HELP REQUIRED: Network solution/approach for new Sixth Form building

[techie2008]

Hi edugeekers,

I hope I have posted in the right section, if not, i'm sure the lovely mods here could move it to the right one for me

Right, our secondary school is opening a brand new sixth form centre in its own new separate building this September. I have been asked to implement a network solution where staff and students from the secondary school can logon to the sixth form computers and vice versa (sixth form students and staff can logon to the schools network.

Sounds easy huh, well heres my dilemma. Our school is currenly operating in a 2003 domain with XP as its clients. I have been instructed by senior staff to deploy Windows 7 in the sixth form centre. I have currently bought a HP DL380 G7 server and installed 2008R2 Enterprise but before I join it to our domain and promote it to a DC, I want to know which approach I should take.

Do I make this server a child domain for the sixth form centre or just add it to the domain as our first 2008R2 DC (I have already done adprep on my 2003 domain) or do you have a better idea, which you would like to share?

If I choose my second approach and keep my network on one single domain, how do I force my win7 clients to authenticate to my 2008r2 server rather than the other DCs I have on my network? I want to keep as much network traffic in the new sixth form building in the sixth form building!

I look forward to hearing your views.

Regards,

Techie2008

[jamesreedersmith]

Yes you can make them authenticate to a certain server - read up on "Sites" within a domain.

ETA - i would make it a single domain.

[techie2008]

Yes you can make them authenticate to a certain server - read up on "Sites" within a domain.

ETA - i would make it a single domain.

When you say make it a single domain, do you mean a child domain? If so, would parent and child users need to login as DOMAIN\User when going to a different location?

[jamesreedersmith]

No when i say a single domain - i mean have 1 domain all users logging onto xyz.int or whatever.

[techie2008]

Do you have any good guides/URL links I could follow regarding Sites?

Thank you for your quick responses.

[jamesreedersmith]

Technet always quite good - Overview

If you want PM me a contact number and ill give you a call tomorrow to discuss.

Cheers

James

[techie2008]

OK, thank you.

[m25man]

In order to add your 2008R2 DC to your existing domain you will need to extend the schema of the 2003 Domain first.
Once done and the 1st 2008R2 is DC intoduced your domain is running in mixed mode.

The 2003 DC will quite happily authenticate and support your Windows 7 clients it will even replicate the 2008 R2 AD additions between servers.

Your problems however will be that due to the fundamental differences between these Server OS's you simply will not be able to manage your DC's easily and subsequently the Domain without jumping through a lot of hoops.

You really need to plan carefully with the objective of upgrading the entire domain to 2008R2 controllers as quickly as possible as you are likely to find maintaining a mixed mode environment in a single domain model a pain in the a** if it goes on for too long!

I'd stick with the single domain but update to 2008R2 native as soon as possible.

[glennda]

Yes I would suggest just a single domain - is the new building going to be on the same site?

I would just go for getting a Fibre cable run from the Secondary school to the new building (if on same site or is do able). Then either have all the Sixth form servers running in the same server room as the secondary or have a seperate Server room in the sixth form building (this could be better as you can then backup from one server room to another).

Not sure where you are but if anywhere down south pm me your details and more then happy to either talk over the phone or visit.

Toby

[techie2008]

Thank you all for your advice.

I will add the server to our domain and currently leave it in AD mixed mode and maybe look at moving to native in the summer.

I just need advice on AD sites as this section is all new to me.

[chrisbyrd]

I have been instructed by senior staff to deploy Windows 7 in the sixth form centre.

This sort of thing always makes me wonder if its because they've seen the nice shiny adverts for it in PC World, or if its based on some sort of actual understanding...

[apeman]

my question would be why do you even need a 2008R2 DC?? it will give no advantage if your domain is still in 2003 mode.

if it was me i would stick with 2003 and stick with a single domain, keep things simple. A windows 2003 domain can easily support windows 7 clients without any modifications.

if you need to write group polices for windows 7 you just write them on a windows 7 client.

one thing to watch out for when mixing xp and windows 7 are the profiles and some of the settings in group policy which relate to them, they can cause all sorts of problems.

once you have it all working and tested for a couple of months, then upgrade all DC's to 2008R2 and Domain to 2008R2 if you really need the extra features.

[Oops_my_bad]

As glennda. Just get a fibre between old and new building if they are on same site. Chances are they will be digging for ducting anyway to link fire alarm etc, so whack your name down for some space in there for a fibre. But plan your topology in doing so.

