Avatar of MightyMikey
MightyMikeyFlag for United States of America asked on

HELP! Network Infrastructure Revamping to DNS, Active Directory, DHCP, Web Server, Exchange, file/print

I'm relatively new to the server environment, forgive me if my questions are rather elementary:

I have been tasked with revamping a semi-abandoned network.  The following is a snapshot of the network (please keep in mind that we ordered new servers for the revamp):

1-Domain Controller (Win NT 4.0), Another server for DHCP and applications (win 2003), the rest of the servers are application servers (win 2003's).  I also believe we have one of the application servers hosting an internal DNS, but the DHCP points all machines to the ISP provided DNS's.  We host our email and website through external vendors.

The domain controller is running on Windows NT 4.0 and holds about 150-200 users.  Roughly a quarter or half of the users are not with the company anymore (the domain controller was abandoned).  Additionally, they previously had no username naming scheme or any policies other than those which are set by default.  DHCP IP addressing is a class C.  Three branches are connected to corporate via dedicated T1's while corporate has three dedicated T1's to the cloud.

We have ordered the following:
New domain controller (Will run: DNS, AD, DHCP) (any other networking service?)
Exchange Server (will host email)
Web Server (Will host website and web applications)
File/Print Server (will additionally host endpoint protection)
File Backup Server (NAS) (offsite at one of the branches)

The only server we will be replacing is the old NT box.  We will not migrate anything over to any of the new servers; for all intents and purposes, this is a fresh start for our IT.  We will manually enter all users and directory information into active directory to ensure that there are no un-needed users.  Branch IP's are dished out by the local router.  It's my job to make this happen.

Based on the above mentioned, I have a few questions (AND I'M FREAKING OUT):

Where should I start implementing? (which server what services/roles and in what order?)
What adjustments will I have to make to the web domain name?
What is the best way for me to setup the DNS and AD with the additions of the webserver and exchange keeping the external domain name in mind?
What internal domain should I use? (making it easy to migrate old email services to new)
How should I setup the DNS?
What can I do to minimize email outage?
How should I roll-out the new equipment without interfering with the day-to-day network activity?

Any other recommendations?  PLEASE HELP...I'M FREAKING!
Network ManagementServer HardwareEmail Servers

Avatar of undefined
Last Comment
MightyMikey

8/22/2022 - Mon
Chris Dent


> Where should I start implementing? (which server what services/roles and in what order?)

If you're not upgrading the domain then the first logical step would be to build your new base AD Domain (which will have to include the DNS service).

Get a bit used to working with that before starting the migration, even if that means flattening it and rebuilding it a few times.

> What adjustments will I have to make to the web domain name?

None at all. AD doesn't really have anything to do with public services unless you create a conflicting domain name (see below).

> What is the best way for me to setup the DNS and AD with the additions of the webserver and
> exchange keeping the external domain name in mind?

For the naming see below. Exchange can easily be reconfigured to accept mail for a public domain name, the AD domain name does not have to match your SMTP (mail) domain name.

> What internal domain should I use? (making it easy to migrate old email services to new)

I advise that you name your domain something like:

corp.yourdomain.com

As this is a sub-domain of yourdomain.com it will not conflict with yourdomain.com at all. Simplifies DNS configuration significantly.

Many of the other domain naming options have fallen by the way-side. This includes the yourdomain.local style. It is no longer recommended because .local is not a reserved domain suffix. It would not be fun at all if it were to become public.

Active Directory also has two domain names, a DNS domain name and a NetBIOS domain name. Because of your situation I strongly urge you to avoid using the NetBIOS domain name from the NT4 domain. Keep them entirely separate if they're to share a network.

> How should I setup the DNS?

All servers and clients on your network *must* refer to the DNS server installed on your Domain Controller, and only that DNS server. It's a simplification, but a reasonable one.

When I say refer to I mean they should only list that DNS server in TCP/IP configuration (see "ipconfig /all").

This is because DNS is the primary name resolution / service location mechanism for Active Directory. Failure to find names in AD can result in a slow logon process, or problems authentication, or failure in Exchange, etc.

> What can I do to minimize email outage?

Depends how much money you have and how important uptime is.

High availability with Exchange tends to cost money ranging from a Cluster backed onto a SAN on the high end, to Standby Continuous Replication (with Exchange 2007) on the low end.

Naturally you need to have a good backup strategy in place.

> How should I roll-out the new equipment without interfering with the day-to-day network activity?

DHCP would have to be isolated or kept disabled until you were ready to activate the domain. For the NetBIOS name please see above.

> Any other recommendations?  

It's a big job, you'll need to break it up. Do you have specific products in mind? A specific version of Exchange in mind? Are you considering Windows 2008 at all? Where will you put your Exchange Server?

Chris
ASKER
MightyMikey

Thanks for your reply.
All machines are Dell.  We had planned on rolling out all of our servers on Windows 2003; should I consider moving to Windows 2008 instead?  Also, the Exchange server will be on it's own Windows machine originally planned to be Windows 2003.  The Exchange server and all other servers will be sitting in the same rackmount.  The backup server will be at a distant branch.  What did you mean by, if "it became public" (if the domain suffix 'local' became public)?  Also, how is it that some organizations can remote desktop straight to the machine from outside the network by using the computer domain name: computer123.ds.yourdomain.com?  We have a block of 10 public IP's, would the domain controller and webserver be the only two to have them?  Any other recommendations on setup?
ASKER CERTIFIED SOLUTION
Chris Dent

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
MightyMikey

Thanks Chris.
Your help has saved me hundreds of hours of internet surfing.
fblack61