Soldato
- Joined
- 27 Mar 2003
- Posts
- 2,710
Hi guys, wondering if someone can assist with this in some way. More after qualification about a position upgrade route and if what I am potentially going to propose is sensible or if I am talking complete *expletive*
Although I am a developer by trade (these days) I have a lot of support knowledge and the current support team for our business is looking to do a wholesale upgrade off all older servers running 2003/2008 to 2012 and at the same time upgrade our Exchange 2003 farm to 2013.
I know a massive project to try and implement. (I say massive it is probably the best part of 40 servers and 6 exchange boxes (1 front end, 5 back end)
Now I understand that tech has move on a lot since this was implemented and am informed that exchange no longer needs the front end/back end setup and can just have a single server or several servers working in unison. The business is looking to transfer all the mailboxes and public folders (approx. 1000+) to one uber exchange 2013 box. Is this sensible or should it be split across multiple instances? The plan is to remove all our remote exchange boxes onto one site and these boxes have 400+ mailboxes sat on their servers.
In addition to this our AD, GPO, security and distribution groups are a horrendous mess. After years of what seem to be mismanagement by previous support staff there are a million and one AD accounts, security groups and gpo's that no one has a clue what is going on and then to top it off the security groups aren't really being used properly and individual user accounts have been granted specific access rights to various network folders across the corporate lan. So it is nightmare to manage and ensure the right people have the right access.
Now I have come up with two options (although I think option 1 is wrong from the get go) which are:
1) Create a clean 2012 domain that runs in parallel to the live domain and create a trust between the two domains and migrate groups of users at a time until everyone has been removed from the old domain and then transfer all domain services like dhcp, dns etc over to the new domain and then turn just switch the old one off. (I'm not sure how the new exchange infrastructure will work in this scenario)
2) Create new 2012 servers in the live domain and then create entirely new ou's gpo's, groups, file shares etc. for users and then migrate them over as and when we can. Test them out and then slowly migrate other services over to 2012 machines. Once all the old policies etc. have been emptied of live users etc. then we can just delete these from the system and we should be left with a nice clean domain and something that is more maintainable moving forward.
Now I guess number 2 is probably the way to go as it has less risk involved as we can just decommission older servers as and when we are ready to. I also think it would probably be easier to get the 2012 Exchange environment working in this scenario.
Now does what I am proposing from a conceptual point of view seem sensible or is there a third or maybe a fourth option to consider.
One thing I was potentially thrashing about is linking the new 2012 servers up to azure and then having this as potential failover for our remote sites (Would this then remove the need to have local AD servers on these sites?)
Again it has been a while since I used my support skills for any length of time so just wondering if this is considered the best solution.
Thanks in advance for any assistance.
Although I am a developer by trade (these days) I have a lot of support knowledge and the current support team for our business is looking to do a wholesale upgrade off all older servers running 2003/2008 to 2012 and at the same time upgrade our Exchange 2003 farm to 2013.
I know a massive project to try and implement. (I say massive it is probably the best part of 40 servers and 6 exchange boxes (1 front end, 5 back end)
Now I understand that tech has move on a lot since this was implemented and am informed that exchange no longer needs the front end/back end setup and can just have a single server or several servers working in unison. The business is looking to transfer all the mailboxes and public folders (approx. 1000+) to one uber exchange 2013 box. Is this sensible or should it be split across multiple instances? The plan is to remove all our remote exchange boxes onto one site and these boxes have 400+ mailboxes sat on their servers.
In addition to this our AD, GPO, security and distribution groups are a horrendous mess. After years of what seem to be mismanagement by previous support staff there are a million and one AD accounts, security groups and gpo's that no one has a clue what is going on and then to top it off the security groups aren't really being used properly and individual user accounts have been granted specific access rights to various network folders across the corporate lan. So it is nightmare to manage and ensure the right people have the right access.
Now I have come up with two options (although I think option 1 is wrong from the get go) which are:
1) Create a clean 2012 domain that runs in parallel to the live domain and create a trust between the two domains and migrate groups of users at a time until everyone has been removed from the old domain and then transfer all domain services like dhcp, dns etc over to the new domain and then turn just switch the old one off. (I'm not sure how the new exchange infrastructure will work in this scenario)
2) Create new 2012 servers in the live domain and then create entirely new ou's gpo's, groups, file shares etc. for users and then migrate them over as and when we can. Test them out and then slowly migrate other services over to 2012 machines. Once all the old policies etc. have been emptied of live users etc. then we can just delete these from the system and we should be left with a nice clean domain and something that is more maintainable moving forward.
Now I guess number 2 is probably the way to go as it has less risk involved as we can just decommission older servers as and when we are ready to. I also think it would probably be easier to get the 2012 Exchange environment working in this scenario.
Now does what I am proposing from a conceptual point of view seem sensible or is there a third or maybe a fourth option to consider.
One thing I was potentially thrashing about is linking the new 2012 servers up to azure and then having this as potential failover for our remote sites (Would this then remove the need to have local AD servers on these sites?)
Again it has been a while since I used my support skills for any length of time so just wondering if this is considered the best solution.
Thanks in advance for any assistance.