Brand New Domain Question

DjScientist · July 2009

Hi all,

I have been tasked with building a new Domain (network) for one of our small division.Previoulsy the small division was joined to our main network and recently they purchased 2 servers,one is already in use as an applciation server(running some freight system) and still attached to our network.The other one is sitting right here with me,i've installed Windows Server 2003 Enterprise and honestly,i wish i knew where to start.
I do have a bit of experience and i do trust i can do the task and i do trust contribution to this topic will shed some light and act as a guidance.
I think this is what i have to do for them:
1.Create a new domain for them
2.Provide them with internet connection
3.Create File and Print Servers
4.Configure Network Printing
5.Move Files from their PC to a centralised Server
6.Create shares and configure permissions

I am not sure the order in which i have to do this and if this is all I need to do.My Manager delegated the task to me and this will be the first time to do task of this magnitude and am pretty excited about it.I need to do it right the first time and get some advice before i get right into it.

Current Setup

About 15 computers will be joined into the new domain.(currently in HQ domain)
There are 4 network printers
User's files are in their local machines while some resides in our Main Company File Servers
There is one office accross the main road within the city (One company suggested we use a Radio Link as Fibre will be a bit expensive) and labour intensive as they will have to lift a portion of that tarred road to lay cables underneath.
1 ADSL line with an IP Address

What I would also like to know is tips in Creating fundamental logon.bat files. (roaming profiles will be used). What are some other things that I might need to do?

Thank you all in advance

Cheers!!

brad- · July 2009

Im a junior guy myself, but I would imagine promoting that server to a domain controller should be the first thing you do. Search DCPROMO.

After you create the domain, I would probably also sketch out on paper an AD OU's and how you think it should be laid out so you can apply group policies as needed.

-edit - it might also be a good thing to run all the windows updates on the server itself, then get a quick image of it if you can.

RTmarc · July 2009

1) Update server
2) Install DNS and DHCP
3) DCPROMO (domainname.local or domainname.msft)
4) Create user accounts
5) Join workstations to domain
6) Install printers (and drivers) on server
7) Create GPOs
8 ) Create shares on server.

This is not a large domain from your description so over-complicating it would be a mistake.

For your login script, what are you wanting to accomplish? Mapping drives, attaching printers (better through GPO), etc?

Why roaming profiles? Will users be changing workstations frequently?

Wireless is a good choice if fiber (buried or aerial) are not an option but depends on distance. Just make sure to properly secure it. How far are we talking? Across the road (feet) or across the city (miles)?

dynamik · July 2009

Is there a reason you can't connect via a VPN? Why do you need wireless or fiber?

Do you just want to backup files on user's computers? Check out folder redirection instead of roaming profiles.

What's wrong with ad.domainname.com or corp.domainname.com?

Claymoore · July 2009

Why create a new domain at all? IMO, there are only two good reasons for creating additional 2003 AD domains - separate password policies or a disjointed namespace - and your description mentions neither. You could create another OU for that building, but that's probably not necessary either.

You mention that they were previously connected to the corporate network now. How?

Go ahead and promote the server to a domain controller and assign it to a separate AD site created for that building. You can use a site-to-site VPN to handle the replication traffic. Use folder redirection in Group Policy to redirect their My Documents to the file server.

BTW, they don't have to lift the road to lay the cable. They'll bore underneath the road to lay a pipe through which they will run the fiber cable. It may still be cheaper to buy more internet bandwidth and use a VPN. Any chance you have MetroEthernet or MPLS available through a local communications provider?

RobertKaucher · July 2009

DjScientist wrote: »

Hi all,

I think this is what i have to do for them:
1.Create a new domain for them
2.Provide them with internet connection
3.Create File and Print Servers
4.Configure Network Printing
5.Move Files from their PC to a centralised Server
6.Create shares and configure permissions

It sounds like you are not only unsure of how to perform the task, but also what the task actually consists of. I would get some clarity from my boss, if I were you. Not on how to do it, but exactly what he wants done. Otherwise you are bound to miss something.

And as far as creating the new domain… Claymoore is very correct in his description of reasons to create a new domain. Unfortunately I see many admins who feel that “making their own jobs harder on themselves” is a valid reason for creating a second domain. Don’t fall into this trap!

GAngel · July 2009

A couple other things not mentioned. Security for this box will be handled how

Is the specs on the server good enough to support all the services you're going to load on it. Users will complain to no end if things are not atleast the same speed as before.

(I don't need to know but you should)

Pash · July 2009

RobertKaucher wrote: »

It sounds like you are not only unsure of how to perform the task, but also what the task actually consists of. I would get some clarity from my boss, if I were you. Not on how to do it, but exactly what he wants done. Otherwise you are bound to miss something.

