Upcoming Job couple thoughts on DC demotion
-
I am going to address the elephant in the room here.
- DCs should only only be DC, DNS, and possibly DHCP
- Separate the file server role to a new server (vm)
- Why the hell do you need roaming profiles or even active directory for a network with 6 workstations. Everything should be cloud based. They certainly don't need AD.
-
I would:
- create a Server 2012 core vm (use barebone core install and no extra resources. You won't need them)
- Promote it to DC, add DNS, and DHCP
- Transfer the roles to it
- Demote the file server and the other DC
- Work on creating a new vm for a file server or consider a NAS with cloud backup.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
I am going to address the elephant in the room here.
- DCs should only only be DC, DNS, and possibly DHCP
- Separate the file server role to a new server (vm)
- Why the hell do you need roaming profiles or even active directory for a network with 6 workstations. Everything should be cloud based. They certainly don't need AD.
I was brought into this work after they had it all set up and running for years. I did way more than initally asked. Right or wrong, it is where it is.
Everything at the beginning was virtual and server 2003, the owner demanded an all physical design. He was 100% against all cloud.
I merely did the best as I could and as close to how they wanted. The AD had already been set up as well as the file shares where they were.
I tried very hard to help them move from premise based "physical" but he was having non of it.
I chose to move them to roaming profiles because I observed how the staff worked.
They all desk jump and will use a different workspace multple times during the day.
But they desktops were never exactly the same and data was always somewhere on another system. So it sped them up once I gave them roaming profiles.
Once they saw how the workspace was the same in the entire network they were much happier.
I also implemented user profiles as apposed to a universal single login at each computer where they shared all credentials between.
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
I did way more than initally asked. Right or wrong, it is where it is.
I merely did the best as I could and as close to how they wanted. The AD had already been set up as well as the file shares where they were.As a consultant your job is to do what is best for the network, not what some CEO of a tiny company thinks he wants. If I just kept networks the way they were and didn't make any major changes during my career, I wouldn't be where I am at now. Be careful not to get caught up in what works today. You need to recommend what works in the future.
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
Everything at the beginning was virtual and server 2003, the owner demanded an all physical design. He was 100% against all cloud.
Is he paying you to do exactly what he says or is he paying you for your IT knowledge?
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
They all desk jump and will use a different workspace multple times during the day.
But they desktops were never exactly the same and data was always somewhere on another system. So it sped them up once I gave them roaming profiles.
Sounds like they aren't properly licensing their software. I can't think of another reason to jump workstations throughout the day. They may initially save money, but all that desk jumping is going to cost them in the long run. More IT tickets and less productivity
-
I've V2V'd one of our DC's (it was also our on-site exchange) it was rather painless once it was understood on the process to get it done.
Disable AD replication functions, export and import into it's new home. I would imagine the same thing would have to occur with a physical.
Disable the AD functions, P2V and import.
-
@DustinB3403 said in Upcoming Job couple thoughts on DC demotion:
I've V2V'd one of our DC's (it was also our on-site exchange) it was rather painless once it was understood on the process to get it done.
Disable AD replication functions, export and import into it's new home. I would imagine the same thing would have to occur with a physical.
Disable the AD functions, P2V and import.
I don't get the DC P2V mentality. It is 10x quicker and less risky to build a new DC with the latest OS and transfer the roles.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@DustinB3403 said in Upcoming Job couple thoughts on DC demotion:
I've V2V'd one of our DC's (it was also our on-site exchange) it was rather painless once it was understood on the process to get it done.
Disable AD replication functions, export and import into it's new home. I would imagine the same thing would have to occur with a physical.
Disable the AD functions, P2V and import.
I don't get the DC P2V mentality. It is 10x quicker and less risky to build a new DC with the latest OS and transfer the roles.
In this case (and I wasn't the decider on it) because of ADFS, and everything involved with it, it was cheaper to have me migrate the system into XS, than to pay our MSP to build a new one.
-
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
It's a good chance to get rid of files shares and other things that aren't supposed to be on a DC.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
It's a good chance to get rid of files shares and other things that
arearen't supposed to be on a DC.FTFY.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
It's a good chance to get rid of files shares and other things that aren't supposed to be on a DC.
Well, I don't know about you, I don't have tons of Windows licenses hanging around so I can stand up a file/print only server.
-
We had a DC that P2V when I started working here. It had all major file shares, printers, etc off it. The first thing I did was build a new DC and transfer the roles. The next thing I did was build a new print server and take away printer services from it. The next thing I did was migrated the file shares to a new file server.
Even though I mirrored everything to the new file server, people will still accessing the old server and I didnt really have the suppport of the rest of the IT department. Until one day when the old server died and all we had to do was a DNS redirect. I was a hero
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
It's a good chance to get rid of files shares and other things that aren't supposed to be on a DC.
Well, I don't know about you, I don't have tons of Windows licenses hanging around so I can stand up a file/print only server.
You should have a license for every function. We are talking about critical business functions here. AD, printing, and file sharing.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
We had a DC that P2V when I started working here. It had all major file shares, printers, etc off it. The first thing I did was build a new DC and transfer the roles. The next thing I did was build a new print server and take away printer services from it. The next thing I did was migrated the file shares to a new file server.
Even though I mirrored everything to the new file server, people will still accessing the old server and I didnt really have the suppport of the rest of the IT department. Until one day when the old server died and all we had to do was a DNS redirect. I was a hero
So your data was on both servers? or the printers were?
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@IRJ said in Upcoming Job couple thoughts on DC demotion:
We had a DC that P2V when I started working here. It had all major file shares, printers, etc off it. The first thing I did was build a new DC and transfer the roles. The next thing I did was build a new print server and take away printer services from it. The next thing I did was migrated the file shares to a new file server.
Even though I mirrored everything to the new file server, people will still accessing the old server and I didnt really have the suppport of the rest of the IT department. Until one day when the old server died and all we had to do was a DNS redirect. I was a hero
So your data was on both servers? or the printers were?
Data
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
IRJ's point was that P2Ving a DC is kinda a waste of time.
But, if you have a bunch of shares/data on it, it might just be easier to P2V versus building a new one, changing all drive mappings, etc.
It's a good chance to get rid of files shares and other things that aren't supposed to be on a DC.
Well, I don't know about you, I don't have tons of Windows licenses hanging around so I can stand up a file/print only server.
You should have a license for every function. We are talking about critical business functions here. AD, printing, and file sharing.
Yeah, I'm not sure I agree with that for most SMBs.
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@IRJ said in Upcoming Job couple thoughts on DC demotion:
We had a DC that P2V when I started working here. It had all major file shares, printers, etc off it. The first thing I did was build a new DC and transfer the roles. The next thing I did was build a new print server and take away printer services from it. The next thing I did was migrated the file shares to a new file server.
Even though I mirrored everything to the new file server, people will still accessing the old server and I didnt really have the suppport of the rest of the IT department. Until one day when the old server died and all we had to do was a DNS redirect. I was a hero
So your data was on both servers? or the printers were?
You could use the same server for files and printing if you had to do so, but DCs should be on their own server.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@IRJ said in Upcoming Job couple thoughts on DC demotion:
We had a DC that P2V when I started working here. It had all major file shares, printers, etc off it. The first thing I did was build a new DC and transfer the roles. The next thing I did was build a new print server and take away printer services from it. The next thing I did was migrated the file shares to a new file server.
Even though I mirrored everything to the new file server, people will still accessing the old server and I didnt really have the suppport of the rest of the IT department. Until one day when the old server died and all we had to do was a DNS redirect. I was a hero
So your data was on both servers? or the printers were?
Data
How where you syncing the data?
