+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Server 2008 R2 Thread, CC3 to Vanilla in Technical; Yes, its one of those threads again. The school I'm at is in the market for some new equipment on ...
  1. #1

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9

    Question CC3 to Vanilla

    Yes, its one of those threads again.

    The school I'm at is in the market for some new equipment on a budget. Got everything planned, and know (hopefully) how to go about it all, involving vSphere and ESXi and SANs and iSCSI 2008 R2 VMs and 7 workstations. The problem I'm facing is how to manage profiles between CC3 and Vanilla workstations.

    All workstations are eventually going to be 7. My question is this, with my new DC's do I add them to the existing CC3 domain and create everything under an OU with GPO inherit disabled, or create a brand new domain.

    The idea being that they wouldn't need a CC3 set of credentials and then a Vanilla set of credentials as they moved around the school. Is this only possible with 1 domain?

    Sorry if that is worded really badly, my brain hurts.

    Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    All workstations are eventually going to be 7. My question is this, with my new DC's do I add them to the existing CC3 domain and create everything under an OU with GPO inherit disabled, or create a brand new domain.
    You can do it either way, but I did migrate AD to a new server first.

    The idea being that they wouldn't need a CC3 set of credentials and then a Vanilla set of credentials as they moved around the school. Is this only possible with 1 domain?
    Yes users could logon, but the odds are they're going to see different desktops (for example) due to different policies being set. Remember though, users will be created a new profile when logging onto Windows 7.

  3. Thanks to Michael from:

    TMODAlpha (11th January 2012)

  4. #3

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by Michael View Post
    You can do it either way, but I did migrate AD to a new server first.



    Yes users could logon, but the odds are they're going to see different desktops (for example) due to different policies being set. Remember though, users will be created a new profile when logging onto Windows 7.
    I can't migrate the users though straight away (assuming moving them would epically break logging on to a CC3 workstation) so I'm guessing a second domain is off the cards? I still need to leave some machines CC3 while we migrate, but if I use WMI filters (all CC3 are XP) then I can assign user and computer GPOs completely using WMI and blocked inherit for the machines OUs?

    Different desktops and start menus are fine, as are profiles. As long as they can log in with the same credentials and access a file share that's all they will need. My only worry was user GPOs, but I can get around that with WMI filters until all CC3 workstations are gone.

    Sound about right?

  5. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    There's nothing stopping you adding a second domain controller. It works absolutely fine.

  6. #5

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Wen I was involved in moving from Classlink to Vanilla we just created a whole new domain fresh - then over the summer period we wiped all client desktops and rolled out a new image to the machines.

    Therefore we built an entire new domain (which was seperate from the current domain) and migrated things manually. The only thing we required as to reset everybody's password. All emails where exported to PST's and reimported and file where copied to new File servers and let AD set the perms when you set the home directory.

  7. #6

    Join Date
    Sep 2011
    Location
    In the Live@Edu Clouds
    Posts
    30
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Personally I would create a whole new domain just to remove all the old RM stuff etc, It has been years since I worked with CC3 but the safest option is a whole new domain and at a push recreate the accounts as sometimes the RM side of things adds extra stuff to the account which may cause problems, The My Documents side should be fine if you delete the My Settings Folder and UMFolder.ini

    My CC3 Knowledge is a liitle out of date so it may not be quite accurate.

    Paul

  8. #7

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by Michael View Post
    There's nothing stopping you adding a second domain controller. It works absolutely fine.
    Didn't think there would be, just going over different methods in my head.

    Quote Originally Posted by glennda View Post
    Wen I was involved in moving from Classlink to Vanilla we just created a whole new domain fresh - then over the summer period we wiped all client desktops and rolled out a new image to the machines.

    Therefore we built an entire new domain (which was seperate from the current domain) and migrated things manually. The only thing we required as to reset everybody's password. All emails where exported to PST's and reimported and file where copied to new File servers and let AD set the perms when you set the home directory.
    This was my plan, problem is people want instant results from the word go. So a gradual transition is the best for this I feel. Waiting until summer just isn't an option at this stage unfortunately. I was going to move the home folders, recreate the users on the new domain and take it from there. Don't have to worry about exchange, it's externally hosted.

    Because I can't create a new domain and I'm going to have to image machines gradually during term time, are the OUs and WMI filters the best way to do it within the same domain? So that they can use both types of workstation from 1 set of credentials?

    Also, there is a lot of legacy software that some subjects depend on to be able to teach, if I just cut RM out and then dealt with these after, I fear there would be a lot of lost learning time. Which also means that for some time at least, select people are going to need to be able to log on to both.
    Think the powers that be want a noticeable difference straight away, but I know if they want that it's going to be gradual rather than done all at once over summer.

  9. #8
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,208
    Thank Post
    137
    Thanked 345 Times in 291 Posts
    Rep Power
    87
    If you don't already have one give your staff a VPN/Terminal server for remote working - would work with existing RM network fine, that then gives them instant improvement while a summer migration goes ahead.

    I know your intent to start the migration process right now but to be honest it will only cause one big pile of headaches - a summer migration truly is the only way to get this right from day one.

