> or an entirely new model not yet conceived ... Perhaps something that doesn't require NT4 to W2K style migration headaches to keep people from moving to it the way that migration did... I'd hate to see a show of hands for who here is still trying to determine if they should "make that leap" off NT4... IMHO, at the rate the server infrastructure field is evolving, if Blackcomb looks like W2K under the covers with a lot of enhancements, MS is going to have a hard time getting people to move to it. Look at the heavy trends towards virtualization in only the past couple of years, and at the new face the Internet has with spam, viruses, and exploits in the past few years. Blackcomb is due in, what, 7 years? A lot can happen in 7 years. Maybe I'm alone in this opinion, but with as far as things have come, things like AD replication are too hard (for what they should be). And it's too easy to back yourself into a corner when designing your infrastructure, because to some extent you still have to design to the limitations and nuances of the OS (at least with Windows). I think Dean may have something here... perhaps us saying how AD domains should work is too short-sighted? How should it work? Either the guys at Microsoft are going to come up with something, or just modify the same old stuff, or maybe this list and forums like it with the brain trust that exists here can help suggest the directions. ?? just a few p for thought...
Rich ------------------------------------------------------------------------ --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ------------------------------------------------------------------------ --- "I am always doing that which I can not do, in order that I may learn how to do it." - Pablo Picasso -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, October 10, 2005 10:59 AM To: Send - AD mailing list Subject: RE: [ActiveDir] BlackComb Super Forest Functional Mode Good suggestion Joe and, in principal, I agree ... but were that to make it to reality, I'd question why the legacy domain model persists. Domains are, IMO, an outdated and overly rigid technology ... obviously, there many features that would require significant modification (some of which will hopefully be covered by Longhorn). Perhaps flexible partitioning within a single tree or an entirely new model not yet conceived ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, October 10, 2005 7:32 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] BlackComb Super Forest Functional Mode To move this in a slightly different direction. How would people feel about a BlackComb Super Forest Functional Mode where not only are DCs impacted but every machine touching the DCs are affected. I.E. MS allows multiple domains on a single DC but not for any pre-BlackComb clients. I.E. Complete break with legacy capability? Personally I wouldn't mind seeing something like that but how do others feel about it. Once in this mode, no going back. Legacy clients pre-Blackcomb have no clue how to use the domains, etc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, October 10, 2005 10:10 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Active Directory wish list While I generally agree this would be great, I have to ask about eDir and it's authentication abilities. IIRC, multiple domains via LDAP only work just fine. It's called ADAM in its latest incarnation. But for the authentication[1] and other apps that support/work with AD to provide identity services (Kerb, DNS, GPOs, etc) might not be a good fit for a multi-instance/single-server deployment. LDAP sure. The other apps, I'm not so sure. I'm curious, Charlie and Neil. What services do these SMB's offer that they need multiple instances of DC's? I realize that a best practice is to have multiple servers that can provide some failure tolerant behaviors, but I'm wondering what type of work a SMB does that requires multiple full blown AD domain instances and therefore multiple servers etc. Can you expand that? [1] LDAP is not an authentication protocol; Kerberos is though. -ajm CCBW >From: <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: <ActiveDir@mail.activedir.org> >Subject: RE: [ActiveDir] Active Directory wish list >Date: Mon, 10 Oct 2005 08:52:25 +0100 > >Maybe you should read about eDIR/NDS... :) Novell did this back in '93. > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley >[MVP] >Sent: 06 October 2005 01:51 >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] Active Directory wish list > >I'd be surprised if we see this in my lifetime, or at least before I >retire. > >Ed Crowley MCSE+Internet MVP >Freelance E-Mail Philosopher >Protecting the world from PSTs and Bricked Backups!T > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser >Sent: Wednesday, October 05, 2005 2:34 PM >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] Active Directory wish list > >What I want is to be able to run multiple domains on one OS >installation and segment the directories from each other. That way I >don't need to run multiple licenses of the OS, nor do I need hardware >that can power 4 VMs. >I already run VMs using VMWare in my test lab; it works but I'd prefer >to be able to run AD as a service and have it be smart enough to be >able to segment itself without needing a separate OS... > >********************** >Charlie Kaiser >W2K3 MCSA/MCSE/Security, CCNA >Systems Engineer >Essex Credit / Brickwalk >510 595 5083 >********************** > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley > > [MVP] > > Sent: Wednesday, October 05, 2005 10:07 AM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] Active Directory wish list > > > > You can. It's called Microsoft Virtual Server. > > > > Ed Crowley MCSE+Internet MVP > > Freelance E-Mail Philosopher > > Protecting the world from PSTs and Bricked Backups!T > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Charlie > > Kaiser > > Sent: Tuesday, October 04, 2005 6:37 PM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] Active Directory wish list > > > > I'd also like to see the ability to run DCs for multiple domains on > > the same server. SMBs with limited resources balk at having to buy > > additional server hardware for redundancy on multiple domains, > > especially when the AD load on the DCs is minimal. This feature > > sounds > > > like an offshoot of your list below. > > If you can run AD as a service, it might not be that hard to allow > > multiple domains similar to multiple websites/DBs on one server... > > > > I remember discussing this with Stuart Kwan at DEC a couple of years > > ago. I hope it makes it into the mix... > > > > ********************** > > Charlie Kaiser > > W2K3 MCSA/MCSE/Security, CCNA > > Systems Engineer > > Essex Credit / Brickwalk > > 510 595 5083 > > ********************** > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of joe > > > Sent: Tuesday, October 04, 2005 4:25 PM > > > To: ActiveDir@mail.activedir.org > > > Subject: RE: [ActiveDir] Active Directory wish list > > > > > > Vista is the client OS. I don't believe they have named Longhorn > > > Server yet.I am voting for something like Windows Server 5.4.0 or > > > something like that. I realize that the marketing group would have > > > something to say about it but I figure the best thing from > > them is if > > > they pronounced their thoughts from the bottom of Lake Washington. > > > People don't install servers because they have cool names. > > > > > > The biggest non-NDA pieces that I have heard announced in > > conferences > > > or seen on the web already is the Read Only DC to limit security > > > exposure for WAN deployments, restartable AD that can be > > > stopped/started as necessary, DA/Admin separation so that > > you can have > > > an Admin on a DC that "can't" achieve Domain-wide DA level > > rights, and > > > DCs running on Server Foundation or now its called Server > > Core which > > > is a GUI-challenged Windows Server. > > > > > > I can also say that there are a myriad of GUI updates for the > > > Admin tools though I can't state specifics. BJ Whalen who was > > involved with > > > the GPMC project has been brought in to work on admin > > experience and > > > anyone who has worked with GPOs with and without GPMC know that he > > > really helped out. > > > > > > All in all, there is some very cool stuff and MS has really been > > > listening to the community on what they want and need. I know that > > > this list is watched for ideas and such and has been the source of > > > DCRs internally. So if you have ideas, spout them here, > > they will most > > > certainly be heard. They may not make Longhorn as it is > > getting a bit > > > late to add major changes but your ideas could make it into a > > > later rev. > > > > > > > > > joe > > > > > > > > > ________________________________ > > > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Steven > > > Wood > > > Sent: Monday, October 03, 2005 3:46 PM > > > To: ActiveDir@mail.activedir.org > > > Subject: [ActiveDir] Active Directory wish list > > > > > > > > > Hi, > > > > > > With Windows Vista on it's way what's on people's wish list > > as far as > > > Active Directory is concerned? Also are there any big enhancements > > > due? > > > > > > Thanks > > > Steven > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > >PLEASE READ: The information contained in this email is confidential >and intended for the named recipient(s) only. If you are not an >intended recipient of this email please notify the sender immediately >and delete your copy from your system. You must not copy, distribute or >take any further action in reliance on it. Email is not a secure method >of communication and Nomura International plc ('NIplc') will not, to >the extent permitted by law, accept responsibility or liability for (a) >the accuracy or completeness of, or (b) the presence of any virus, worm >or similar malicious or disabling code in, this message or any >attachment(s) to it. If verification of this email is sought then >please request a hard copy. Unless otherwise stated this email: (1) is >not, and should not be treated or relied upon as, investment research; >(2) contains views or opinions that are solely those of the author and >do not necessarily represent those of NIplc; (3) is intended for >informational purposes only and is not a recommendation, solicitation >or offer to buy or sell securities or related financial instruments. >NIplc does not provide investment services to private customers. >Authorised and regulated by the Financial Services Authority. >Registered in England no. 1550505 VAT No. 447 2492 35. Registered >Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the >Nomura group of companies. > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/