Windows server 2003 as part of an NT domain

Hi there

I'm hoping to install a windows 2003 server onto an existing NT domain. The machine will operate as a VPN server for remote users via ADSL. In the coming months I am hoping to use this machine as a PDC for this same domain. My questions and concerns are

- Is it possible to have this machine join the existing NT domain as a BDC
- If yes, can it be promoted to PDC without any major issues at a later stage
- are there any glaring security issues involved with having a domain controller as a VPN server

Any help greatly appreciated

Aside from the obvious security issues, it is a bad idea to multi-home a
Domain Controller and VPN boxes are usually multi-homed.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"declanb" <(E-Mail Removed)> wrote in message
news:C7DF71F5-481D-4FFE-92AC-(E-Mail Removed)...
> Hi there,
>
> I'm hoping to install a windows 2003 server onto an existing NT domain.
The machine will operate as a VPN server for remote users via ADSL. In the
coming months I am hoping to use this machine as a PDC for this same
domain. My questions and concerns are:
>
> - Is it possible to have this machine join the existing NT domain as a
BDC?
> - If yes, can it be promoted to PDC without any major issues at a later
stage?
> - are there any glaring security issues involved with having a domain
controller as a VPN server?
>
> Any help greatly appreciated

Hi,

Windows 2003 cannot be installed as a BDC on an NT Domain, only as a member
server.

Here is a link to information for this upgrade process for a Windows NT
domain to Windows 2003:

http://www.microsoft.com/resources/d...003/all/deploy
guide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/de
ployguide/en-us/dssbe_upnt_overview.asp

I would suggest running RRAS on a machine other than a DC. There are some
issues that you can run into running RRAS on a DC.

Thank you,
Matthew Fresoli
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

declanb wrote:
> Hi there,
>
> I'm hoping to install a windows 2003 server onto an existing NT
> domain. The machine will operate as a VPN server for remote users via
> ADSL. In the coming months I am hoping to use this machine as a PDC
> for this same domain. My questions and concerns are:
>
> - Is it possible to have this machine join the existing NT domain as
> a BDC?
> - If yes, can it be promoted to PDC without any major issues at a
> later stage?
> - are there any glaring security issues involved with having a domain
> controller as a VPN server?
>
> Any help greatly appreciated

You've got some good information already but one thing I want to point out,
just to make sure you are aware of it, is that you don't promote a Windows
2000 or 2003 machine to be a DC on an existing domain, you need to upgrade
an already existing NT 4 domain controller, and this upgrades your whole
domain to active directory.

While on an operational level this is easy to do, it is a far from trivial
thing to be doing without a good deal of planning and awareness of the
consequences, in particular, if you are running an NT 4 domain, you may be
running "legacy" clients and software which may not work well with windows
2003/Active Directory without some degree of testing and tuning.

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.