CC3 to Vanilla Server 2008 Advice Please

[dcjg70]

Dear all,

 

I currently maintain a CC3 network at a secondary school, however we are in the process of planning the move to a standard Vanilla network.

 

Could anyone lend any advice or tips on the following: -

 

* Whats the best way to move the students work/profiles?

* Is there a way of beginning this network change if we use a different subnet mask and IP range? What is the best way of getting our new servers up and running without them conflicting with our current DCs?

* Should DNS/DHCP be installed on all of the new servers or just the Forrest Root (4 servers in total)

* Is there a 'proper' way to set up IP addresses and Subnets or can we be quite free with what we choose?

 

Any help would be greatly appreciated

 

Thanks.

[maniac]

I've not personally migrated from CC3 to server 2008, but I have migrated from CC3 to Server 2003 based network (mainly because we already had the licenses)

 

I used Robocopy to move the students, staff and shared areas from the old to the new

 

You can run two domains in the same IP address range, I created our new domain and ran it alongside our old one for a few weeks while I got it all working. I also created a trust between the two domains, which makes life a lot easier. To start with the old and new domains ran their own DNS, but DHCP must only be on one server on your network at a time - it was the last service to move over. We temporarily added our new DNS servers into the DHCP settings for the old network so the two would function in parallel, then turned DHCP off on the old and on on the new as our final step before retiring the old domain.

 

If you're part of a broad band consortium, they will probaby specify what IP address range your school should be using to avoid conflicts on their network. If you have your own firewall and NAT in place, this might not matter and you would be free to pick any private IP address range you want. Subnets will depend on the number of IP addresses you need to use - we have a block of 4 **.**.60.1 - **.**.63.254 which needs a subnet of 255.255.252.0 to make them all talk to each other.

 

The trick is to get the new domain fully functioning before moving anything across, then you can do one of 2 things. Move users across one at a time by adding their workstations to the new domain, moving across their work then allowing them to logon to the new domain. Or do what we did which was to have a week where no one could use the system, so we could move everything across in one go, then slowly add users and workstations to the new network one at a time, and of course re-image all our student machines after this - this took most of the summer to complete. We were lucky in a way as our staff machines wern't RM'd so to speak, so we could simply add them to the new domain as they were, but for workstations which have been through the RM build process, you have no choice but to re-image.

 

We adopted FOG as our imaging solution, as of course one of the things you lose is the RM build process. We adopted papercut to replace RM print management, and a series of VB scripts to do printer and drive mapping. There's a lot involved in the process, and a well layed out plan is essential.

 

I planned our move for 4 months before we did it, and had a very well written plan which worked pretty flawlessely, although took longer than anticipated; so one big tip is allow much more time than you think you're going to need. Even with 2 weeks extra on my schedule, we struggled to complete in time for September - lots of late nights when we were getting close to the end of the holiday, but boy are we glad we did it.

 

Mike.

Edited March 25, 2010 by maniac

[PiqueABoo]

I planned our move for 4 months before we did it, and had a very well written plan which worked pretty flawlessely, although took longer than anticipated;

 

This is the key point: By all means do it, but don't expect it to be trivial.

 

For 2008: You could try MDT for building. Use GPPs for drive and printer delivery and a few other bits. Native S/W deployment isn't great, so investigate and consider some of the alternatives. GPOs in the same attention-to-detail ballpark as RMs will take quite a lot of time to make.

[maniac]

Also one of our biggest hassles was staff laptops - we had to collect them all in at the end of the term, and store them for re-imaging/moving to the new domain. The logistics of this are bigger than you anticipate, and you need a well worked out plan for re-distributing them back to staff and getting them all happily logged onto the new system.

 

I had a 1 hour slot on the first staff training day of the new term to introduce all the staff to the new system, and give them a guided tour around what was different when compared to the old one. I also wrote a user guide to go with this - this also takes time which I hadn't really allocated so had to do a lot of extra work from home to prepare this.

 

It's probably the single biggest achevement of my career to date migrating from CC3, and one I'm quite proud of as it is by no means a trivial undertaking. Suceed and the benefits are huge, but get it wrong and the headaches it will cause you are immense. Remember there's no support providor to pick up the phone and call when things go wrong if you go it alone, so make sure you have a very good understanding of what you're taking on - the buck stops with you once you're on a vanilla system. (Unless of course you pay a 3rd party for additional support)

 

Mike.