And as far as creating the new domain… Claymoore is very correct in his description of reasons to create a new domain. Unfortunately I see many admins who feel that “making their own jobs harder on themselves” is a valid reason for creating a second domain. Don’t fall into this trap!

I am with Robert. Before starting any new project like this you should get clarity of the scope of work involved. This includes drawing out a project specification. For example:-

1) do Users need to share files? (Windows ACL Design)
2) do you need to map printers for people....do managers need to have specific printer mappings (if they print out confidential documents).

You really need to understand the requirements of the users before you can start drawing out a plan of what is required.

DjScientist · July 2009

RTmarc wrote: »

1) Update server
2) Install DNS and DHCP
3) DCPROMO (domainname.local or domainname.msft)
4) Create user accounts
5) Join workstations to domain
6) Install printers (and drivers) on server
7) Create GPOs
8 ) Create shares on server.

This is not a large domain from your description so over-complicating it would be a mistake.

For your login script, what are you wanting to accomplish? Mapping drives, attaching printers (better through GPO), etc?

Why roaming profiles? Will users be changing workstations frequently?

Wireless is a good choice if fiber (buried or aerial) are not an option but depends on distance. Just make sure to properly secure it. How far are we talking? Across the road (feet) or across the city (miles)?

Sorry i have been out of the office and was kind of heldup i couldn't respond to your questions in time.
As for login script,i want drives to be mapped automatically upon login.
I thought about the roaming profile but from my understanding,users will be using their individual machines so i realise there is no need to create roaming profiles.The distance for which we need to connect to is about 1.5KM(15000metres) in between offices.
Thank you for your contribution.

DjScientist · July 2009

dynamik wrote: »

Is there a reason you can't connect via a VPN? Why do you need wireless or fiber?

Do you just want to backup files on user's computers? Check out folder redirection instead of roaming profiles.

What's wrong with ad.domainname.com or corp.domainname.com?

We could use VPN but i think we will need another connection at that office and that will be a bit expensive.We will be using fiber so that the other office across the office can have access to the internet.
As for the domain,this small comapany has already registered their own domain and they want completely out of the main company domain.The main company is in Transporting Business and this other small company is partly owned by the main company and the other company in South Africa.They have been connected to us and they were logging to our domain from another city.

I hope it does clear what you wanted to understand.

Thank You

DjScientist · July 2009

Claymoore wrote: »

Why create a new domain at all? IMO, there are only two good reasons for creating additional 2003 AD domains - separate password policies or a disjointed namespace - and your description mentions neither. You could create another OU for that building, but that's probably not necessary either.

You mention that they were previously connected to the corporate network now. How?

Go ahead and promote the server to a domain controller and assign it to a separate AD site created for that building. You can use a site-to-site VPN to handle the replication traffic. Use folder redirection in Group Policy to redirect their My Documents to the file server.

BTW, they don't have to lift the road to lay the cable. They'll bore underneath the road to lay a pipe through which they will run the fiber cable. It may still be cheaper to buy more internet bandwidth and use a VPN. Any chance you have MetroEthernet or MPLS available through a local communications provider?

We could creata another OU but they made it very clear that they don't want to be associated with main company domain anymore,as we speak,they have already registers their domain and they are using google apps for their email as compared to main company email system like they have been doing.
The cheapest quote for just a few metres fiber was about $2500 and the regional Manager for that side made it very clear that its expensive and we have to look for an alternative.AM just a junior officer and as much as i try to make them understand the benefits of using fiber,they will give u financial reasons why they can't implement whatever you are recommending.
We do not have MetroEthernet or MPLS available through any local communications provider?

I hope its clarified

DjScientist · July 2009

RobertKaucher wrote: »

It sounds like you are not only unsure of how to perform the task, but also what the task actually consists of. I would get some clarity from my boss, if I were you. Not on how to do it, but exactly what he wants done. Otherwise you are bound to miss something.

And as far as creating the new domain… Claymoore is very correct in his description of reasons to create a new domain. Unfortunately I see many admins who feel that “making their own jobs harder on themselves” is a valid reason for creating a second domain. Don’t fall into this trap!

Its very unfortunate RobertKaucher that my boss is not even sure of what he wants done and there is no IT personal from that small comapany,they are relying on us to recommend what they want and my boss is relying on me to tell him what is to be done at that company.Thats what is making it a bit difficult as am not sure myselt what i need to provide.Some of the roles i stated,i made them up hoping it will be sufficient on their side.I wil be using some of your suggestion as the solution when doing the actual implementation.

Thank you for your contribution.

Brand New Domain Question

Comments