Solved

Building out Windows 2008 R2 DC's in our 2003 Forest

Posted on 2011-02-17
4
553 Views
Last Modified: 2012-06-21
We've done all the prep work and have already installed one Windows 2008 R2 DC but its in our Forest root which has only a few user accounts and only a few server accounts. I now need to stand up a Windows 2008 R2 DC in our production Domain where all are Users, Workstations and Servers are. We currently have two Windows 2003 R2 DCs. Here is my concern. I recently stumbled across some default settings in Windows 2008 R2 and I have some concerns about downward compatibility with other servers and clients. Rather than try to explain it, it is clearly outlined in the article:
http://adtroubleshooting.deuby.com/2010/02/w2k8-r2-ad-upgrade-tip-ntlm-changes.html

I don't know if should disable these settings like the article states or just leave the default. Would Microsoft design something that could break existing  infrastructure? Our network is just about all Windows 2003/2008 servers and XP clients but there could be some older clients and servers. Not NT but old. Just wondering if anyone ran into a problem deploying Windows 2008 R2 DC's with these default settings.
0
Comment
Question by:osiexchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34922330
There are some clients that could be affected but there are fixes out their to fix these issues. If you are running 98 or NT you might see some of these issues but usually you are good to go. The issues will present themselves when you are running in Windows 2008 functional level.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_23447631.html
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 34922730
Microsoft can't support the older technology forever; they just don't have the manpower.  Glen also has a list of things to look out for

http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx

Like Darius said, if you run really old stuff like NT then you could have issues.

Thanks
Mike
0
 

Author Comment

by:osiexchange
ID: 34926123
Thanks. This information is very help. We certainly don't have anything as old as Windows 98 or NT. I think we have maybe a Windows 2000 server here and there but everything else is XP SP3, Vista or Windows 7. On the Server side, Windows 2003 SP2 and R2 and Windows 2008.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
ID: 34926212
You should be good then there are no issues with Windows 2000
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question