We have to stay realistic as well, or I'm just going to add "diamond studded admin chair with free back massager, to sit in when working on AD" to the list ;-). It's all well and good to say "It isn't easy" but if what you're talking about would essentially break the system and make it unusable for the way lots of server apps currently use it, then it surely isn't viable. Compatibility with existing LDAP-based apps, let alone stuff that ties more closely to AD, has to be solved before this can even make a start. Microsoft already get accused of subverting open protocols enough without _trying_ to pick a fight! Lastly, as I said before, even if they can solve this, has it just made the system too complex for the target SME businesses to deploy? The "on one OS" qualifier aside, you really have just described Microsoft's or VMWare's virtualisation products, and given the technical issues this is probably the best way of delivering multiple DCs on one box. As to what I would like to see, Rich's idea of a "hot spare" that can hold offline replicas for multiple domains might be an achievable compromise to this issue. I also want to be able to set domain account password security policies on a per OU basis. -- Robert Moir Microsoft MVP for Windows Servers & Security Senior IT Systems Engineer Luton Sixth Form College "He's back, and this time he's got a portable bulk-eraser!!!"
________________________________ From: [EMAIL PROTECTED] on behalf of Charlie Kaiser Sent: Wed 05/10/2005 22:47 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Active Directory wish list Not being an OS architect, I'm not sure how MS would make it work (obviously it's not easy) but I would think something along the lines of different IP addresses per domain and using DNS to resolve the domain to an IP or host headers or multiple NICs or something like that... The idea is that it would look externally like multiple DCs, but they would be on one OS... If you can put multiple websites on one server and have them look different, maybe they can do the same with domains... Never said it was easy; this is a wish list, after all... :-) ********************** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR > Sent: Wednesday, October 05, 2005 1:17 PM > To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Active Directory wish list > > How would LDAP apps easily address multiple AD domains hosted > on one server? What if you wanted to make this box a GC for > more than one domain? How easily can you configure apps like > Exchange to cope with this? I say "easily" because you talk > about SMEs using this function, which are the places that > might be less well equipped to figure out the support impact > on those apps from having to make them work with this arrangement. > > Or the cost of buying and implementing upgrades that figure > it out for them... that money we saved on the seperate > hardware boxes just went bye-bye... Oh well, at least > multiple domains on one hardware box *sounds* cool. > > Rob > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: Tuesday, October 04, 2005 6:37 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Active Directory wish list > > I'd also like to see the ability to run DCs for multiple > domains on the same > server. SMBs with limited resources balk at having to buy > additional server > hardware for redundancy on multiple domains, especially when > the AD load on > the DCs is minimal. This feature sounds like an offshoot of > your list below. > If you can run AD as a service, it might not be that hard to > allow multiple > domains similar to multiple websites/DBs on one server... > > I remember discussing this with Stuart Kwan at DEC a couple > of years ago. I > hope it makes it into the mix... > > ********************** > Charlie Kaiser > W2K3 MCSA/MCSE/Security, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of joe > > Sent: Tuesday, October 04, 2005 4:25 PM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] Active Directory wish list > > > > Vista is the client OS. I don't believe they have named Longhorn > > Server yet.I am voting for something like Windows Server 5.4.0 or > > something like that. I realize that the marketing group would have > > something to say about it but I figure the best thing from > them is if > > they pronounced their thoughts from the bottom of Lake Washington. > > People don't install servers because they have cool names. > > > > The biggest non-NDA pieces that I have heard announced in > conferences > > or seen on the web already is the Read Only DC to limit security > > exposure for WAN deployments, restartable AD that can be > > stopped/started as necessary, DA/Admin separation so that > you can have > > an Admin on a DC that "can't" achieve Domain-wide DA level > rights, and > > DCs running on Server Foundation or now its called Server Core which > > is a GUI-challenged Windows Server. > > > > I can also say that there are a myriad of GUI updates for the Admin > > tools though I can't state specifics. BJ Whalen who was > involved with > > the GPMC project has been brought in to work on admin experience and > > anyone who has worked with GPOs with and without GPMC know that he > > really helped out. > > > > All in all, there is some very cool stuff and MS has really been > > listening to the community on what they want and need. I know that > > this list is watched for ideas and such and has been the source of > > DCRs internally. So if you have ideas, spout them here, > they will most > > certainly be heard. They may not make Longhorn as it is > getting a bit > > late to add major changes but your ideas could make it into a later > > rev. > > > > > > joe > > > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Steven Wood > > Sent: Monday, October 03, 2005 3:46 PM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Active Directory wish list > > > > > > Hi, > > > > With Windows Vista on it's way what's on people's wish list > as far as > > Active Directory is concerned? Also are there any big enhancements > > due? > > > > Thanks > > Steven > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
