1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Help! I've become a Windows network admin!

Discussion in 'Mac OS X Server, Xserve, and Networking' started by RedTomato, Jun 4, 2009.

  1. macrumors 68040


    Oh my gosh, I seem to have become a windows network admin!

    I've taken on a second job as tech officer for a mid-sized charity. It's about 30 staff, mixture of XP and Vista, and run via a server running Windows Server 2008.

    My background is in mac admin, and I've been running a small mac network for the last few years, so while I know basic network stuff, I'm new to the windows admin world, and this is a bit of a step up to a larger class of network for me. My line manager (the CEO) is aware of this, and expects me to get up to speed quickly.

    Can you recommend any decent books or websites on Server 2008, Active Directory, Terminal Services, and small / mid sized network admin?

    Which websites do you go to for help about these issues?

    Clueless in London
  2. macrumors 6502a


    For 30 users everything should be straightforward. Start - Programs - Administrative Tools and all you need should be there. Its usually a case of right clicking and following a wizard. Or double clicking and filling in stuff.
  3. macrumors 68040


    Thanks, but I'd like to acquire some deeper knowledge.

    I will be rewiring the entire network in the next few months (currently it runs off series of 5 dollar hubs and has a lot of problems) and putting in a 24 port switch downstairs and a 16 port upstairs, both hanging off a managed cheapish Cisco router. We will also get a second ADSL line and I'll have to install a load balancer box for the router.

    There are 5 other offices around the country with another 20 staff. Currently they do their own thing, and can't use central network services. My boss wants me to roll out a WAN, and switch the other offices to logging into the central london server. It's for easier account management and maintenance (and some of our new software needs it too). Currently they do their own thing and can't use central software.

    I need to learn enough to stay on top of all this :eek:
  4. macrumors 6502a

    red, some suggested reading,


    Windows related:

    Go to the bookstore and pick up a basic CiscoPress CCNA book to get up on networking routing, and Microsoft Press' Administrator's Pocket Consultant series books are good reading material - mostly concise to the point.

    Google PSTools/Sysinternals Suite - best free troubleshooting tools for day-to-day admins.

    When all else fails:
    http://www.google.com :D
  5. macrumors 68040


    Fab thanks, that's exactly what I need!
  6. Moderator


    Staff Member

    No offense but you got a job to which you had no experience? I'd be a little nervous but getting in over my head
  7. macrumors 68040


    Yes, I had my concerns too before accepting it. My boss knows the other company I work at, and was impressed with my work there.

    I was actually sort of headhunted for it, as I'm fluent in sign language, and the boss and most of the staff here are deaf signers. (as am I)

    Means I can communicate with staff and boss and find out what their issues are, and explain things to them without needing to get an interpreter in. There aren't many tech people who are also fluent in sign.

    We also have an (expensive) external IT contractor, who takes care of the really difficult stuff like setting up Terminal Services for the WAN, other difficult server stuff and advises me on the rest.

    I made it clear to my boss that my skills have clear limits, and he accepts I'll have to spend time learning and training myself.
  8. macrumors 68040


    As I said, thanks for the theory guides above - I will read them.

    Forgot to add, do you know any guides to the physical side of rewiring a network? The dirty dusty crawley side, cable management, cutting and locating conduit, etc?

    I'm gonna have to figure out how to route 24 cables from the downstairs switch, and this is an office in a listed building - I'm not allowed to cut holes in walls, and will have to run cables along the bottom of walls etc.
  9. macrumors 6502a


    You could try network over the powerlines. One plug downstairs and one plug upstairs linking the two networks. They are limited to 85Mbps so if you expect your users to be shifting lots of big files it might not suit. And the two floors would have to be on the same power circuit.

    Or two Wireless N routers to link the two floors. Bandwidth is greater than plugs, but reception is susceptible to interference, and doesn't go through thick floors very well.

    Otherwise, don't put the cables next to power cables to prevent interference, unless you have them well shielded.

    And sorry I don't know any guides :( I just remember what I can from my Network +.
  10. macrumors 6502a

  11. macrumors newbie

    What's the problem? It's just mSexChange :p
  12. macrumors 6502


    Why do you need to route 24 cables upstairs out of the 48 ? Don't you have a switch to switch port that uses fiber or gigabit connection ?
  13. macrumors 68030


    Buy the official training courses for MCSE (Microsoft Certified Systems Engineer) and CCNA (Cisco Certified Networking Associate) and study especially through the theoretical parts that explain the concepts.

