Serious Server/Network Business windows

[boiler]

Here's the scenario:

 

Our business is getting set to replace our aging server with a new, shiny one with some seriously ballsy power. Old server is running Server 2003 Standard SP2, new one will be Server 2008 R2. Current server roles are file server, application server, RA/VPN server, domain controller, and DNS server. There are 25 computers/users in the network, single site (local) only.

 

I only recently have gotten into studying server configuration and management (looking to get MS cert in Server 2008 admin), but this upgrade can't wait for me to finish all that (AD DS book alone is taking forever to get through). Reading up on the process of migrating the AD DS and DNS server from the old to the new is starting to make my head swim. Anyone have any tips/suggestions for accomplishing this task? I'm reading MS knowledgebase articles, but I figured feedback from someone who has done such a thing would be helpful as well.

 

Thanks in advance, guys.

[SirTony]

Just put the 2008 cd in the 2003 server upgrade the AD to the new schema. Then connect the new 2008 server to the 2003 " with the new 2008 schema". At this point you should have a PDC controller and now a BDC controller.

 

Let it sync for a couple days looking for errors. demote PDC and Premote BDC to PDC wait serveral days then remove the 2003 server from AD. wait a day for errors. THen just start miragting services over to new Box.

 

I am sure amertrash answer will be more detail and alot more complicated but in short thats the run down good luck. lol trash "jk".

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

In a true AD setup always have a PDc and a BDC controller. Try not to put Terminal services on a PDC, but you can if you have too.

 

I am a HP Proliant man so hope you go that way.

Edited April 16, 2012 by SirTony

[SirTony]

Also do your backups even if you have symantec, do a windows backup also

 

Do a system state backup and then a file system backup and keep them seperate just incase.

 

Also good to have several different types of backups.

 

Any databases do a mysql dump also for added security.

 

Also call you local microsoft partner in your home town find the smartest AD person and have him sit with you during the process

it may only cost you 125 to 250 dollars but if something goes wrong they are there to help fixing AD errors.

 

Trust me it will be the best 125 to 250 dollars you ever spent. And if you cant find one in your area let me know I have one

here that could help you remotely @ those prices.

 

AD is great when it works right but when and or if you get errors if your not proficent in AD you will have a hard time finding the solutions.

 

Sorry for the spelling here doing from My Ipad on the road.

 

Also last thing you can do is test this on two old worksations load 2003 on one and 2008 on the other and connect the AD's together using the above method until you feel

happy with the new setup. when you feel happy with the procedures you need and @ what steps to take then take those action to the live servers.

 

Or

 

Take One old workstation load 2003 server on it and connect your new box with 2008 on it and do the testing from those boxes until happy then

reload the 2008 box and Start all over on the live setup.

Edited April 16, 2012 by SirTony

[boiler]

After spending the past 36 hours thinking about all of this, I decided it would not be a good idea to make this a "learning experience" and try to do it myself. Scheduled a pro to assist with the migration, and I plan to assist/takemanynotes. I need to know how to do this stuff, but not at the expense of my office possibly not being able to be up and running on time.

 

Tony:

 

Any particular reason for your affinity for HP Proliant? All of the workstations in the office (save three private office ones I custom built) are Dell, and have given me no problems, so I am considering them as well for the server.

 

Thanks for the info and help!

Edited April 17, 2012 by boiler

[stutters]

dell r810, have a nice day.

 

also, get cisco/rsa for your vpn.

[SirTony]

Dell and HP are almost the same machine both price and features. It really comes down to preference. All I do all day is replace Dell servers with HP and I am getting good @ it. Why HP you say I have a strong relationship with my local HP CISCO Barracuda Sonicwall dealer. They now just became a Dell dealer. But for the last 6 or 7 years we have been replacing all dell servers with HP. You can find 100 papers on hp vs. dell and 100 on dell vs. HP, but the pdf I attached is some good reading.

 

Also I stop doing VPN also, if you want to connect to my office you have to have a static IP. Set the firewall to only allow rdp from those static's. Much faster, customers can’t believe how fast the connection is compared to VPN's. Also logmein is a good solution for some remote users as well. I try to stay away from devices that make you have an annual contract to get updates and to talk to someone.

hpProLiant Vs Dell.pdf

[stutters]

vpn is about extending physical security across virtual connections. at that gigantic hosting company i used to work for, vpn use was encouraged anytime you were outside the office, whether you were accessing servers in the office or just responding to email. people are way too comfortable using open public wireless, and that's a huge attack vector.

 

you don't need to go cisco/rsa, but i would strongly encourage some form of two factor authentication.

[SirTony]

From 1996 to 2000 I bought computers from the 3^rd largest computer manufacturer, Quantex computer

they were the best and bam this happened

 

Quantex Microsystems was a direct-PC manufacturer based in Somerset, New Jersey founded in 1984. Although it never matched the sales volumes of the largest PC retailers, their products met wide acceptance by customers. It filed for Chapter 11 bankruptcy protection on August 17, 2000 when its key supplier, Fountain Technologies, who also supplied computers for the Pionex, Inteva, and CyberMax brands, filed for Chapter 11 bankruptcy protection.

