New Windows 2003 domain server installation

[SYNCRO]

Hi all,

We are a small business ( 30 clients & 1 server) and are planning to replace
upgrade our old Windows 2000 server. In the same time we though it would be
a good idea to install Windows 2003. We also want to be able fo our users to
log to our server from home using Windows 2003 built-in VPN solution. I'm
seeking solution on the best scenario for our installation

1) Users, shares migration. We don't have another server at hand. Is there a
way to back up the users accounts as well as the shares and permission.

2) We are planning to install, DHCP and DNS server on the same server as
well as remote access server. What should be the consideration here? What is
the best way to proceed considering that we have a router (DHCP disabled)
which acts as a gateway for the internet?

3) Do i need to use both network card? If so how to connect them. I guest
the fastest one for the LAN part (plugged in the router?) and the slowest
one for the wan part (plugged in the router?).

Our server is mainly used as a file server but we also run on it a timesheet
application which can be access by our employees from outside the network
using any browser.

Our server specs will be :

(2) XEON P-III Processors (dual)
(1) GO ECC RAM
(1) 100 MB NIC
(1) 1000 GB NIC
(1) Tyan Board
(2) Ultra 320 SCSI seagate 70 GO RAID (mirror) HD
(1) Enlight hot swappable hard drive bay (5 disks) SCSI ultra 320
(1) Compaq 20/40 GO External DAT tape backup
(1) Enlight Case
(2) Redundant power supply
(1) APC 1000 VA UPS

Thak you for your input

JP

 

[Guest]

Hi JP,

lots of questions so check for some suggestions below...

christos

Hi all,

We are a small business ( 30 clients & 1 server) and are planning to replace
upgrade our old Windows 2000 server. In the same time we though it would be
a good idea to install Windows 2003. We also want to be able fo our users to
log to our server from home using Windows 2003 built-in VPN solution. I'm
seeking solution on the best scenario for our installation

1) Users, shares migration. We don't have another server at hand. Is there a
way to back up the users accounts as well as the shares and permission.

My suggestion would be to GET a second server. With 30 users, DNS, DHCP,
remote access and network shares running on this server you cannot afford to
lose your domain. You can get a professional-grade entry-level box for $700
these days. Install Win2003 on the new box, then demote the old server and
reinstall windows. Keep the new box as secondary DC, secondary DNS and backup
DHCP. Write a script to backup all your user data from PDC to 2nd DC in the
middle of the night so this way you have full redundancy

2) We are planning to install, DHCP and DNS server on the same server as
well as remote access server. What should be the consideration here? What is
the best way to proceed considering that we have a router (DHCP disabled)
which acts as a gateway for the internet?

There is no "consideration" here. Using windows DHCP (and DNS) makes sense
if you want the added flexibility of centrally managing your DHCP clients.
Combine with dynamic DNS registration so that users can remotely access
DHCP-ed computers by name. This way you can reduce how many static IP you may
need etc.

3) Do i need to use both network card? If so how to connect them. I guest
the fastest one for the LAN part (plugged in the router?) and the slowest
one for the wan part (plugged in the router?).

You can enable both cards but run Windows Client and File & Print Sharing on
only one of the cards if you wish. But this is not necessary. What you will
have to do for sure is to define the Giga-card as first in order in the
ethernet advanced properties. Also, Win03 DCs sometimes misbehave on
computers with many NICs so it may be a good idea to start with one NIC, then
bring in a second one after you feel comfortable with the configuration. At
that time use one NIC for internal and one for external (ie WTS). Of course
both cards will be on the same LAN.

 

[James McIllece [MS]]

Hi all,

We are a small business ( 30 clients & 1 server) and are planning to
replace upgrade our old Windows 2000 server. In the same time we
though it would be a good idea to install Windows 2003. We also want
to be able fo our users to log to our server from home using Windows
2003 built-in VPN solution. I'm seeking solution on the best scenario
for our installation

1) Users, shares migration. We don't have another server at hand. Is
there a way to back up the users accounts as well as the shares and
permission.

2) We are planning to install, DHCP and DNS server on the same server
as well as remote access server. What should be the consideration
here? What is the best way to proceed considering that we have a
router (DHCP disabled) which acts as a gateway for the internet?

3) Do i need to use both network card? If so how to connect them. I
guest the fastest one for the LAN part (plugged in the router?) and
the slowest one for the wan part (plugged in the router?).

Our server is mainly used as a file server but we also run on it a
timesheet application which can be access by our employees from
outside the network using any browser.

Our server specs will be :

(2) XEON P-III Processors (dual)
(1) GO ECC RAM
(1) 100 MB NIC
(1) 1000 GB NIC
(1) Tyan Board
(2) Ultra 320 SCSI seagate 70 GO RAID (mirror) HD
(1) Enlight hot swappable hard drive bay (5 disks) SCSI ultra 320
(1) Compaq 20/40 GO External DAT tape backup
(1) Enlight Case
(2) Redundant power supply
(1) APC 1000 VA UPS

Thak you for your input

JP

Hi JP --

You can find a ton of great and useful information on migrating from W2K to
WS03 at Windows Server 2003 Upgrade Assistance Center
http://www.microsoft.com/windowsserver2003/upgrading/nt4/upgradeassistance/
default.mspx.

The setup that I think will work best for you in terms of remote access is
the following:

VPN clients -->> Internet -->> Your cable or DSL modem (or whatever type of
connection you have -->> Your router/firewall (with a static IP address) --your Intranet/LAN (via a hub or whatever.

What you need to do to make this work is to configure input and output
filters in your firewall to allow the VPN connections to work properly.
There is a Help topic in WS03 VPN Help that explains how to configure all
of this called "VPN servers and firewall configuration." The Help is on the
Web at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspx.

The VPN Help is found at this path: Network Services | Managing Remote
Connections | Virtual Private Networks.

Just in case you haven't deployed VPN before, you will need to choose
between two methods of deployment -- PPTP connections or L2TP/IPsec
connections. PPTP connections are easier to deploy and L2TP connections are
harder to deploy (they require a public key infrastructure with
certificates on the clients and the server), but they are more secure. Both
of these connection types are well documented in the Help, as is how to
deploy them.

You should probably put the GB NIC card on the LAN side as NIC2 -- but you
probably won't see any benefit from the added speed of the card unless your
workstation NICs and cabling support that speed.

As for DHCP, you definitely only want one DHCP server operating on the
subnet at the same time, unless you are setting up a failover with two
servers. Most likely the best scenario is to disable DHCP on the router and
use DHCP in WS03. Then when you deploy VPN, you can configure the VPN
server to supply remote access clients with IP addresses from the DHCP
server and the correct IP address range. (The way this works is that the
RRAS server automatically grabs 20 IP addresses from the WS03 DHCP server,
then assigns them to VPN clients when they connect. If it needs more
addresses from the DHCP server, it grabs 20 more, etc.)

And if you install DNS, you can configure DHCP to use DNS dynamic updates,
and it will automatically register the A record in DNS for clients. Because
the DHCP server will reside on a domain controller, you should read the
DHCP Help to learn how to correctly configure DHCP for dynamic updates. See
the topic "Using DNS servers with DHCP."



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.