    You --will-- find the Cisco training material extremely helpful even if you do not use Cisco equipment at work or at home. The ICND1 course explains basic networking from the OSI layer model to hubs, switches and how TCP/IP works. And without a working knowledge of of that stuff you won't get far as a system /network administrator (and it really doesn't matter if the job is in the Windows or Unix world).

    You also need to have a basic understanding of the Windows domain model and Microsoft's LDAP implementation (which is called Active Directory) and how it integrates itself into their Dynamic DNS (hello TCP/IP) and what role group policies play and how to implement them. This stuff also is the foundation to understanding Microsoft Exchange.

    It's a complex world and it can quickly become overwhelmingly frustrating because there is so much to learn and know.

    About your physical networking problem: The other poster was absolutely right: You should install another access switch on the second floor and connect it to the other switch. That, by the way, is something you would learn in the Cisco ICND1 course. ;-)
  14. macrumors demi-god


    I'd highly recommend one of Mark Minasi's books for a very readable introduction to the MS world. For example, see here.
  15. macrumors 6502


    If you need this network setup done quickly, let us know in general terms what you want to do, what equipment you work with, there seem to be enough network admins out here who could quickly correct any glaring errors and give you some advice...
  16. macrumors 601

    No offense, but I wouldn't use either of those ideas.

    The powerline idea really limits your bandwidth, especially when you've got 100Mb to each machine already. That will kill your performance even for just a couple of machines browsing a file server.

    The wireless idea may work, but it's a half duplex connection. Avoid half duplex on main trunks.

    You only need one cable to connect the switches together. If it were me, I'd future proof a bit and get switches with a modular slot so you can run fiber, which can go up to 40Gb or better. You'll want to run the fiber through conduit; do _not_ leave it exposed. Being fiber, you don't need to worry about interference either. Since you are extending a new cable, I'd run at least 4 to give you room for growth as well. For example, say you peg that 1Gb fiber link; you can easily patch one of the extra pieces of fiber and bond it with the other piece to give you extra bandwidth (called PortChannel or EtherChannel in Cisco terms). Or if you have to add another switch, you can trunk it back to your main switch where your router is.

    I wouldn't use anything but Cisco. It's great equipment and there are plenty of people out there who can assist in supporting you. Buy something offbrand to keep costs down may save you in the short term, but if issues arise, it may cost you in downtime or time spent fixing/maintaining it. Also overspec your switch. If you have 20 nodes , then I would recommend looking at a 48 port switch, to give room for growth.

    As for the routers, certain Cisco models will allow you to load balance the routers. For 30 people though, I'd simplify it and use one router with one bigger pipe. It's added complexity that doesn't seem to be needed here and there's no need for multiple routers to support this type of load. If you wanted to use two or more circuits bonded together (which may be cheaper than one bigger pipe), you'll need to setup BGP with your provider.

    It may be in your interest to check out some of the latest routers that can use an aircard for access. Make sure to contact the aircard vendor to ensure this is a supported setup, or you may get some serious invoices from them.
  17. macrumors 68040


    Lots of amazing replies here, many thanks! Will update with specs as I get them.

    There's a bit of confusion here over the layout. Let me clarify.

    Upstairs (10 staff, 2 printers):

    - Server,
    - ADSL modem wifi accesspoint
    - 16 port gigabit switch

    These three boxes will link to a cisco router, also upstairs.

    A cable will go from the router, down the stairwell somehow to downstairs, to a 24 port gigabit switch downstairs (15 staff, 3 printers, 2 public access computers)

    The building is more or less at its maximum staff capacity here so i don't think a bigger switch is needed. Will be around 4 ports spare on both switches.

    We are a charity with low budgets so I think forget any mention of fibre or using complex stuff.

    Thanks for the powerline idea - I might bring that up as in idea for one or two of the harder-to reach locations, or for temporary installations.

    It's possible we may get a second ADSL line with associated modem, and a load balancer. This will be for reliability and greater upload bandwidth rather than bigger download pipes.

    Reason - our WAN will have 5 outside offices logging onto our server via AD, so to me, our central office outgoing bandwidth seems more of a chokepoint than incoming.

