Let me put a quick background to this question.
I'm maintain AD for a school district that has quite an unnecessarily complex environment (inherited it that way , and working on improving it), in more technical terms, following is what complex means:
- I have 36 school sites, connected via TLS 10mbps/100mbps connetions.
- Each site has a domain controller on it that is replicating from the forest root domain
- Each site is running DNS, and DHCP with different subnets on each site
- Some sites have additional domain controller, and child domains with 2 way trusts with the parent domain.
- The total child domains is somewhere around 25 or 26 at this time. I'm working on actually removing those.
I cannot wait to remove all child domains before I'm able to upgrade my AD infrastructure, though I'm just doing some research to see what may be of important that I need to pay special attention to.
- our AD schema has already been modified to accommodate 2003 (and was done spur of the moment a while back when one of the tech decided to install the first 2003 server in the environment.)
- a lot of our servers are running Windows 2000 Server at the moment, though all new installations are having Windows 2003 Server Standard.
- Some of the servers were at one point actually upgraded from Windows NT4 server to Windows 2000 Server.
Since my Schema has already been upgraded to accommodate AD 2003, all that's left to do is to move over the FSMO roles from a server currently running Windows 2000 Server to a server running Windows 2003 Server.
Doing this move, would my Windows 2000 servers still operate normally? or if I'm all migrated to 2003, it means that i can't have any Windows 2000 Servers anymore??
Also, If I decide to start installing Windows 2003 Standard R2 , I understand that there will be new change to the Schema, is that going to require any other major considerations? or the schema modification the only thing that is required?
On slightly different angle, I was considering removing the DCs from most of my sites, especially that I now have fairly adequate high speed connections between the sites, and then keeping only a couple of DCs on some of my 100mbps sites, and the rest, keep them at the district office. my purpose for that, was to avoid delays in replications, and attempt to do most of my replications via RPC instead of IP.
The problem that I may have, however, lies in the "Sites and Services" piece. I currently do have a different subnet on each of my sites, which is being controlled by its own DHCP server, and the servers on that site are showing up.
my question about that would be:
Is it possible to maintain different subnets, and a site without having a domain controller on it? I read mixed opinions about that, some say it's possible, and some strongly recommend that there would be a domain controller, that is a Global Catalog on the site. the only downside I read about not having the DC is that the %LOGONSERVER% will end up being chosen randomly if that is my case.
In relation to that, there is an Exchange migration question that I have, though I will post that in a different topic for the sake of ease of searching for people who may be interested.
Thanks in advance for any ideas that you may have.