Quantex computers were built to a high standard, and regularly won awards in many computer publications. Even up to the point that they filed for Chapter 11, the awards were still being dealt out. The attraction for many was that Quantex combined high build quality, great technical support (before the financial trouble), brand-name components and above all lower cost than most rivals.

Quantex's European operations were taken care of in the Stevenage, UK. The UK operation continued for several months after the US company declared bankruptcy, and were easily contactable during that period. The inevitable happened though, and Quantex UK slipped away. In 2001, a company called Quantex Computers UK Ltd. started to advertise in UK computer magazines, based at the same location as the UK office of the original Quantex Microsystems but denying any links to the old company. They disappeared after only a few months and their website was maintained for a year or so after that by a third party.

 

So if Michael Saul Dell gets caught smoking crack and drives into a home on the way from work, I don’t have to go through another Quantex situation.

HP has been around for over 100 years, this situation would never happen to HP. It may sound like a crazy reason but after what I went through, I can’t allow it to happen again to my customers.

 

vpn is about extending physical security across virtual connections. at that gigantic hosting company i used to work for, vpn use was encouraged anytime you were outside the office

 

Yes I agree with you about the vpn, but in a small network and not a large enterprise situation. Most customers just need to get to terminal server/rdp and so they load the vpn software get a local ip address and then logon to a RDP server’s local ip. Just bypass the vpn, which on a cable modem or dsl @ most business and your mifi or dsl and cable @ home, vpn gets real slow without an enterprise connection.

Edited April 17, 2012 by SirTony

[boiler]

The VPN stuff was actually a relic of the PCAnywhere days, before my time in this office. Only two people besides myself have remote access to the server, and it's through RDP, with the other end setup by me on their home computers. This is very much a self-contained office, with the only remote access being done to check schedules and such. Or if I have to do some sort of maintenance that I can't do during the day.

 

This has certainly been a huge learning experience for me! I'll do a little shopping around on the server and see what happens.

[ZeroDamage]

I just noticed this thread. Somehow I missed it. You did the right thing getting a consultant in the office to do the heavy lifting while you observe and take notes. You will see that it is actually a fairly easy process. I am concerned though that you only have the one Domain Controller; I know you only have 25 or so people but you always want redundancy no matter how small your environment.

 

If your company can afford it, I would look at getting some kind of blade server that can be used as a virtual host, use Hyper-V and host most of your servers on there. Keep one DC on the Virtual host and keep one physical in case the virtual host goes down. We have a set up like that at my work. Everything is virtualized, even the SharePoint and SQL servers. We have one older file server that is RAID 5 that we use in the IT department (all 2 of us) to host our installer files, images, etc and then one physical Domain Controller. Everything else including our Exchange, FTP, SharePoint, SharePoint Dev, two SQL servers, etc are all virtualized. Makes maintenance weekend so much easier; snapshot the virtualized servers then do the patching and if anything goes wrong, you can revert. With the hardware today, there is no way to tell the difference between native hardware and virtual environments.

Edited April 18, 2012 by ZeroDamage

[boiler]

Thanks for the info ZD!

 

From what I have seen elsewhere, having more than one domain controller would be HIGHLY unusual for self-contained dental offices. Most of them I have seen run a simple one-tower Windows Server environment (a few of which aren't even being used as DC's!), and even a few that are just using a Windows 7 box as a file server. These docs (not mine, just in general) want to spend as little time and money on this stuff as they can. Most offices are running one major program, possibly two if they have dedicated digital imaging, and that's it. I understand the benefits of redundant domain controllers, but I would probably never be able to talk most dentists into plunking down the cash for the infrastructure that would require. I feel lucky enough mine are willing to splurge on an 8-core E5 series xeon and hardware Raid 1. I once did an install for an office a little smaller than mine, and was told I had a budget of $10k to basically replace EVERYTHING in the office (9 workstations, switches, etc). Yeah, that's the kind of crap most docs pull. Some are willing to spend what it takes, but most won't.

Edited April 19, 2012 by boiler

[ZeroDamage]

Well, you do not need a beast of a system. You can run something like that 8-core (a separate one) and run vmware server or something on it and still pull of the same thing for cheaper than some beast of a rack mounted server. The only cost is another license or two for Windows server. As long as they have good backups, I guess that is good. Every time I see a company start with the one box that does it all, the IT staff later usually are hating life later trying to separate all of the services; never mind the performance hit.

 

Trust me, I am dealing with a company right now that 4 years ago let some admin guy set up the SharePoint environment. I've spent the last year keeping it from crashing out. Doing things only half-assed to save money can cost a lot more later.