Today we had a huge pile of fun regarding our 3 Forests (2003 R2), NTFRS and the SYSVOL area.

Somehow - last night, the whole thing decide to 'kiss goodbye' to life in general and hang itself by the short rope.

This morning I remoted in via VPN (or tried to) and discovered this heap of fun waiting for me.

As I had no method to VPN in (as not only was SYSVOL non-existent, but no authentication worked at all either...) I had to wait until I got into the office.

Suffice it to say that it's all working happily now, NTFRS is happy, SYSVOL is happy and all is right with the world again (despite the fact that certain members of staff can't follow instructions of "Please DO NOT call us to tell us things aren't working... we KNOW.").

So... with todays' disaster behind me - I'm seriously considering moving our DCs to Server 2008.

Now I feel the need to point out the following:
1) Servers are i386 - not x64 based.
2) Servers are DCs and GCs, host Group Policies and a whole host of other files.
3) Some DCs also host IIS based applications (this dates back to when we had very limited budget and not enough servers...).
4) Some DCs are using the File Quota and File Screening capabilities of 2003 R2.

Now as far as I'm aware - they do little more than above, perhaps run a few additional 3rd party apps (Oliver+ for our Library - which is IIS based).

For those of you who run 2008 servers either as member or DC servers, have you come across any little tips/tricks or stumbling blocks from moving to 2003 to 2008?

We have 2 2008 servers, fresh builds - I noticed 3 issues.
1) Our remote access tool (Dameware) required a hugely later version to work with 2008 reliably.
2) In relation to #1 - We had to disable the whole UAC thing via local policies on the servers in order to get a decent level of access via DW to the servers.
3) We noticed that if we logged into the servers LOCALLY and the LOCAL account had the same password as a DOMAIN account - 'passthrough' didn't occur.

(On 2003, if a local account and domain account had the same login name and password, you could simply login locally and use the local creds to get the domain-based access... local admin for example 'passes through' on 2003 to allow us to access network shares as a full domain admin IF our logins and passwords were the same. - On 2008, this doesn't seem to occur, is this normal behaviour?)

(I know all about account security and such, sharing passwords between local/domain accounts and such is a huge no-no, we're trying to get away from all that style of thinking but manglement likes it nice and simple so my juniors don't have to remember lots and lots of passwords...)

So... any advice/tips/tricks?
On the surface - 2008 seems a different beast, but once you work out where the common options are and such, it just seems to work - just like 2003 R2.


PS - For those curious/interested - NTFRS (among other things) had taken it upon themselves to wipe our SYSVOL structure and then hang itself. I fixed the issue by rebuiling SYSVOL and resetting NTFRS before restarting NTFRS and the NETLOGON services.