Existing AD...prefer to create New Site?
-
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
-
You can just change the admin passwords, right? I mean a full rebuild is what I'd prefer to do. But very disruptive, as Jared says. But a clean start where you know everything has a LOT of benefits.
-
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way. -
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Then, by all means, do it the right way.
-
@scottalanmiller said in Existing AD...prefer to create New Site?:
You can just change the admin passwords, right? I mean a full rebuild is what I'd prefer to do. But very disruptive, as Jared says. But a clean start where you know everything has a LOT of benefits.
But also, you have no idea what has been done, maliciously, accidentally, etc... from regular users, as everyone had Admin. From a security standpoint, you want to make sure there's no back doors created by anyone as well. When something like that has been exposed for so long by everyone, I'd prefer to redo it, if it's not too big. Perhaps it would be too disruptive, and may not work, but some effort then must be given in a full sweep.
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Yeah, I'd redo it if they can deal with the down time when everything is switched over.
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Nice, don't get that very often.
-
@scottalanmiller said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Nice, don't get that very often.
Ain't that the truth?
-
@Obsolesce said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Yeah, I'd redo it if they can deal with the down time when everything is switched over.
I can't have downtime, the existing stuff/site needs to keep running as-is for now.
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
@Obsolesce said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
@JaredBusch said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
Here's the deal on a job I'm taking over:
Existing site with AD.
The site has LOB app, file servers etc.
This LOB app is an old version & will eventually go bye-bye.
Every user "knows" the domain admin password...hahaha!!I'm adding some new gear:
EdgeRouter 4
EdgeSwitch ES-16-XG
Edgeswitch ES48 Lite
Edgeswitch ES24-500w
new SM server: F29 w KVM to host new version of LOBI'm thinking I should start from scratch, create a "new" domain & not fight the existing "admins" (aka user base?
What say you?
This is very disruptive, but is what you should do from the IT perspective.
You need buy in from the CEO/President though.
Forgot to mention....it's a new owner/CEO.
Buy in is a 1000%, he wants it cleaned up & done the right way.Yeah, I'd redo it if they can deal with the down time when everything is switched over.
I can't have downtime, the existing stuff/site needs to keep running as-is for now.
There will be down time with a new domain, you'll need to rejoin all devices to the new domain, that will require a reboot.
Everyone will need to log in with their new credentials, and so they can get access to AD-authenticated shares and resources.
New DNS settings. New DHCP auth and dns settings for DHCP server.
Etc...
You can set up the new domain completely in parallel, and then migrate from old domain to new domain as well. I have done that twice, but it was like 4 or so years ago and at that time it wasn't a 100% translation. Maybe it's better now, I don't know, but with a new domain there will be some kind of down time.
If you can't have any down time, then you will do as I had above and do a full sweep through everything, and as Scott said, start changing admin passwords lol.
-
I've got to figure out how I can run in parallel with 2 different network/subnets
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
new SM server: F29 w KVM to host new version of LOB
What is LOB?
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
I've got to figure out how I can run in parallel with 2 different network/subnets
Why change the IP scheme?
-
@jmoore said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
new SM server: F29 w KVM to host new version of LOB
What is LOB?
Line of Business
-
@FATeknollogee Oh, thanks
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
I've got to figure out how I can run in parallel
This will definitely be the most challenging part.
Getting people still on the old systems to be able to connect to the new systems.
I'd consider setting up domain trusts
with 2 different network/subnets
I suppose this could be a good idea, you could setup each subnet with it's own DHCP server so DNS is right for each domain - but each domain will need to know about the DNS of the other anyhow, assuming you setup Domain trusts.
-
@FATeknollogee said in Existing AD...prefer to create New Site?:
@jmoore said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
new SM server: F29 w KVM to host new version of LOB
What is LOB?
Line of Business
LOL - I thought he was asking what the app was, i.e. the name of the app.
-
Are you also going to rebuild all the users computers?
-
@Dashrender said in Existing AD...prefer to create New Site?:
@FATeknollogee said in Existing AD...prefer to create New Site?:
I've got to figure out how I can run in parallel with 2 different network/subnets
Why change the IP scheme?
Preference & it's an easy way to identify "rogue" devices.
Current scheme is 192.168.1.x
I'll do a 10.200.10.x (or something similar)
Which means I should never see any device with a 192.168.1.x address on the network.