    An engineer came over yesterday to install a new telephone line and had a quick look at our network (not a proper survey). We're with Be Pro internet, but getting rather crappy 6-8Mb/sec even tho we're in the heart of the London East End. (I get 16Mb/s at home!)

    Basically our line is shared with some other residential buildings, and goes through them to the street connection box, and there's not much we can do about it. He recommended digging a tunnel and having our own line to the box, but we can't afford that. If we can't get a proper second ADSL line to a second independent ISP then there's little point going for load balancing.

    I tried to contact OpenReach (looks after the last mile in the UK) for a proper survey, but seems I will have to go through Be.
  18. macrumors 601

    Fiber is not that expensive any more. As John Doe on the Internet, I can get a 25 meter multimode fiber cable for $80.

    Not every WAN circuit is assymetrical. You said above you wanted to avoid complexity, but are willing to put in two routers, two WAN circuits, and a load balancer. Again, one router with multiple pipes is far much simpler to install and maintain than two or more routers with two or more pipes load balancing each other. If BGP is too much, do weighted fair queuing and you get the poor man's version of load balancing. Very very simple to do.

    Our current router has been up for almost 3 years now (since implementation). Get a good router and you won't have reliability issues. EDIT: I should add we have 155Mb (an OC-3) coming through one router as well. It's not your basic router, but it's not your high end either.

    Yeah, that would be expensive. But do your lines go through protected boxes so that tenants of the other buildings cannot disturb them? That sounds like a potential reliability issue.

    Welcome to the WAN world. There's almost never a direct communication between you, the customer, and the telco handling the last mile.
  19. macrumors 6502


    I agree with belvdr here : get yourself a good network setup : it will cost you less intervention and less hassle and thus less intervention costs in the long run. Plus cisco experience is always good for your cv.

    And do check ebay for second hand cisco catalyst equipment : plenty of second hand switches around as well as the parts to go repair them.
  20. macrumors 601

    Oh and Used Cisco has some good deals as well. For your setup, it sounds like gigabit to the desktop is overkill. Take a look at the Cisco 2950G series. It has those modular ports (SFPs) I was discussing earlier, so you can have gigabit uplinks between switches, and 100Mb to each node. For $450, you can have both switches from them.
  21. macrumors 68040


    Thanks for all the advice again. Will certainly buy Minasi's 2008 networking book. I've been given his Windows Server 2000 doorstop book. I liked his writing style but I was reluctant to read it as I didn't know which sections are outdated.

    A quick ask - at the moment, am firefighting re windows updates as these 30 machines haven't been updated in 2 years. (Staff aren't allowed to run updates themselves). At the moment I have to go round, chuck staff off their computer, and run Update. It's insane as all these computers are logged onto Active Directory.

    What's the easiest way to remotely run Windows Update via Active Directory while staff are working? I've had a look through google, and I can't work out a simple clear way to do it. Sorry if I seem like a moron.
  22. macrumors 601

    Everyone has to start somewhere, so you're not a moron.

    WSUS can apply updates as well as SMS. SMS does have a price tag, so I'd check WSUS first.
  23. macrumors 6502a

    1) get them up to latest service pack, that will eliminate most of the need for updates.

    2) then apply updates. use VNC, RDP, or Dameware utilities for remote connection to their workstations, no need to run around physically.

    3) read up on and set up WSUS, which applies service packs and updates via GPO.

    4) read up on slipstreaming latest service packs to your OS install CD, saves you much time.
  24. macrumors regular

    anyone saying that two people _browsing_ a file server will max out a powerline connection should be ignored...

    the main reason to run fibre between floors, is if they are fed by different phases in the building (415V here in the UK).

    to get better inbound bandwidth from multiple ADSL lines, you need to bond them at the exchange end , not load balance them at the customer end I'd suggest Andrews and Arnold http://aa.nu for bonded ADSL2

    unless you get exceptional pricing on 2nd user Cisco, I'd suggest getting new HP Procurve, the lifetime warranty and free firmware updates is the winner from my perspective.
  25. macrumors regular

    USAian and UK bandwidth costs are very different. I pay in London for a 10mb (symmetric) what I could get an OC3 for in Boston. BGP4 is good, but not the right tool for what the OP is trying to achieve, if he could afford an ISP that could do BGP, he wouldn't be trying to bond two £24 per month connections...

Share This Page