troubleshooting Question

Adding AD to existing non-AD environment

Avatar of bevege
bevegeFlag for United States of America asked on
Windows Server 2008Active DirectoryIT Administration
4 Comments2 Solutions537 ViewsLast Modified:
I'm doing some work for a small company 15-20 Users. They currently have no AD but I want to add it.  I'm looking for some general advice.  I'm familiar with AD but have always used it from the start whenever I've implemented it. I'm just looking for any gotchas in my plan that I may have forgot.
Server Environment  
2 Windows 2003 File Servers with several shares (everyone has full access to everything)
1 Windows 2000 box that doesn't really do anything. Kinda old but usable.
1 New Dell r710 Dual Quad Core, 12 GB Ram, 3TB's of storage 6 SAS Drives
DHCP and DNS being done with a wireless router

Desktop Environment
Windows 7 Pro Desktops
Windows 7 Pro Laptops (2)
All users use the same username/password and have full admin rights (Genius isn't it!)
Most users have drives hand mapped permanently.  They are fairly standard as to the drive letters and what data they access.
5 Printers all on JetDirect cards, not shared by Windows servers
 
The Plan
1. Convert the r710 to ESXi 4.1 so I can install some other things such as nagios, helpdesk trouble ticket system,  etc. It's just sitting there doing basically nothing anyway and is brand new.
2. Install VM Windows 2008 Server Standard as a DC1 with domain helpme.net. Their internet domain is helpme.com.  
3. Install Another Windows 2008 Server Standard DC2 on the old Windows 2000 box as a Global Catalog server so people can still login if the VM has issues, which it shouldn't but why not.
4. Add DHCP/DNS to new 2008 Servers
5. Join other two Windows 2003 Servers to the new domain and share current shares with full access to everything just like it is now.  We can tackle the permissions later after talking to mgt to figure out who actually needs access to what.
6. Change default domain policy or create per group policy depending on what MGT agrees to for password length and duration. I'm sure the default will lead to a lot of complaining and whining.
7. Create each user in Domain
8. Create drive mapping login script for consistency
9. Join End users 1 at a time to domain
10.  Migrate their settings/documents to their new domain profile. Anyone have some
11.  Test everything and go have a beer.

Other Notes/questions:
1. They have hosted exchange with godaddy under the helpme.com domain (obviously this is a fake name). None of this should affect that.  
2. Should I share all of the printers from the Windows 2008 Server?  Is there really an advantage besides being able to set permissions and map printers with login script?
3. When I add the file servers to the domain will the non-domain users have to enter a username and password even though if I set full permissions to everything?
4. They have a small office with 4 people in another city but I'm not sure if it's worth setting them up with a separate DC. They are connected to the main office via 7MB VPN Connection.  Any thoughts on this are welcome.

Any other issues that you can think of that I may have missed or any suggestions welcome.

Thanks
ASKER CERTIFIED SOLUTION
Sanga Collins
Systems Admin

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros