And, knowing fully that I'm replying to myself - I don't, nor have I ever used SunGuard, so I have no idea what 'card' they hand a client.
I'd assume that it's something along the lines of the procedures lined out in: http://support.microsoft.com/default.aspx?scid=kb;en-us;249694 Which is still fraught with difficulty and lower than resonable success rate for most of the people and customers that I've talked with. I'm just indicating that there *IS* some difficulty involved - instructions neatly laid out or not. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, August 08, 2005 1:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes Help me understand where I'm missing this (I've been in a con-call for 3.5 hours this AM...). Isn't the registry backed up as part of the System State? And, doesn't the registry pretty much make something 'hardware dependent' to some great degree, just by its very nature? I'm sure that there's something very simple that I'm missing. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, August 08, 2005 1:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes What is difficult about restoring a DC to different hardware? We just did our yearly DR testing (at Sungard as a matter of fact!), and I didn't have any problems. Just follow the little procedure they give you (basically, remove all the network cards and video card in device manager before you reboot after the recovery). Then, follow the other procedure they give you if you end up with phantom NICs. It's the same procedure for DCs as it is for member servers. It isn't hardware dependant, but if you are talking about the hours-long waltz you do with ntdsutil to remove all of the DCs you aren't bringing back, I've found a neat trick. Run through the process for one site once manually recording all of the text you type, then using a text editor create a command file duplicating the tons of commands required to remove every server from every site. Run ntdsutil <yourfile.txt. The trick is that ntdsutil prompts before removing each server - just answer "no" to the server you recover. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Tuesday, August 02, 2005 6:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes Everyone is making a number of suggestions/comments that hit home to me, so rather than chiming in with <AOL>Me too!</AOL>, I'll bring up the one that makes me crazy that no-one has mentioned yet: Restoring a domain controller to alternate hardware (think Disaster Recovery drill at a company like Sungard) should Not. Be. So. Friggin'. Hard. It's better in K3 than it was in 2K, but it's still way too much of a hothouse-flower-y delicate operation. (Maybe Longhorn's "AD as a service" will make this better. I can hope, at least, because right now it still sucks canal water.) - Laura > -----Original Message----- > From: Almeida Pinto, Jorge de > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 02, 2005 6:30 PM > To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Biggest AD Gripes > > DFS-R is only supported for custom DFS namespaces. MS at the moment > does not support DFS-R for SYSVOL replication. MS states that in the > DFS-R overview document page 16 > > See: > http://www.microsoft.com/downloads/details.aspx?FamilyID=5e547 > c69-d224-4423-8eac-18d5883e7bc2&DisplayLang=en > > QUOTE: > > DFS Replication is not supported for SYSVOL replication in Windows > Server 2003 R2. Do not attempt to configure DFS Replication on SYSVOL > by disabling FRS and setting up a replication group for SYSVOL. > Continue to use FRS for SYSVOL replication on domain controllers > running Windows Server 2003 R2. FRS and DFS Replication can co-exist > on the same member server or domain controller. > > > A shame, but true! DFS-R really rocks!!! It is way better than NTFRS! > > Cheers > #JORGE# > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Carlos Magalhaes > Sent: Tue 8/2/2005 11:15 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Biggest AD Gripes > > > > * Using the new DFS-Replication mechanism in R2 for the SYSVOL > > This is available AFAIK if all your servers are running R2 :P > > Carlos Magalhaes > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells > Sent: 02 August 2005 09:59 PM > To: Send - AD mailing list > Subject: RE: [ActiveDir] Biggest AD Gripes > > http://www.novell.com :o) > > Bloody NetWare bigot ... > > -- > Dean Wells > MSEtechnology > * Email: [EMAIL PROTECTED] > http://msetechnology.com > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Almeida > Pinto, Jorge de > Sent: Tuesday, August 02, 2005 2:06 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Biggest AD Gripes > > A while ago I put some AD feature thoughts in a textfile not knowing > what to do with them at that moment > > Here goes: > > * Active Directory thoughts: > * OU = security principal > * Possibility to merge Forests > * "Cut and paste" a domain from one forest to another > * Domain concept: > * Domain controller -> directory server (not specific > to a certain domain, but hosting naming contexts) > * Password policies not only per domain but also per > OU > * Keep domain as a replication boundary but remove the > flat structure (prevent context login like NDS -> Aliases?) > * Multiple replication boundaries (naming > contexts) per > directory server > * Remove domain as an entity. Forest is only entity > needed > * Integrate file system and possible other resources into the > directory (e.g. search where security principals are used) > * Permissioning TOP-DOWN and BOTTOM-UP (file system) > * Delegation of Control: ability to dictate MEMBERS attribute > AND the MEMBEROF attribute (so the possibility exists to dictate which > users can be added to what groups) > * Disabling sidhistory? > * Loginscripts at container level > * Using the new DFS-Replication mechanism in R2 for the SYSVOL > > Just some thoughts. Interesting? > > Cheers, > #JORGE# > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Tuesday, August 02, 2005 18:25 > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Biggest AD Gripes > > So what are everyone's biggest AD Gripes? I am not talking about > gripes about things that use AD like GPOs[1] or Exchange or NFS or > anything else like that. I mean actual AD really missed the boat > because of this that or the other thing. > > Like > > o I dislike that when you defunct an attribute it doesn't purge the > information in the directory for that attribute. > > o The fact that AD Security policy is managed through a technology > dependent on AD and replicates both within AD and the other > technology. > > o I dislike that there is no true schema delete. > > o I dislike the fact that I can't specify which branches of the tree > replicate where. > > o I dislike the fact that GUIDs are represented in multiple ways in > the directory. > > o I dislike the implementation of property sets especially since they > could be so incredible awesomely cool. Specifically I dislike that an > attribute can only be in a single property set. > > o I dislike creator/owner on SDs. > > o I dislike the lack of configurable business rules. > > o I dislike the fact that I can't run multiple domains on a single > domain controller. > > > > Etc etc. I have more but lets see what others say. Everyone pipe up. > Let's pretend that MS will actually see this, let's further say let's > pretend MS AD Developers will see this. What would you tell them if > you were sitting in the room with them? > > > > joe > > > > > > [1] I do not consider GPOs to be part of AD. They are a technology > that leverages AD. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
