My apologies for the demotional insuation. While there are plenty of ways to shoot my foot off, I'd appreciate reducing that number. Is this something we should revise in one of the two docs at least for posterity? Do you know who wrote the docs that disagree and can you drop a note?
Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, May 04, 2005 12:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Imaging NT5+ DCs == Bad (was: best practice?) I'm not a Garage Door Opener, I'm a Garage Door _Operator_, please don't cheapen my job, I can close the door too. I didn't proof read the Running DCs in a Virtual Server 2005 doc. I happen to know that it doesn't insist on turning off the host systems disk cache, so _I_ won't be debugging a confluence of lost flushes or USN rollbacks in that environment. The KB was written earlier than the DCs on VirtServer2005 doc. I personally like the KB as it is, but obviously as you point out they're incongrous. Keep in mind there are plenty of ways to shoot yourself in the foot, with VPCs ... all based off the idea of improper backup/restore/imaging of AD data ... things that come off the top of my head: - diff disks could very easily be deadly, - and in the cases of VPCs, when a VPC is shutdown, even xcopy (on the host system) is then a deadly piece of "imaging" type software. - the same thing even applies outside of VPCs, just a DC in DSRM, has an unprotected DIT and log files, copying those out, and then back in later, would qualify as something that can cause USN rollback. Cheers, -BrettSh [msft] Building 7 Garage Door Operator ... ostensibly the Garage Door Operator with the most knowledge of the ESE and AD database internals ... On Wed, 4 May 2005, Al Mulnick wrote: > Interesting, Mr Garage Door Opener. Perhaps some rewording is needed > to make this and these other docs consistent? Or am I reading into this? > > > "The following operations are not supported: > ...2. Starting an Active Directory domain controller whose operating > system resides in a virtualized hosting environment such as Microsoft > Virtual PC, Microsoft Virtual Server 2005, or EMC VMWARE " > > http://www.support.microsoft.com/kb/897614/ > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=64db845d-f7a3 > -4 > 209-8ed2-e261a117fc6b&displaylang=en > > > I'm just so confused. ;) > > -ajm > > "Chief, Cook, and Bottle-Washer" > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley > Sent: Wednesday, May 04, 2005 6:30 AM > To: ActiveDir@mail.activedir.org > Cc: Joseph L. Casale > Subject: RE: [ActiveDir] Imaging NT5+ DCs == Bad (was: best practice?) > > "That is soo not right." (Mean Girls movie reference, at Halloween > party) > > You should take a look at this: > http://support.microsoft.com/?kbid=885875 > > I sincerely hope you don't have USN rollback or divergent replicas, > but I think it is likely if you are actually imaging dcpromo'd DCs. > > Just curious, for imaging what are you using? Ghost? Are you just > restoring images? Are you using the images to build additional DCs > for load? > > > In Win2k3 SP1 and a hot fix post Win2k SP4, will in fact stop DCs from > replicating if it detects such a condition (but it is not always > guaranteed it will be able to detect the condition), to attempt to > contain the damage. > > Also note, b/c I'm not sure the KB is clear about divergent replicas ... > just because things are replicating currently, or there are no > apparent current USN rollbacks ... does NOT mean you weren't once in > the past afflicted with USN rollback, and now you've gotten past it, > and instead are simply aflicted with divergent replicas (worse than > USN rollback in ways). You might try to use (_I thinK_) dsastat to > run through all the objects on your DCs in a pair-wise fashion to find differences. > > Cheers, > Brett Shirley [msft] > Building 7 Garage Door Operator, so what do I know ... > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > On Tue, 3 May 2005, Joseph L. Casale wrote: > > > Errr, I do it always, always, ALWAYS, and it works? AD has > > mechanisms built in to get it back up to par... > > jlc > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Brett > > Shirley > > Sent: Tuesday, May 03, 2005 7:08 PM > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] best practice? > > > > Never, ever, EVER image a Win2k or Win2k3 Domain Controller ... or > > ADAM server. I don't know about memebers, just adding knowledge > > about > > > DCs, as I don't think I've ever mentioned it here before. > > > > Cheers, > > -Brett Shirley [msft] > > > > as is, caveat emtpor, status quo, etc > > > > > > > > On Tue, 3 May 2005, John Shukovsky Jr wrote: > > > > > Hello all, > > > > > > Question, you want to re-image pc's that are domain members. You > > > want > > to immediately rejoin domain using same name. Site is single W2k > > DC/GC > > > on 3 hour replication cycle with fsmo holders. > > > > > > Should you remove from domain, image and rejoin or just image > > > rejoin > > and reset computer account? Would either of these ways work given > > site > > > setup? > > > > > > Any input appreciated. > > > > > > John Shukovsky Jr > > > Network Administrator > > > NJ Department of Human Services > > > 609-861-6031 > > > > > > > > > This E-mail, including any attachments, may be intended solely for > > > the > > > > > personal and confidential use of the sender and recipient(s) named > > > above. This message may include advisory, consultative and/or > > > deliberative material and, as such, would be privileged and > > > confidential and not a public document. Any Information in this > > > e-mail > > > > > identifying a client of the Department of Human Services is > > > confidential. If you have received this e-mail in error, you must > > > not review, transmit, convert to hard copy, copy, use or > > > disseminate > > > > this e-mail or any attachments to it and you must delete this > > > message. You > > are requested to notify the sender by return e-mail. > > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
