+ Post New Thread
Results 1 to 12 of 12
Wireless Networks Thread, Merging Admin and Curriculum 2003 Domains in Technical; We have 2 2003 domains on 2 different ip ranges and physically speparated (different switches in same cabinets) each with ...
  1. #1
    pjm1974's Avatar
    Join Date
    Apr 2007
    Location
    Northumberland
    Posts
    15
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Merging Admin and Curriculum 2003 Domains

    We have 2 2003 domains on 2 different ip ranges and physically speparated (different switches in same cabinets) each with an DSL connection, Admin through our CC and Curriculum through a local ISP (split in one 8MB router)

    Our CC is providing a single hugely improved broadband link through the local ISP (our Curriculum network). All high schools in CC are to get the link but we are unique in that our Admin network is very heavily used, 150+ PCs and every member of staff has an account.

    Because the broadband link comes into Curriculum and I built it (know it inside out and the Admin domain was the 1st 2003 domain built by county before I took the job and has "issues"!), my plan was to migrate all users and files shares from Admin into Curriculum. Do away with any non student user accounts on Curriculum and merge and data they had stored on either domain together.

    Issues:
    1. the remaining single domain would named CURRICULUM, when I'd prefer it to be named after our school (as our admin domain is).
    2. Staff would have to stop using current admin login details and use their Curriculum logins, which most of them have but only a few use.
    3. Each member of teaching staff's laptops (provided to use for Lesson Monitor) would have to be reconfigured from Admin to Curriculum domain before start of school in sept.
    4. some decision on what to do about shared H drived which exists on both domains (one for shared data for students and one for staff only)

    Having looked through technet resources and threads here I wonder if I am thinking about it the right way.

    Could I keep the Curriculum domain but change it's name to that of the Admin domain thus saving a lot of work educating users and reconfiguring staff laptops (and admin workstations)? If so in what order should I do it: start by renaming Curriculum domain, then use Migration tool to move users or the other way around?

    Any advice much appreciated

  2. #2
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    42
    Assuming that all that is changing is one ISP, why is it felt necessary to merge the domains? Another assumption, that you are using a private IP range, could this range not just be transferred to the new connection?

    It just seems a huge upheaval that is not actually required. Having admin on a physically separate network/domain makes sense from a security view point.

    Just a thought, feel free to ignore me if I'm talking rubbish.

  3. #3

    Join Date
    Apr 2006
    Location
    West Midlands
    Posts
    314
    Thank Post
    29
    Thanked 19 Times in 18 Posts
    Rep Power
    21
    I think its a very positive move to merge domains!! Security implications can be managed - and the network can be secured with Group Policy objects and VLANS and a whole host of other things.

    It also helps with stuff like rolling out your MIS across the whole school!

    For the name thing - you could :
    1. Start off with a new network - and start afresh;
    2. Stick with the domain being curriculum - [although I wouldn't - it might confuse people!]
    3. Try something like this: http://www.petri.co.il/windows_2003_domain_rename.htm


    Go for it!
    Last edited by kiran; 20th July 2008 at 01:43 PM.

  4. Thanks to kiran from:

    pjm1974 (5th August 2008)

  5. #4
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35
    Tend to agree with Leco. Opinions vary on the issue of using single domains in school. I personnally still favour two as this gives better isolation of systems and data on the admin network.

    If you want to consolidate (there is no way to 'merge' sadly), you will either have to recreate AD objects (user acounts, groups, computer accounts) or use the AD Migration Tool (ADMT - now at V3.something) to 'clone' the objects into the target domain. Whatever you do, it's a fair old job. You may want to consider a whole new domain and migrate AD objects from both existing domains into a new one.

  6. Thanks to ajbritton from:

    pjm1974 (5th August 2008)

  7. #5
    pjm1974's Avatar
    Join Date
    Apr 2007
    Location
    Northumberland
    Posts
    15
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    leco: It's not an option to keep 2 seperate domains

    ajbritton/kiran:I am purchasing one new server to host all student and staff home directories, but don't want to have to create a brand new domain and migrate using ADMT) from both my admin and curriculum domains, surely this would be a longer process since I'd have to rejoin every domain pc to new domain too?!

    Having looked through options I think I will use ADMT to migrate curriculum user to new server.
    Then migrate AD and data from Admin domain to Curriculum domain. Then demote my admin dc and domain
    Then work on domain renaming of Curriculum

    Can you see this order of attack presenting any problems?

  8. #6
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    42
    Quote Originally Posted by pjm1974 View Post
    leco: It's not an option to keep 2 seperate domains
    Sorry about that - sad indeed.

