Upcoming Job couple thoughts on DC demotion
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
we are talking about SMBs - ones that arguably shouldn't be using Windows at all. But they are, so loading them up with extra Server installs for that best practice is overkill, IMO
But you always get two VMs at a minimum. So separating out that much is always good.
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@DustinB3403 said in Upcoming Job couple thoughts on DC demotion:
@travisdh1 Of course, Linux is sold.
It's sold daily, as @scottalanmiller has said "Just because it's offered for free doesn't mean I can't sell it".
That's not what Travis means - he means that sales people aren't selling Linux systems to small businesses, hell they barely sell to medium business - and large businesses, well there really should be much if any selling to them, they should be looking for solutions to their problems and seeking things out, not being sold... so yeah Linux isn't really sold - it's found by those using it as a better solution.
Ah yeah that makes sense... haha.. still to early.
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
we are talking about SMBs - ones that arguably shouldn't be using Windows at all. But they are, so loading them up with extra Server installs for that best practice is overkill, IMO
Why would it be overkill? I get that it "makes it more complex" because there are all of these individual systems. But each of those systems specifically run 1 job.
That makes life simple. Oh X isn't working, ok reboot / investigate just that one system.
With Windows this becomes far more complex, because people always try to consolidate the roles to reduce licensing cost as much as possible.
So when X stops working, investigating X often involves interrupting Y and Z.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
Everything at the beginning was virtual and server 2003, the owner demanded an all physical design. He was 100% against all cloud.
Is he paying you to do exactly what he says or is he paying you for your IT knowledge?
He had a plan that he hired me to implement... upgrade the servers to 2008r2 and done.
That said I was hungry for work so I took it.
In the end I was able to get them to a better place over all than they were at before my arrival.
Did I think they were better designed before YES. But the (difficult design "customers words" and lack of previous help from the technician changed it all.
He had about 6 servers spun up(running on no better than server 2003) in that network between the two sets of hardware. They only had the creds for 2, or 3 of them, several were nonfunctional. But the systems were necessary for business function. They ended up "figuring something else out since they didn't know how to fix anything"
But all of the systems were still running and using resources despite the fact they had all mostly failed. -
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
They all desk jump and will use a different workspace multple times during the day.
But they desktops were never exactly the same and data was always somewhere on another system. So it sped them up once I gave them roaming profiles.
Sounds like they aren't properly licensing their software. I can't think of another reason to jump workstations throughout the day. They may initially save money, but all that desk jumping is going to cost them in the long run. More IT tickets and less productivity
Their main CRM program was licensed and installs approved across all devices in their network. They worked where it made the most sense for them. Or if there was a system down they would relocate to the other one. Two were reserved for the owners.
In the end, they could work on "whatever" "where ever" and they called for help alot less.
There are still things completely out if my control there, but I help when needed. Sometimes weeks almost months on end of silence.
-
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
@coliver said in Upcoming Job couple thoughts on DC demotion:
This is off topic but in response to @Dashrender why would you run Windows Server at all if you can't license it to meet best practices? If you can't afford $800 for a Server Standard license (for the two VM license) then you shouldn't have in house IT staff or on-site servers to begin with.
On-site servers - well even worse than demanding Windows, is some people just don't believe in the cloud.
I personally don't have an issue with the cloud (really some high quality DC running Tier 1 Servers), it's access, typically via the internet that I have an issue with. So I can understand the fears of those who don't want to host their stuff remotely.
This is exactly what I was up against. An owner with zero trust in his ISP or any cloud provider, and wanted to go at it with his own system and as little money out as possible. But he still spent a good chuck!
-
@scottalanmiller said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
we are talking about SMBs - ones that arguably shouldn't be using Windows at all. But they are, so loading them up with extra Server installs for that best practice is overkill, IMO
But you always get two VMs at a minimum. So separating out that much is always good.
When I started I cut out almost all "broken" systems.
And then shutdown, and refreshed 1server (new storage and a good cleaning, with a fresh 2008r2 install)
Then I migrated the Ad and Dns to it.
The process didn't go as planned.
In the end we had to stand up a 2008r2 vm on the other hardware and create a secondary just to complete.
The owner wasn't thrilled that I created and left him another vm system.
But it has kept them running without any down time that I'm aware of.
-
@scottalanmiller said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said in Upcoming Job couple thoughts on DC demotion:
we are talking about SMBs - ones that arguably shouldn't be using Windows at all. But they are, so loading them up with extra Server installs for that best practice is overkill, IMO
But you always get two VMs at a minimum. So separating out that much is always good.
When I started I cut out almost all "broken" systems.
And then shutdown, and refreshed 1server (new storage and a good cleaning, with a fresh 2008r2 install)
Then I migrated the Ad and Dns to it.
The process didn't go as planned.
In the end we had to stand up a 2008r2 vm on the other hardware and create a secondary just to complete.
The owner wasn't thrilled that I created and left him another vm system.
But it has kept them running without any down time that I'm aware of.
-
@Dashrender said
Yeah, I'm not sure I agree with that for most SMBs.
Besides the fact you can argue whether it is really needed or not, the fact is that most SMBs wouldn't even entertain the thought.
In a small shop, what's the big deal about having data on a DC? It dies, you just restore it. (Depending on the amount of data, of course, but that is another discussion.) There are no AD issues to worry about. And if your data server is down you are probably screwed anyway,
-
@BRRABill said in Upcoming Job couple thoughts on DC demotion:
@Dashrender said
Yeah, I'm not sure I agree with that for most SMBs.
Besides the fact you can argue whether it is really needed or not, the fact is that most SMBs wouldn't even entertain the thought.
