MYCOMPANY.COM
10. Install Exchange 2003 Standard on SERVER1 to accept mail for MYCOMPANY.COM
11. Open firewall setting for Exchange email and OWA
12. Set up "IGETMAIL" to catch email from the POP3 server and send to the Exhange server
13. Change MX records to point to the new server @ my IP
14. Set up batch file login script to map users drives

Phew! So, that's what I'm doing this weekend...I hope I can get it done in that amount of time. If anyone has any suggestions or warnings about this, please let me know.

Question by:neomage23
    LVL 104

    Accepted Solution

    You have used and mycompany.local. Are you really changing domain names? If you are then you are making a lot of work for yourself. Unless there is something seriously wrong with the old domain name I would stick with it, just upgrading the domain to a Windows 2003 AD. Then the new server can go in, transfer the domain roles across to the new server and DCPROMO out the old server. Once it has been DCPROMO out, drop in to a workgroup and then wipe.
    Also save having to copy user profiles around and all that hassle.

    Other things... being picky... OWA - put in SSL. Get a certificate from and start off well by using JUST HTTPS. (Port 443). Also allows you to use Forms Based Authentication which helps with the users logging in and security.

    I would also consider changing IP subnet. Everyone+DOG uses 192.168.1.x
    If you ever decide to setup a VPN then it will clash with anyone who has a home router. Try using a higher number. I like to use double digit numbers, 11,22,33 my favorite being 99. 192.168.99.x

    LVL 6

    Author Comment

    Hey Simon!

    Thanks for you response...I ended up wiping out the Active Directory namespace altogether. Now everything is under the name mycompany.local.

    SOmething weird happend though...

    After joining all the computers to the new .local domain and copying thier profile, certain things didn't work...namely:

    no recent programs history (XP)
    no run history
    MS Outlook failure in some .cpl file...

    Because it was Sunday night at 10pm I had to find a workaround...and because administrator wasn't having problems... I had to add everyone to the domain admins group and then log on as admin on each XP machine and add the user to the HKEY_CURRENT_USER key by opening regedit and right clicking HKEY_CURRENT_USER and clicking permission and then adding user@mycompany.local to have full permission to that regkey.

    That fixed everything to the point where they are able to use everything functionally, but how do I lock it down...?

    LVL 104

    Expert Comment

    When you copied the profile did you adjust the permissions as well?
    I don't actually like copying profiles, I prefer to recreate them and then lift the data from the old profile. Most things can be recreated very easily, as long as you don't move the entire .dat files across as well (these are the user registry changes).

    LVL 6

    Author Comment


    Thanks for responding. I didn't adjust the permissions on the profiles files. Here's what I did to create the profile...

    1. Log on as the user (this created c:\documents and settings\%username%-MYCOMPANY.LOCAL\ folder)
    2. Log of user and log on as Adminsitrator
    3. Copy c:\documenst and settings\%username% to c:\documents and settings\%username%-MYCOMPANY.LOCAL\

    Is the method you use different? Why?

    And are you saying that I need to add the user to the permissions (full control) of thier profile folder to make it work? What about the registry do permission changes need to be made there as well? I don't know how effectively I can experiment with this in the middle of the day.

    Thanks again for all your help.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
    We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 ( But the ability to create custom scanning profiles al…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now