[dcjg70]

Thank you both for your replies. I have between now and summer and then 4 weeks within summer to carry this out. I have the new Vanilla servers in the building with server 2008 pre-installed and partitioned ready for the change over.

 

What I ideally need now is some advice how to go about this in the correct order to get it right first time. I am fully aware and appreciate this is going to be no small task. Luckily our staff laptops don't join the domain so in that respect thats 80 less machines to worry about. In total I have around 900 users to move and 360 machines to re-image.

 

If I join the new servers to the network, promote them all to DC's put active directory on all 3, DNS on all 3 and leave DHCP off, should I then be able to start setting up GPO's and RIS to roll out Windows 7 via PXE boot.

 

Any help as I say is greatly appreciated.

[maniac]

What I ideally need now is some advice how to go about this in the correct order to get it right first time. I am fully aware and appreciate this is going to be no small task. Luckily our staff laptops don't join the domain so in that respect thats 80 less machines to worry about. In total I have around 900 users to move and 360 machines to re-image.

 

If I join the new servers to the network, promote them all to DC's put active directory on all 3, DNS on all 3 and leave DHCP off, should I then be able to start setting up GPO's and RIS to roll out Windows 7 via PXE boot.

 

I would not join your new servers to the existing RM domain, as they will then inherit all the RM GPO's and security settings including any faults that may lie in that structure. I would create a brand new domain with a different name, and for the purposes of migrating your users and home areas etc. create a two way trust between them while both domains co-exist - that's my recomendation anyhow.

[jonspurs]

Mike / Maniac, why did you choose to move away from CC3?

Did you have 2 networks running at the same time, ie, admin and curriculum?

 

We have 2 domains which we want to flatten, running out of storage on both, and seems like CC3 is being phased out, so RM are pushing for CC4, though we are looking at alternatives, like vanilla Windows, though an external company would be involved.

 

With RM, everything is secured/locked down, which is what we want for students, though how would this be applied in a vanilla environment? And how would those 150+ apps packaged up for RM be migrated?

 

Cheers,

Jon

[djm968]

Having completed a 1500 user RM Connect 2.4 (NT 4) to vanilla 2003 domain, email and SAN based storage migration, I agree that planning the project is vital if you are to succeed. The co-existing RM - 2K8 domain method is definitely the best approach this will by you time to implement and test the security policies, GPOs and scripts.

 

I would also investigate the available third party application packaging and deployment tools as these will make day-to-day management of the migrated domain much easier.

 

Always a good option to have a backup plan (third party support!) if the proverbial does hit the fan.

 

Shameless plug now (apologies in advance) but I would be willing discuss an ad-hoc support arrangement should you require assistance.

[jonspurs]

Thanks for the reply.

I'm still looking in to this and have heard Microsoft System Center Configuration Manager does updates / app deployments / os deployments / etc - has anyone used this?

 

Cheers,

Jon

[DaveCoop]

Theres a good little program called ADModify which allows you to change multiple aspects of user accounts it wont rock your world but it may certainly help good luck

[simpsonj]

A few things to add as I'm planning exactly the same thing this summer.

 

Definately want to run the two domains side by side as it makes for an easy transfer. Most of the RM Applications you've created can be transferred over to Server 2008 and deployed via Group Policy with little issue (and its a great opportunity to update those old apps!). If you can get a test network of at least one or two stations to test GP, app deployment and Windows Deployment, then you're onto a winner. RIS is dead, and its WDS you need to deploy Windows 7 using PXE. If you need some links to get WDS working, send me a pm and I can send them over to you. I'm currently building up a workstation to use as an image, so I'll be Sysprepping for the first time in anger very soon.

 

For those that want to know the reason why I'm moving over to Vanilla, simply put its the cost 1st, my own development 2nd. Our CC3 Server is running on 5 years, and it is nowhere near as reliable as it once was. To get a reinstall of CC3 seems expensive and pointless, and CC4 is way beyond our budget. So with a Microsoft School Agreement, I can shift onto Server 2008, plus Windows 7 and Office 2010, for no extra cost.

[simpsonj]

Also, a really useful program is Bulk Password control, which not only allows yourself and teachers to change passwords, or lots of passwords all at once, it also allows for mass changes to Active Directory properties, which might save you a lot of time!