You want to keep things nice, simple and consolidated for yourself and in this case, Running sites would be overkill if you can avoid it. Afterall.. are you getting a payrise for the increased responsibility/workload? Didn't think so

It is sensible to be migrating to Windows7, and given that XP is 10 years old and there is almost no support from microsoft for it now, dare I say it your management have made a good recommendation

[mrbios]

It is sensible to be migrating to Windows7, and given that XP is 10 years old and there is almost no support from microsoft for it now, dare I say it your management have made a good recommendation

I agree with everything you've said, except to expand on the last bit ... they've made a good recommendation albeit based on no prior knowledge of the workload involved, I'd make them aware of the work you'll need to do and the time it'll take over going with what you already have in place (even though sticking with XP would be silly imo, make them sound like it's the harder idea) just so any issues with time scales or things not being finished when they come to expect it don't fall back on yourself. This way you can point out "ah well i said there would be problems in the beginning, its all writen down 'here'" etc

Read through some of the threads in the windows 7 forum, setup a windows 7 client, and get cracking

if it was me i would stick with 2003 and stick with a single domain, keep things simple. A windows 2003 domain can easily support windows 7 clients without any modifications.

That DC would need to be decomissioned later on down the line and while it may give no added benefit to be adding a 2008R2 DC to a 2003 domain, it also doesn't have any negative effects, making it a 2003 DC would effectivly waste time in the long run.

EDIT: actually i can think of one, quite major positive to making it 2008R2, and that's that he would have a server to learn the OS (assuming he hasn't used it before) Setting it up as a DC is a pretty good way of showing yourself around the basic changes 2008R2 has over 2003

[techie2008]

OK, I joined and promoted our sixthform sever as a DC on our domain.

However I'm having replication issues.

Here is what I am receiving when using DCDIAG:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.SCHOOLSUITE>dcdiag

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = SIXTHFORM-01
* Identified AD Forest.
Ldap search capabality attribute search failed on server NT-6, return value
= 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SIXTHFORM-01
Starting test: Connectivity
......................... SIXTHFORM-01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SIXTHFORM-01
Starting test: Advertising
......................... SIXTHFORM-01 passed test Advertising
Starting test: FrsEvent
......................... SIXTHFORM-01 passed test FrsEvent
Starting test: DFSREvent
......................... SIXTHFORM-01 passed test DFSREvent
Starting test: SysVolCheck
......................... SIXTHFORM-01 passed test SysVolCheck
Starting test: KccEvent
......................... SIXTHFORM-01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SIXTHFORM-01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SIXTHFORM-01 passed test MachineAccount
Starting test: NCSecDesc
......................... SIXTHFORM-01 passed test NCSecDesc
Starting test: NetLogons
......................... SIXTHFORM-01 passed test NetLogons
Starting test: ObjectsReplicated
......................... SIXTHFORM-01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
SIXTHFORM-01: Current time is 2011-01-28 08:43:56.
CN=Schema,CN=Configuration,DC=our,DC=school,DC=dom ain,DC=sch,DC=uk
Last replication received from NT-6 at
2010-06-24 14:51:38
WARNING: This latency is over the Tombstone Lifetime of 60
days!
CN=Configuration,DC=our,DC=school,DC=domain,DC
=sch,DC=uk
Last replication received from NT-6 at
2010-06-24 14:57:17
WARNING: This latency is over the Tombstone Lifetime of 60
days!
DC=our,DC=school,DC=domain,DC=sch,DC=uk
Last replication received from NT-6 at
2010-06-24 15:32:54
WARNING: This latency is over the Tombstone Lifetime of 60
days!
......................... SIXTHFORM-01 passed test Replications
Starting test: RidManager
......................... SIXTHFORM-01 passed test RidManager
Starting test: Services
......................... SIXTHFORM-01 passed test Services
Starting test: SystemLog
......................... SIXTHFORM-01 passed test SystemLog
Starting test: VerifyReferences
......................... SIXTHFORM-01 passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : our school domain
Starting test: CheckSDRefDom
......................... schoolsuite passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... schoolsuite passed test CrossRefValidation

Running enterprise tests on : our.school.domain.sch.uk
Starting test: LocatorCheck
.........................
our.school.domain.sch.uk passed test
LocatorCheck
Starting test: Intersite
.........................
our.school.domain.sch.uk passed test Intersite


NT-6 was demoted as a DC last summer and is now a member server on the same domain. I checked AD sites and services and saw NT-6 is still there with its NTDS settings. Can I just delete it or would more be required?