I'm a big fan of DCs primarily doing
authorization/authentication. The app stuff can go somewhere else to play.
:oP The more stuff you stack up on a domain controller the more chances
you have of making it so it can't do its primary job. All of the other stuff is
cool and all, but if it can't authenticate someone, so what.
I am Enterprise Bred I am told and maybe that accounts for
that.
Throwing app partitions is adding more stuff to DCs to be
managed there that has nothing to do with auth/auth. I was never a fan of the
idea and when I saw the announcements of AD/AM I was quite excited and started
looking at Exchange saying "hint hint". When you run 10,20,30,200,400,700 DCs
the last thing you want to do is worry about which ones get the app partition
for App1, App2, and AppC. Managing your replciation of the default containers is
more than enough fun.
If you have an app that needs forest or domain wide
coverage, that is a little better and I would start to consider it. But doing
one off DCs is generally a bad idea because you start raising criticality of
specific machines. Lets see on this DC I need to watch replication for this this
and that. For this one that that and this. etc. Now I can look at all DCs in a
given domain and I know I have either 3 partitions or 9 partitions. You come
into my forest and take a shot gun to some of my DCs I will go tsk tsk, I won't
go holy shit you just killed a one off. This lets me manage things in a calm
cool collected manner.
As you get larger consistency wins out over most anything
else for decision making processes for supportability reasons. You sacrifice
some flexibility and possibly some hardware savings but support costs can easily
trump that stuff if people have to overly aware of the configuration of the
environment.
Plus MS has made using AD/AM a fairly painless thing.
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, March 09, 2004 12:11 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] "Program Data" container Maybe. I’m a HUGE ADAM
guy, totally love it, but if AD does the job, why introduce another
infrastructure to support? If you can do it in an app partition and that is
acceptable (security, performance, etc.) why bring in another set of DSA that
need be supported? There are plenty of reasons to use ADAM
here: 1)
Independent
schema 2)
Dsa
independent (security, perf, etc.) from dcs But if you don’t need
them, don’t go with it. Let’s not over-engineer the solution.
:-) ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe CoughAD/AMcough. ------------- http://www.joeware.net (download
joeware) http://www.cafeshops.com/joewarenet (wear
joeware) From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Eric
Fleischman Another approach: if we
are talking about w2k03, application-specific data can be put in an application
partition. I love using app partitions for this sort of stuff. It lets you have
a custom replication topology such that the data is only on those DCs where
required, across domain boundaries, plus none of it is ever replicated to the
GCs (as NDNCs are independent of PAS replication and don’t participate in that
process). My
$0.02 ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Mulnick,
Al I didn't have a link, I
was just asking if you'd checked. There is very little about what it's
there for that I see so far. This link indicates it's to be used by
developers, but not a lot of detailed information beyond that http://msdn.microsoft.com/library/default.asp?url=""> If your application has
nothing to do with an OU, then does it matter where you put it? I can see
if you didn't want to incur the replication overhead, that it would make sense
to put it in a different partition. But I can't see why you wouldn't use
an OU to at least house the data you want to store to give it some
organization. Ether way, maybe somebody from Microsoft will chime in with
a really definitive link and let us know what the heck it's intended for vs.
what it can be used for..... Al From: Alice
Joseph [mailto:[EMAIL PROTECTED] Al: Do you have any link to
an MSDN page that talks about the Program Data container? If you have, let me
know (I couldn't find anything, even a Google search didn't
help). Technically, yes, you
can put data anywhere in Active Directory. But each of those partitions and
containers are there to serve some purpose (otherwise you wouldn't need a config
partition, schema partition, domain parttion and a place for LostAndFound, NTDS
Quotas...etc in domain partiton - technically you could put everything under one
single node in there). And why would I want to
create an OU structure for an application, if the application hasn't got
anything to do with it? And how does it relate to the existence of a "Program
Data" container? I just wanted to know what goes in
there. From: Mulnick,
Al [mailto:[EMAIL PROTECTED] Technically, you can
put data anywhere you want in Active Directory. However, is there any
reason you wouldn't create your own OU structure for an application?
Have you checked MSDN
for information on the program data container to see what uses it?
From: Alice
Joseph [mailto:[EMAIL PROTECTED] What is the purpose of "Program
Data" container in the domain naming context of Active Directory? Is it a
general purpose container where I can store any type of data or is it meant for
specific purpose? Thanks Alice
Joseph |
- RE: [ActiveDir] "Program Data&quo... Alice Joseph
- RE: [ActiveDir] "Program Data&quo... Thommes, Michael M.
- RE: [ActiveDir] "Program Data&quo... Creamer, Mark
- RE: [ActiveDir] "Program Data&quo... Free, Bob
- RE: [ActiveDir] "Program Data&quo... Mulnick, Al
- RE: [ActiveDir] "Program Data&quo... Mulnick, Al
- RE: [ActiveDir] "Program Data&quo... Eric Fleischman
- RE: [ActiveDir] "Program Data&quo... Eric Fleischman
- RE: [ActiveDir] "Program Data&quo... GRILLENMEIER,GUIDO (HP-Germany,ex1)
- RE: [ActiveDir] "Program Data&quo... GRILLENMEIER,GUIDO (HP-Germany,ex1)