do you know why you have 2 different classes of ip addresses, is there a reason for it. If not I would be tempted to change it to one class and maybe do some subnetting on the ranges if the workstations are split between different rooms/floors (I assume they are because of the 2 switches). Also are the switches managed ie can you create a vlan that says any machine looking for a dhcp address on switch a gets 192.168.1.65/26 and addresses requested on switch b gets 192.168.1.129/26. On your pc i would install the adminpack which you can find on the server 2003 cd so you can control many aspects of the domain controller from your pc. In theory you should not really logon to directly to the domain controller unless you are fixing something! In the longer term it might be worth thinking about adding another server with wsus on it so you can deploy patches etc centrally. Also it might be worth thinking about group policy to lock down the workstations a bit more, I think the general rule of thumb is to give users the least amount of permissions required to do their jobs. Which will in turn mean you will spend less time fixing simple things on their pc's which in the long run could mean you would be spending that time researching further time saving products/fun stuff for them.

do you know why you have 2 different classes of ip addresses, is there a reason for it. If not I would be tempted to change it to one class and maybe do some subnetting on the ranges if the workstations are split between different rooms/floors (I assume they are because of the 2 switches). Also are the switches managed ie can you create a vlan that says any machine looking for a dhcp address on switch a gets 192.168.1.65/26 and addresses requested on switch b gets 192.168.1.129/26. On your pc i would install the adminpack which you can find on the server 2003 cd so you can control many aspects of the domain controller from your pc. In theory you should not really logon to directly to the domain controller unless you are fixing something! In the longer term it might be worth thinking about adding another server with wsus on it so you can deploy patches etc centrally. Also it might be worth thinking about group policy to lock down the workstations a bit more, I think the general rule of thumb is to give users the least amount of permissions required to do their jobs. Which will in turn mean you will spend less time fixing simple things on their pc's which in the long run could mean you would be spending that time researching further time saving products/fun stuff for them.