    Can you see this order of attack presenting any problems?
    Sorry again, can't help with this as I've never done it.

  9. #7
    jack0w's Avatar
    Join Date
    Jan 2008
    Posts
    123
    Thank Post
    12
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Quote Originally Posted by pjm1974 View Post
    leco: It's not an option to keep 2 seperate domains

    ajbritton/kiran:I am purchasing one new server to host all student and staff home directories, but don't want to have to create a brand new domain and migrate using ADMT) from both my admin and curriculum domains, surely this would be a longer process since I'd have to rejoin every domain pc to new domain too?!

    Having looked through options I think I will use ADMT to migrate curriculum user to new server.
    Then migrate AD and data from Admin domain to Curriculum domain. Then demote my admin dc and domain
    Then work on domain renaming of Curriculum

    Can you see this order of attack presenting any problems?
    We were in a similar position to you about a year ago. In the end we opted to create a brand new domain, at least that way we could ensure there were no historic gremlins!

    We built our new domain in parallel to our existing two network during term time, and then during the Easter holiday we migrated Teaching Staff/Student accounts from the Curriculum network to the new domain and the Support Staff accounts from the Admin network. To get around having to rejoin all the computers to the domain (since we have a network of over 500 computers which would have been a huge task!) we just migrated the computer accounts from their original domain to the new one.

    With preparation done before the holiday period we were able to pull it off in just over a week which included rebuilding all of our servers which were being assigned different roles in our new domain.

    Its definitely doable, just make sure you have everything planned out before you start - that way there shouldn't be too much that would trip you up!

  10. #8
    pjm1974's Avatar
    Join Date
    Apr 2007
    Location
    Northumberland
    Posts
    15
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'm considering changing to an entirely new domain name for Curriculum rather than re-use the old Admin one (as I had earlier planned) in case there is some association on the old admin domain name after migrating it's users and data via ADMT?

    Rendom claims to handle the domain name change on worstation computers after a couple of reboots (I realise my admin domain computers will have to taken out of domain and added to the new one in any case) in any case.

  11. #9
    jack0w's Avatar
    Join Date
    Jan 2008
    Posts
    123
    Thank Post
    12
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Sounds like a good idea to me, we were strongly advised against renaming a domain and to be honest I'm glad we took the time to set everything up ourselves. Was really worth the time spent.

    Going on memory here, we had to create a trust between our new domain and our existing domains in order to migrate the users, groups and computer accounts with ADMT, we migrated the data using robocopy to preserve the permissions and finally we used the exchange migration tool to move our mailboxes across.

    Hope this is of some use to you!

  12. #10

    Join Date
    Apr 2006
    Location
    West Midlands
    Posts
    314
    Thank Post
    29
    Thanked 19 Times in 18 Posts
    Rep Power
    21
    I would start from fresh - at least you know what's happening and you know you've done it right - and its clean start!!

    Hope everything goes well - let us of know if you have any more problems!

  13. #11

    Join Date
    Apr 2006
    Location
    West Midlands
    Posts
    314
    Thank Post
    29
    Thanked 19 Times in 18 Posts
    Rep Power
    21
    I think its a matter of training - if I see a workstation unlocked I tell that person! Reminding staff and forcing 10 minute screensavers lockouts is always a good way!

  14. #12
    jack0w's Avatar
    Join Date
    Jan 2008
    Posts
    123
    Thank Post
    12
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    We're currently locking computers used by staff after 10 minutes inactivity as well.

    In order to make our staff understand how important it is to lock the computer before walking away from it we did a demonstration of how simple and quick it would be for anyone to open search, enter a students name and bring up lots of private/sensitive information. This was enough to shock them into doing it!

    Although if we ever do see an unlocked, unattended computer we lock the computer immediately, and the issue is taken up by the head with the relevant member of staff since this is a violation of our AUP.



SHARE:
+ Post New Thread

Similar Threads

  1. Install Windows Server 2003 admin pack on Windows Vista
    By FN-GM in forum Wiki Announcements
    Replies: 0
    Last Post: 27th March 2008, 05:19 PM
  2. Replies: 3
    Last Post: 19th February 2008, 11:13 PM
  3. HELP! Recovering Windows 2003 Admin password
    By crc-ict in forum Windows
    Replies: 7
    Last Post: 8th September 2006, 07:40 PM
  4. Admin and Curriculum separate or merged?
    By rusty155 in forum Wireless Networks
    Replies: 26
    Last Post: 18th July 2006, 04:11 PM
  5. Admin and Curriculum networks seperate?
    By woody in forum Wireless Networks
    Replies: 49
    Last Post: 2nd December 2005, 11:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •