nnbnbHope this helps:
Q: I will set up AD but how do I set up accounts for the individuals that need to have access to files on the server without giving everybody access to the server?
When you say individuals need to have access to files on the server, are these shared files or files unique to these individuals. If it is the former, you could simply set up Security Groups with access to specific directories or files. If the latter, you could set up "Home" directories for each user on the server.
You can of course give certain users the right to interactively logon to the server, although I would severely restrict this priviledge.
Q: Do I need to set the server up for terminal services as well?
You are allowed up to two concurrent terminal server logins to W2K3 in Remote Administration mode. You need to know that terminal services is not installed by default anymore in W2K3, and you will need to add it using Add/Remove Programs fom Control Panel.
Q: Can any of the computers be the BDC?
You need to have another Windows Server product as the BDC, or you could simply stick SAMBA on a spare machine and have a free BDC.
Q: Do I still need to set DNS up on the server or should I just use the ISP's. Which approach is better to set the router up as DHCP server or to set DHCP up on the windows 2003 Server?
Since you've got an all windows shop, best to have the W2K3 server handle both the DNS and DHCP. Then have it point to your ISP's DNS (using the DNS forwarders option) for unresolved addresses.
Q: How about NAT?
Let your router act as the gateway and provide NAT separation. I would feel more comfortable sticking an IPCOP
www.ipcop.org
or something similar in between the router and the rest of the network so you get better firewalling capabilities, logging, etc.