In a small shop, what's the big deal about having data on a DC? It dies, you just restore it. (Depending on the amount of data, of course, but that is another discussion.) There are no AD issues to worry about. And if your data server is down you are probably screwed anyway,
The big deal is that there is no reason for it. Small shop, no need for the second VM that they have already paid for so they might as well use it to protect themselves and make things work better. The big deal is not in how important it is to have, but in how ridiculous it is to skip.
-
@scottalanmiller said
The big deal is that there is no reason for it. Small shop, no need for the second VM that they have already paid for so they might as well use it to protect themselves and make things work better. The big deal is not in how important it is to have, but in how ridiculous it is to skip.
Right, if there is a free license sitting around, of course. But as @Dashrender originally said, how many SMBs have licenses just sitting around?
-
@BRRABill said in Upcoming Job couple thoughts on DC demotion:
@scottalanmiller said
The big deal is that there is no reason for it. Small shop, no need for the second VM that they have already paid for so they might as well use it to protect themselves and make things work better. The big deal is not in how important it is to have, but in how ridiculous it is to skip.
Right, if there is a free license sitting around, of course. But as @Dashrender originally said, how many SMBs have licenses just sitting around?
With Server Standard you get two licenses for VMs off the bat. So they would literally have un-used license.
-
@coliver said
With Server Standard you get two licenses for VMs off the bat. So they would literally have un-used license.
In this particular case, yes. I was responding to a previous comment.
I changed my settings to only show 30 messages, and keep forgetting there may be comments afterwards!
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
He had about 6 servers spun up(running on no better than server 2003) in that network between the two sets of hardware. They only had the creds for 2, or 3 of them, several were nonfunctional. But the systems were necessary for business function. They ended up "figuring something else out since they didn't know how to fix anything"
But all of the systems were still running and using resources despite the fact they had all mostly failed.This "business" sounds terrible. They definitely need cloud services since they obviously don't give a crap about IT and will only upgrade and fix systems when they have no choice.
-
@IRJ said in Upcoming Job couple thoughts on DC demotion:
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
He had about 6 servers spun up(running on no better than server 2003) in that network between the two sets of hardware. They only had the creds for 2, or 3 of them, several were nonfunctional. But the systems were necessary for business function. They ended up "figuring something else out since they didn't know how to fix anything"
But all of the systems were still running and using resources despite the fact they had all mostly failed.This "business" sounds terrible. They definitely need cloud services since they obviously don't give a crap about IT and will only upgrade and fix systems when they have no choice.
Hahaha lol yes. It was a bit if a disaster. But I think we are finally moving forward. And actually it is all forced. The software vendor for the CRM has started EOL on the Hosted CRM deployment. He has alot of bad taste in his mouth for everyone in our field. But we have been able to maintain a good line of trust and communication.
Before I forget...
The CRM solution uses Microsoft access for database storage, And I know somewhere above @scottalanmiller mentioned something about there likely being encryption with the database software. But there is zero encryption whatsoever. I told them we needed to vacate the solution asap. His business insurance carrier agreed! lol
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
The CRM solution uses Microsoft access for database storage,
That needs to die in nuclear fire.
-
OK up update on this job...
Today I started this job, it didn't go as planned.
With the owner approving the start.
I started by spooling down the secondary dc.
Then I went to one desktop and started preparing for the disconnection from the domain. I prepped the user profile for the local account. I check the local user names. It looked good. Then I made the disconnect.
Once the system completed the reboot, all of the passwords they had for the local accounts didn't work. We were locked out!
I told the password hint to the owner, he was like oh no issue. Here is that password. Nope. Crap...
I told the user it wasn't a big deal that with the design they could still use any other desktop in the office (because of the AD and roaming profiles)
That's when they said that there was one program they had to use tonight for a required data transfer. And part of their complete transition to the cloud. She hadn't mentioned this, and the owner had forgotten. I asked if she could use it in another system. She said no thats the only PC that can do it.(due to liscensing)Now at this time the others in the office are complaining they can't login, that there is no available domain servers. CRAP! I don't have time for this. I took down the secondary and the primary was still up and running. Not sure why the secondary being down caused that. So I spooled that server back up. Fast forward 5 min and everyone can login again. (Thank you Lord!)
Back to the workstation...
We are locked out of the local admin. Ok, no issue. Cue up a dvdrw, and another system. I created an NT offline Password reset disk.
We attempted to boot to Dvd (sucess). The user described the black screen with txt. Then we get a fatal error on the kernal. Grrr. So now I can't Crack this system quickly. My time is running out, and the heat is on.
We brainstormed more, I attempted a restore to see if I could get it back in time (and back on the domain) to do that we needed the admin password (of course we do!)
So after some thought and over 2 hrs of fussing around. They tried a password and we were in. "Finally"
My time was almost out, once we were in with administration I rejoined the domain and returned it to normal.
I told them before we can work on this project anymore they need to figure out all the usernames and admin passwords for the local accounts.
There were many things that happened just right to cause those issues. I mean how many systems refuse to run NT reset?
Why in the world did the secondary dc being down cause all the systems to not login. I didn't have time to check any of it out this is just the latest info on it.
Any thoughts... (I know dumb question) lol
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
Why in the world did the secondary dc being down cause all the systems to not login. I didn't have time to check any of it out this is just the latest info on it.
Any thoughts... (I know dumb question) lol
What roles were on each server?
-
@prcssupport said in Upcoming Job couple thoughts on DC demotion:
We are locked out of the local admin. Ok, no issue. Cue up a dvdrw, and another system. I created an NT offline Password reset disk.
I learned this the hard way just like you did, but if you are in environment that you don't control,You can just do a quick run as command to verify credentials. That way if it doesn't work, just reset the password.
-
Maybe you mentioned this earlier, but why did you remove the workstation from the domain just to re-add it?
