cspcc
asked on
Set up new 2008 server in workgroup or as a DC
I have an office with an old server running Win 2003 server (server A) in a workgroup setting as a file and application server. This server is being replaced with a new server running Windows server 2008 (Server B). 50% of the office computers are members of a corporate domain and are authenticated to that domain via VPN. All the computers in the office access file shares and applications running on Server A. Is it possible to set up Server B as a domain controller and be able to host the same applications and file shares that Server A does for the computers that are members of the corporate domain as well as the current workgroup computers in a new domain?
ASKER
The local office is an independent insurance and financial services business that is only related to, but not owned by, the corporation who is their broker/dealer. The Broker/Dealer requires that their reps have computers which are set up as members of their internal domain in order to be able to access their internal network resources. The local office is an independant firm which has their own databases and applications which are not, nor will they ever, be available to the broker/dealer.
I think I would make Server B a terminal server.
ASKER
So server B would be in the existing workgroup as a Terminal Server?
why make it a terminal server? that would just mean that the company has to buy additional licenses.
it is no problem to make a new domain on your 2008 server. you might have some issues with user credentials though.
all workstations that are currently in the workgroup should be joined to your new domain. that's the best setup for authentication and such.
all workstation that are currently joined to the domain using the vpn can access the file shares on your own domain as long as the users have valid credentials to authenticate with on your domain.
they might be presented with a credential box if they want to connect to a share on your server.
it is no problem to make a new domain on your 2008 server. you might have some issues with user credentials though.
all workstations that are currently in the workgroup should be joined to your new domain. that's the best setup for authentication and such.
all workstation that are currently joined to the domain using the vpn can access the file shares on your own domain as long as the users have valid credentials to authenticate with on your domain.
they might be presented with a credential box if they want to connect to a share on your server.
ASKER
Birkoff - Thank you for your post. Please forgive my elementary questions - I am new to AD and not well versed yet. My preference is to set this new server up as a DC on a new domain (Domain B). My concern is with the PCs connected to the existing VPN accessed domain (Domain A). If I create user accounts in AD in domain B for all users but the users in domain A log in using their Domain A credentials how will the shares in domain B get mapped? It is necesssary that they are logged in to domain A and still be able to access the local shares which will be on domain B. Am I trying to create a administrative headache here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks I was hoping it would be that simple!
What is the logic in not having all the machines in the domain - that would seem to be more sensible.