Changing from Workgroup to domain newbie help please 1

[petergr]

I am looking after an organisation that started with 5 PCs linked in peer-to-peer workgroup style. They had a designated "server" which runs Windows 2000 pro, which was a central depository for their files and backing up.
Due to expansion they are now planning on having at least 11 PC's which is getting too large for this style of operation.

I have purchased Windows 2003 Server standard with a total of 15 licences (per device) and done a clean install.
I have currently just set it up as a member of a workgroup, but I am guessing I should be setting it up as a domain.

This PC is linked via a router to an ADSL connection, and gets its IP from the router.

Could someone please tell me how to:

1. Change from workgroup to domain - and what should I call the domain (they already have a web domain hosted externally) - can it be the same name as the web domain which is only seen internally or should it be distinct (and what format eg company.com.au ...)

2. The PC's all get their IP from router currently. Is this still OK or should the server take on this function.

3. What about DNS ???

4. I have not yet recieved the client licences -any tricks to installing these.

5. Any tips and tricks to harden the server against intrusion (I have already downloaded all the current patches.

I have an excellent knowledge of PC's but not much on the server side of things.

Thanks in advance

Peter G

 

[Lou0686]

Hi,


1. Change from workgroup to domain - and what should I call the domain (they already have a web domain hosted externally) - can it be the same name as the web domain which is only seen internally or should it be distinct (and what format eg company.com.au ...)

Run DCPROMO on the server to set up the domain. Call the domain somthing different than the curret domain. Company.local usually works. Do not use the same name as the web domain.

2. The PC's all get their IP from router currently. Is this still OK or should the server take on this function.

First the server should have a static IP. Second the server comes with DHCP, you should set this up for the clients...especially if you are looking to configure internal DNS.

3. What about DNS ???

Configure the network to use internal DNS with an outside forwarder.

4. I have not yet recieved the client licences -any tricks to installing these.

Not sure on this process as I have not had to add them after the fact but I can't see it being difficult.

5. Any tips and tricks to harden the server against intrusion (I have already downloaded all the current patches.

If you search Microsoft's site, I'm sure that they have documents concerning this. If not you can do a search on Google.

Lou

 

[petergr]

Thanks for your help Lou.
Can you give me more specifics on the DNS. What is the advantage of having internal DNS (keeping in mind that there is less than 15 PC's), and how do I set up forwarding to the ISPs DNS?? What settings do I then put on the local Pc's - do I leave it on auto or do I point it to the server.
Also where do I tell the server not to use the IP of the router, so it doesnt allocate a PC the same IP.

Thanks

Peter G

 

[Lou0686]

Hi,

1. What is the advantage of having internal DNS (keeping in mind that there is less than 15 PC's).

The DNS info will be cached internally and therefore make searches faster.

2. How do I set up forwarding to the ISPs DNS??

Once you have configured DNS, rightclick on the server, within DNS, and choose Properties. At that point you will see a Forwarders tab. Add the ISP DNS there.

3. What settings do I then put on the local Pc's - do I leave it on auto or do I point it to the server.

Not sure what you mean by settings. If you mean for DHCP, what you would do is turn off the DHCP on the router and activate it on the server. If the PCs are set for DHCP they will automatically start picking up the info from the server. What you would want your server DHCP handing out is the following info: (Under Options)

a. DNS server (which will be the local server IP Address). I would also add the ISP address as a secondary. This is so that they can still surf if the server were down. This is only neccessary when you nly have a single internal DNS server.

b. Default gateway. This would be the IP address of the router.

c. Wins server. Internal server IP Address.

That should be the basic config. Review all the options to see what else you want to assign.

4. Also where do I tell the server not to use the IP of the router, so it doesnt allocate a PC the same IP.

You would configure the IP address as a static IP in the properties of the LAN connection under My Metwork Places (I think that's what it's call on 2003). When you configure your DHCP scope you assign a certain IP Range (I.E. 10.10.10.50 - 10.10.10.100) in this example the PCs will only get IPs within this range. Assign the server 10.10.10.11 or somthing in that nature.

