Discussion in 'Active Directory' started by Janna, Mar 30, 2005.

  Janna

    Janna Guest

    We have a stand-alone server running Windows 2000. It’s basically been used
    as a file server. There are approximately 70 users who currently connect to
    this server. We want to join this server to a Windows 2003 domain. We will
    be joining the users to this domain as well. What would be the best way to
    handle this? Should we first join the users to the domain? I’m assuming once
    the server is connected to the domain, all the local user & group accounts
    will be eliminated and it will just contain the users/groups that are in the
    domain--correct? Will we then have re-share various directories on the 2000
    server and reassign permissions to the shares? Is there a nifty tool that
    can accomplish this? Any advice on “best practices†is appreciated. TIA.
    Janna, Mar 30, 2005
  Herb Martin

    Herb Martin Guest

    Just do it.
    Just do it.
    I would first join the server and set permissions
    on the files so that when users join they will still
    have access, but then I use strong permissions on
    my files granting ONLY what is needed to ONLY
    those who need it.

    The user "changes" when they join the domain, i.e.,
    they are NOT the same user so permission and
    ownership of the files is an issue.

    When the Server (computer) joins the domain,
    it local accounts and current permissions for
    workgroup users are still valid.

    No, that is incorrect.
    No, the shares will still be there.
    Yes, you will need to provide permissions for the
    Domain users (who are new to the server), unless
    you have been granting access to "Everyone" or
    "Authenticated Users" instead of to specific groups
    (or ugh, specific users.)
    The biggest issue are likely your users profiles and
    home directories which CAN be protected but which
    doesn't happen by default.

    USMT and the Server Migration tool might be useful
    but the USMT and other methods of saving profiles
    and data are probably most important for you.
    Herb Martin, Mar 30, 2005
