Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Significant network changes upcoming - just wanted to check with the experts!

Posted on 2004-10-29
Medium Priority
Last Modified: 2010-03-18
Hello experts!

Later today I am going to be making some significant network changes and I just want to check with the experts to see if there is anything I should watch out for.

Here's a little bit about my current setup:

Windows 2000 network w/ 2000 and XP clients (20 or so clients), active directory is installed as "mycompany.com". We're running one machine with windows 2000 server (SERVER1) and we have a WatchGuard firewall device doing DHCP and NAT so everything has an address of 192.168.1.xxx. Several applications are "server based" - timeslips, a tax program, xerox network scanning, and some other. All company "files" are located on SERVER1, and right now mail is hosted by an outside company which we use OUTLOOK clients to POP to (so .pst's are stored on client computers).

Here is what I"m going to do:

1. Set up a Windows 2003 Enterprise Server (SERVER2) under the domain MYCOMPANY.LOCAL
2. Back up all the data on SERVER1
3. Relocate server-based applications (timeslips, tax program, xerox network scanning services) to SERVER2
4. Copy company files from SERVER1 to SERVER2
5. Create user accounts for everyone in the new .LOCAL domain
6. Create computer accounts in the new domain
7. Copy user profiles on each machine from c:\Documents and settings\%username% to c:\Documents and Settings\%username%-local
8. Verify that server-based applications are working.
9. Format SERVER1 and do a fresh install of Windows 2003 Enterprise for domain MYCOMPANY.COM
10. Install Exchange 2003 Standard on SERVER1 to accept mail for MYCOMPANY.COM
11. Open firewall setting for Exchange email and OWA
12. Set up "IGETMAIL" to catch email from the POP3 server and send to the Exhange server
13. Change MX records to point to the new server @ my IP
14. Set up batch file login script to map users drives

Phew! So, that's what I'm doing this weekend...I hope I can get it done in that amount of time. If anyone has any suggestions or warnings about this, please let me know.

Question by:neomage23
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 12449663
You have used mycompany.com and mycompany.local. Are you really changing domain names? If you are then you are making a lot of work for yourself. Unless there is something seriously wrong with the old domain name I would stick with it, just upgrading the domain to a Windows 2003 AD. Then the new server can go in, transfer the domain roles across to the new server and DCPROMO out the old server. Once it has been DCPROMO out, drop in to a workgroup and then wipe.
Also save having to copy user profiles around and all that hassle.

Other things... being picky... OWA - put in SSL. Get a certificate from FreeSSL.com and start off well by using JUST HTTPS. (Port 443). Also allows you to use Forms Based Authentication which helps with the users logging in and security.

I would also consider changing IP subnet. Everyone+DOG uses 192.168.1.x
If you ever decide to setup a VPN then it will clash with anyone who has a home router. Try using a higher number. I like to use double digit numbers, 11,22,33 my favorite being 99. 192.168.99.x


Author Comment

ID: 12475317
Hey Simon!

Thanks for you response...I ended up wiping out the mycompany.com Active Directory namespace altogether. Now everything is under the name mycompany.local.

SOmething weird happend though...

After joining all the computers to the new .local domain and copying thier profile, certain things didn't work...namely:

no recent programs history (XP)
no run history
MS Outlook failure in some .cpl file...

Because it was Sunday night at 10pm I had to find a workaround...and because administrator wasn't having problems... I had to add everyone to the domain admins group and then log on as admin on each XP machine and add the user to the HKEY_CURRENT_USER key by opening regedit and right clicking HKEY_CURRENT_USER and clicking permission and then adding user@mycompany.local to have full permission to that regkey.

That fixed everything to the point where they are able to use everything functionally, but how do I lock it down...?

LVL 104

Expert Comment

ID: 12475816
When you copied the profile did you adjust the permissions as well?
I don't actually like copying profiles, I prefer to recreate them and then lift the data from the old profile. Most things can be recreated very easily, as long as you don't move the entire .dat files across as well (these are the user registry changes).


Author Comment

ID: 12475925

Thanks for responding. I didn't adjust the permissions on the profiles files. Here's what I did to create the profile...

1. Log on as the user (this created c:\documents and settings\%username%-MYCOMPANY.LOCAL\ folder)
2. Log of user and log on as Adminsitrator
3. Copy c:\documenst and settings\%username% to c:\documents and settings\%username%-MYCOMPANY.LOCAL\

Is the method you use different? Why?

And are you saying that I need to add the user to the permissions (full control) of thier profile folder to make it work? What about the registry do permission changes need to be made there as well? I don't know how effectively I can experiment with this in the middle of the day.

Thanks again for all your help.


Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question