This all assumes that you are using Private IP addresses on the inside network.

Lou

 

[petergr]

Thanks a million for your patient and specific answers Lou. I have spent a lot of time trying to find these answers but most refernces dont give enough specific examples.

I will be setting this up on the weekend - I will let you know how things go.

Peter G

 

[petergr]

Hi Lou, thanks for help earlier. Here is a progress update, and a couple more easy questions I hope:
(It may also help other users in the same position)

Clean installed Server 2003 Std, setting it up initially in workgroup mode using the companies existing workgroup name (companyname).

Ran the "Managing your server" wizard and promoted the server to be the first and primary domain controller, using companyname.local as the domain name.

Added the role File and Print server

Set up 5 groups based on the way the company works, then set up each user, and made them members of the required groups.

Logged onto the ADSL router and changed its IP to be 192.168.0.2 (the server allocates from 192.168.0.10 onwards by default), and turned off DHCP.

Went into properties on the server network connection and pointed the gateway to the router IP 192.168.0.2. The primary DNS pointed to the server itself (192.168.0.1).
No secondary DNS set up yet. Tried the server on the internet - OK. Downloaded all the critical updates.

Tested login from Win2k and Win98SE. Win2k machines wanted to register the PC itself, so I used the admin acct and it worked fine. Win 98 PC did not need to be registered (which is normal from what I have read)

Set up folders to share on the server, and was able to access them from the client (had some trouble with Win98 and I am not sure what I did to fix it).

I think I am ready to go "live" now, but I have a couple more queries:

1. I put a vbs script into the logon folder (copied from MS web site), then pointed the logon profile for the user to use this script. It worked on Win2k, but then refused to allow me access to the newly created mappings, regardless of how I tried to access the files. Removing the logon script didnt reverse the problem. I made the session expire, then rejoined the Win2k PC to the domain and it seems to be back to normal now. What went wrong??? Obviously some permissions not set somewhere (I was logged on as Administrator at both ends).

2. I tried to clone the hard drive with Norton Ghost 2003, but it did not make a usable copy. Are there utilities that can do this successfully?

3. With the XP laptops, they are already using a locally created profile and have Outlook set up etc... If I create the same username and password on the server will their domain login profile see the same settings as the local one (ie I dont want to have duplicate Outlook setups, one for when they are logged in, and one for when they are off the network).

4. For addresses that cant be resolved internally do I put the ISP's DNS under secondary DNS for the network adapter properties, or do I put it in DNS forwarding section.

Thanks again.

Peter G

 

[Lou0686]

Hi Peter,

1. I'm not sure what happened there, but if it now working I wouldn't worry too uch about it.

2. I've not used Ghost 2003. The last version I used was 7.5. Can you expand on "It didn't make a usable copy." Do you have a previous version of Ghost that you can try?

3. Once the they logon to the domain a new profile will be created. You will need to import all their outlook data into the current profile. Are you using Exchange? Normally, OWA (Outlook Webaccess) is used for mail from home.

4. You would add your ISP DNS server as forwarder in DNS itself. DNS will forward all queries that it cannot resolve to the ISP DNS servers.

Lou

 

[petergr]

Thanks Lou:

1. It is not working now, I have just managed to get back to no mapping with access being denied.
I used
set objNetwork=Wscript.CreateObject ("Wscript.Network)
objNetwork.MapNetworkDrive "G:", "\\server\share"

2. Trying to boot from the Ghost copy gave an error message something to do with security settings and told me to boot into a diagnostic mode. When I did this it just looped from the login screen back to the login screen again (Cant remember the exact wording of the error)

3. We are not using exchange at this point, so their home access will have a different profile from their work access which will be very confusing. I am considering relocating their pst file to a common folder as a workaround.

4. I have put the DNS in the forwarding section. The server itself is working on the internet, but none of the clients have access? What am I missing here? I have tried changing gatewaya and DNS's manually on the clients also, to no avail.

Thanks

Peter g