  10. #9

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Hmm... you can use WMI, but...

    You obviously need a new OU off the root for your Win7 boxes. Keep machine and user GPOs separate. Link a machine GPO that applies to all Win7 boxes and sets loopback processing (replace), also link some security filtered user GPOs for whatever you want for different categories of user, ditto if you have different categories of machine (alternatively if arrange them in sub-OUs with different machine GPOs linked to them). No need to block inheritance unless you think inheriting GPO: Default Domain will hurt (settings in mine wouldn't).

    I've never done this (loopback replace + security filtering), but it's what I'd try first in preference to WMI. If no one points out an obvious hole, then just give it a go with one test Win 7 and satisfy yourself about what GPOs hit it etc.

  11. #10

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by jamesfed View Post
    If you don't already have one give your staff a VPN/Terminal server for remote working - would work with existing RM network fine, that then gives them instant improvement while a summer migration goes ahead.

    I know your intent to start the migration process right now but to be honest it will only cause one big pile of headaches - a summer migration truly is the only way to get this right from day one.
    It isn't me that wants to start it right away. My hands are tied on that.

    Quote Originally Posted by PiqueABoo View Post
    Hmm... you can use WMI, but...
    You obviously need a new OU off the root for your Win7 boxes. Keep machine and user GPOs separate. Link a machine GPO that applies to all Win7 boxes and sets loopback processing (replace), also link some security filtered user GPOs for whatever you want for different categories of user, ditto if you have different categories of machine (alternatively if arrange them in sub-OUs with different machine GPOs linked to them). No need to block inheritance unless you think inheriting GPO: Default Domain will hurt (settings in mine wouldn't).

    I've never done this (loopback replace + security filtering), but it's what I'd try first in preference to WMI. If no one points out an obvious hole, then just give it a go with one test Win 7 and satisfy yourself about what GPOs hit it etc.
    Never tried loop back, but it makes sense over WMI. I'm just restricted on time too which means my play and testing time is minimal. Which means things are going to break.

  12. #11
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    607
    Thank Post
    4
    Thanked 135 Times in 126 Posts
    Rep Power
    51
    Quote Originally Posted by PiqueABoo View Post
    Hmm... you can use WMI, but...

    You obviously need a new OU off the root for your Win7 boxes. Keep machine and user GPOs separate. Link a machine GPO that applies to all Win7 boxes and sets loopback processing (replace), also link some security filtered user GPOs for whatever you want for different categories of user, ditto if you have different categories of machine (alternatively if arrange them in sub-OUs with different machine GPOs linked to them). No need to block inheritance unless you think inheriting GPO: Default Domain will hurt (settings in mine wouldn't).

    I've never done this (loopback replace + security filtering), but it's what I'd try first in preference to WMI. If no one points out an obvious hole, then just give it a go with one test Win 7 and satisfy yourself about what GPOs hit it etc.
    We run a CC3/Vanilla combo at present on our existing RM servers without any issues, and will do until our last CC3 client is replaced and we can migrate the server.
    Just create a new OU outside of the RM Establishments and set the in inheritance, then create your new structure within it and the GPO's you want.
    You can leave users on your existing servers for now, but allow the XXX Students, xxx Teaching Staff etc modify access to the root of the Profiles share for each type so that if you using roaming profiles still the .V2 folder can be created automatically.

    You can use WMI, but as the Win 7 stations would be within your new OU it will not have an impact on your CC3 ones.

    You can also update the AD schema on your CC3 domain to Windows 2003 R2 level to give you printer deployment ability, and should also be able to update the 2008 schema (although I've not yet tried the 2008 one)

  13. Thanks to Boredguy from:

    TMODAlpha (14th January 2012)

  14. #12

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Great feedback, thanks.

  15. #13

    Join Date
    Jan 2012
    Location
    Leicestershire
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Marc G?

  16. #14

    Join Date
    Jun 2010
    Location
    Nottingham
    Posts
    134
    Thank Post
    19
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by RockStar View Post
    Marc G?
    Depends who's asking

  17. #15

    Join Date
    Jan 2012
    Location
    Leicestershire
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by TMODAlpha View Post
    Depends who's asking
    Well I guess I can PM you now I've made my second post, I think that is the rule...

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. CC3 to Vanilla Network. Last Stages, Error message when logging in.
    By Richings110 in forum Network and Classroom Management
    Replies: 12
    Last Post: 5th July 2013, 01:07 PM
  2. CC3 to Vanilla....costing
    By mcnallyfc in forum How do you do....it?
    Replies: 8
    Last Post: 8th October 2010, 10:39 AM
  3. Moving from CC3 to Vanilla.....
    By mcnallyfc in forum Network and Classroom Management
    Replies: 16
    Last Post: 30th July 2010, 09:52 AM
  4. CC3 to Vanilla Server 2008 Advice Please
    By dcjg70 in forum Windows Server 2008 R2
    Replies: 11
    Last Post: 16th June 2010, 02:42 PM
  5. Migrating form RM CC3 to vanilla win 2K3 & XP?
    By nicholab in forum Network and Classroom Management
    Replies: 9
    Last Post: 22nd February 2007, 11:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •