Building new Domain/AD network

[suklee]

I've been having DNS issues (see thread here) on my new servers that have yet to go live. So, I've decided to wipe the slate clean and re-build from the beginning.

I will have two servers running either Win2k server SP4 or Win2k3 server. Both are ~P4 1.8, 512, 40GB self-built PCs. The entire network will be behind a Zyxel Prestige 324 Router/Gateway.

Server1
PDC, DHCP, DNS
roaming profiles on \\server1\profiles$\%username%
home folder on \\server1\home\%username%
public folder on \\server1\public
[My] documents on \\server1\documents\%username%
Desktops on \\server1\desktop\%username%

Server2
Mail server - MDaemon

This will support about 8 users and 3 other standalone servers (print, fax, etc.).

1. Should I make server2 a BDC?
2. How does server1's setup look to you? Not sure if I should have all those folders redirecting to the server.
3. Anything else?

Comments / suggestions are most welcome. I'll be installing the O/S and building AD on these servers for like the 6th time within the past two weeks, so I to get it right and make this the last time!! Hopefully I can get rid of WINS once and for all after this rebuild. TIA

 

[Fuzznuts]

roaming profiles shouldn't need all the other folder redirects as the my docs etc are stored in the profile. only reason i can see to do it is if you have poor back up and are worried about corrupt profiles and losing data due to that.

A client i set up recently wanted roaming profiles so i set a quota of 20mb to keep them small enough so backup wasnt a problem only 30 users so not really an issue but it also keeps down on them dling stuff

in an ad domain there is no such thing as a pdc and bdc per se. i would promote the "bdc" to a member server purely for redundacy maybe slap in some dfs and replication and you should have a pretty strong setup of course for a domain as small as yours 1 contoller with a good tape backup regime would be more than adequate.

just my 2 pennies worth

 

[suklee]

Oops. I'm always stuck in the NT4 speak of PDCs and BDCs... thanks for pointing that out. :beer:

Instead of a tape backup, I've been thinking bout getting a DVD burner...

So, once I have roaming profiles setup, I do not need to redirect My Docs or desktop... they'd be in profiles\%username%\desktop and my docs? Think this is the way it works on default Win2K installations. It would have just been redundant to redirect them. I'm gonna be keeping Public (P open to everyone as a means to share files... but what is the Home Folder used for?

As for quotas on the profiles - mine is in the hundreds of megabytes because my mail client (thunderbird) stores Pop3 mail in application data. I'm pretty sure Outlook Express does the same... I will be moving all the users over to IMAP though so hopefully I can keep the profile size under 30MB. Do files in My Doc, Desktop, etc. count toward the 30 MB?

 

[Fuzznuts]

yes everything in the docs\and\settings folder counts towards it. so my docs, my pics, my favs the application data dir is all in there.

i spose the mail side of things depends on your set up. most places i set up i use imap and keep the mail stores on the server. makes backup very easy as you only need to back one location again it also keeps profile sizes down

as for profile size there is no hard and fast limit. but remember if you have 8 users all logging in at 9am and trying to pull 400mb of profile across the network performance is going to suffer somewhat you could keep yours at 400 mb and limit them lower, remember RHIP (Rank Has Its Priviledges )

depending on how you set you policies as to wether to cache the profile on the local machine or not. for security reason i dont but if the users had huge profiles then performance would dictate you'd have to

the home dir is simply the default dir for likes of cmd prompt etc it will default to that location. handy for example if you have an accounts depart sharing one file location.

hope this helps

 

[suklee]

Anyone else?

 

[watts3000]

Kai920 please buy these books I used the first book when I first got into windows 2000 server about 3 years ago. I also have some good training material I will share if you have a ftp server that I can upload to.


http://www.bookpool.com/.x/tyeoygrp90/sm/0735610517
http://www.bookpool.com/.x/tyeoygobq0/sm/0672321548

 

[suklee]

YGPM watts That second link there, Windows 2003 unleashed looks useful for me. SQL2000 will come in handy sometime down the road as we implement a package that uses it...

Fuzz - thanks a lot for your suggestions, you've been very helpful. Am about to reformat the servers for the 7th time Looking at what you said about home dirs, I may think about just pointing 'Home Folder' to the public directory. Since they have their own my docs storage space in the profile space, i dont think it necessary for each user to have their own home dir.

 

[suklee]

Got the new servers up now, installation was smooth. I used 2k3's "wizard" to make one of them into a DC and I was suprised that it took care of EVERYTHING! all I had to type in was pretty much mydomain.local and that's it. it took care of the rest... building AD, DNS server, DHCP, even assigning a static IP! (it was already static, so it didnt change)

I've got my RUP working properly - thanks Fuzznuts But you know what, it never really occurred to me, but _I_ am the only one who needs to have roaming profiles. Is it bad practice to have the Administrator's profile as roaming?

Thought hard about it, but can't think of a situation where a user will need to log on to someone else's computer. The only benefit I want is the ability to centrally store My Documents, and I could accomplish this with a simple redirect to specific folders on the server, e.g. \\server1\documents\%username%. This will centralize user documents and make backup easier. Desktop I don't see a need to redirect, though one girl sitting across from me has her desktop FULL of excel docs, word docs, pictures. Can't even see her wallpaper! I've told her before to store them in My Documents, but looks like she needs to be told again.

So, with me being the only RUP... where is the setting to not have the computer store a local copy of the cache? I don't want to leave a copy of my profile on every computer.

I'm still experimenting with home folders, I may just set one up for myself and have all my small programs installed on there so I can access them away from my computer.

Mail server should come online tomorrow, don't forsee any problems there. Good ol' MDaemon is a breeze to setup compared to Exchange, although I'm sure some Exchange experts would disagree. Once I get IMAP setup I should be ready to start *thinking* about the migration...

 

[Fuzznuts]

look in gpo \ computer configuration \ adminsitrive templates\ system \ user profiles
enable the delete cahced copies of profiles

that should see you alright the policy should be applied at machine level so your profile should be deleted. you shouldnt have to force it with a gpo applied to your account.

hope that helps.

btw roaming profiles are not simply for using when users move seats it is a better backup for users desktop and settings for example say they hose thier machine you now have to install the os then replicate all their settings (usually the time consuming part). with a profile youd simply install the software office . outlook etc then they would log into domain grab their profile voila time saved. esp combined with software installs via gpo all they need to do is logon and everything would be as it was in the the time it takes to reisntall xp / 2k.

this process also stops those "where are my icons" type of suport calls as the look and feel of the user desktop is as was per disaster

 

[suklee]

You got PM Fuzz

edited with question:
I just played around with my IE favorites. I tried manipulating them on the server share, ie \\server1\profiles$ and they didnt save. It seems that if "cache local copy of profile" is enabled, Windows downloads a copy at logon and manipulates the local copy in C:\Documents and Settings. At logoff it replicates the changes onto the server profile. If the setting is to not cache a local copy of the profile, is it pureply manipulating the profile off the server then? Won't this impact network performance if Desktop folders, Application data, My Documents are constantly being updated?