I don't think the rest of the planet loves DNS, I think a lot of
people put up with it as a necessary evil due to exactly the reason
you state. There isn't even a viable option on the table. WINS simply
won't scale due to the lack of hierarchy. I myself also realize that
it is a necessary evil but it doesn't mean I have to necessarily like
it. ;o) I certainly don't like managing it nor running it as
integrated into the AD itself. The fact that AD is critically
dependent on a service that it itself provides smacks my internal
like it or hate it sensors about. I am very much pro-someone else
running DNS properly and I run AD properly.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Rick Kingslan
*Sent:* Sunday, October 09, 2005 11:31 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Adding custom fields to AD
"what would you think would be a good replacement for dns/wins?"
There currently isn't one. Not really even a viable option on the
table. joe doesn't like DNS. The rest of the planet loves DNS -
including those eggheads (loveable eggheads that they are) at IETF
are the holders of the standards, and they love DNS too. :-)
Microsoft fought hard to get TO standards cooperation . Don't look
for anything in the near future to break away from that in regards to
DNS.
Rick
--
Posting is provided "AS IS", and confers no rights or warranties ...
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Tom Kern
*Sent:* Saturday, October 08, 2005 4:44 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Adding custom fields to AD
I've had the reverse-
last place i worked at had corrupted WINS at least once every 2
months(this could of been due to my lousy admin skills)
i've never had issues with dns(could be my dumb luck)
now i work for a corp that has netbios/tcp disabled and relies solely
on dns(both MS and BIND) with no name resolution issues.
also wins replication seems much more complex than standard
primary/secondary dns replication.
and i'm not one to think i know anything as an admin or would even
think of getting into such a disscussion with someone as experienced
and knowldgable as you, but i've always found dns easier than wins
and netbios names in general.
my only diffculty came with learning dns on BIND/Linux and just
wrapping my head around AD intergrated dns when i first came to Windows.
sometimes when you learn something via the command line, using the
gui just confuses things.
then again i'm probably one of those guys who "thinks" he knows dns
but really doesn't know anything and hasen't found out yet :(
what would you think would be a good replacement for dns/wins?
thanks
On 10/8/05, *joe* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
I wasn't saying I like WINS better than DNS or vice versa, just
said I don't like DNS. I especially dislike the AD/DNS
integration. I don't like chicken and egg problems.
BTW, as you bring up WINS. 1. I've never had a corrupted WINS
Database. 2. Fewer admins had name resolution issues replication
based issues with WINS than they do with DNS. 3. The complexity
of DNS seems to put many admins off the deep end, interestingly
enough, the same admins who said they couldn't figure out WINS
say they know all about DNS.
But again, my comment wasn't I like WINS more than DNS, or I like
any name resolution systems better than DNS, it was simply I
don't like DNS.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Tom Kern
*Sent:* Saturday, October 08, 2005 12:42 PM
*To:* ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
*Subject: *Re: [ActiveDir] Adding custom fields to AD
ok, i'll bite.
GPO's, i understand but whats there to hate about DNS?
its better than WINS.
I've never had a corrputed dns database.
thanks
On 10/8/05, *joe* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Yeah, GPOs aren't AD. GPOs are an application that use AD. I
hate GPOs. DNS
too.
:o)
-----Original Message-----
From: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] On Behalf Of
Rick Kingslan
Sent: Saturday, October 08, 2005 11:19 AM
To: ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Adding custom fields to AD
Interesting question - and as to the 'implode point' for
ESE/Jet Blue,
Brettsh can answer that one. I'm pretty sure that we have a
good idea on
where the point of diminishing returns is, but it likely FAR
exceeds what
anyone might practically do today - even with added classes
and attributes.
As for why ESE - it works, it is self maintaining to a great
degree, there
is very little overhead in the DB, and it is quite optimized
to the type of
work that is required for AD. Brettsh can certainly add more.
I am one for preaching more svelte attitudes on your AD. As
joe mentions -
it's for authN purposes first and foremost. It CAN handle
DNS, it does GPO
(though - truth be told the majority of GPO function is but a
link to an
attribute, while the actual GPO pieces reside in SYSVOL, so
not much AD -
lots of FRS), etc.
App Parts make sense in some arenas where the amount of data
is going to be
very small and contained to just a few areas. I, too, like
joe advocate
ADAM. I try to sell ADAM constantly as THE solution for most
anything that
doesn't have to do with authN. Customer AppDev wants to
stuff new things
into AD constantly. Partly, they don't know the down
sides. Partly, they
think they have to learn something new. Partly, they don't
really care if
YOUR AD is affected by their decisions, as long as they
deliver the solution
in the timeframe specified. So, it's up to you, Mr. Admin
and Mr. Architect
to tell whoever wants to use your AD, no - we don't do it
that way because
it's very bad. We will use ADAM. Get used to it.
Rick
-----Original Message-----
From: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] On Behalf Of Mylo
Sent: Friday, October 07, 2005 8:04 PM
To: ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
Subject: Re: [ActiveDir] Adding custom fields to AD
That's a good point about plonking stuff in AD.... a case of
once a good
thing comes along everyone wants to climb aboard. I remember
doing ZENworks
stuff with Novell where all the application configuration
information for
software distribution was shunted into NDS/E-Directory... all
that bloat
adds up replication-wise (still, at least there was
partitioning).
One thing I am curious about though is why MS opted for
JET as the DB of
choice for AD.. was it the only viable option at the time ?
What's the
ceiling on actual database size before it caves in
(performance-wise)?
Mylo
joe wrote:
I am going to basically say what the other said only I am
going to put
it this way
IF the data needs to be available at all locations or a
majority of
locations where your domain controllers are located, consider
adding
the data to AD.
IF the data is going to be needed only at a couple of sites
or a single
site, put them into another store. My preference being AD/AM
unless you
need to do some complicated joins or queries of the data that
LDAP
doesn't support.
There is also the possibility of using app partitions but if
you were
going to go that far, just use AD/AM.
The thing I have about sticking this data into AD is that AD is
becoming, in many companies, a dumping ground of all the crap
that was
in all the other directories in the company. I realize this
was the
initial view from MS on how this should work but I worked in
a large
company and thought that was silly even then.
The number one most important thing for AD is to authenticate
Windows
users.
Every time you dump more crap into AD you are working towards
impacting
that capability or the capability to quickly restore or the
ability to
quickly add more DCs. The more I see the one stop everything
loaded
into ADs the more I think that the NOS directory should be
NOS only.
Plus, I wonder how long before we hit some interesting object
size
limits. I have asked for details from some MS folks a couple
of times
on the issues with admin limit exceeded errors that you get when
overpopulating a normal multivalue attribute (i.e. not
linked) and it
causing no other attributes to be added to the object. I
wonder what
other
limits like that exist.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] On Behalf Of
Steve Shaff
Sent: Tuesday, August 09, 2005 12:16 PM
To: ActiveDir@mail.activedir.org
<mailto:ActiveDir@mail.activedir.org>
Subject: [ActiveDir] Adding custom fields to AD
Group,
My manager wanted me to check, even though, I don't think
that it is
possible, but, I will present the question.
He would like to add some custom fields, about 30, to AD. He
would
like to add bio information into AD to be pulled by
Sharepoint and
other applications for people to read. I think that this is a
waste of
time, space and effort. However, it is not my call and if
this is what
he
wants....
What are everyone's thoughts on the topic?
Thanks
S
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
<http://www.mail-archive.com/activedir%40mail.activedir.org/>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
<http://www.mail-archive.com/activedir%40mail.activedir.org/>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
<http://www.activedir.org/List.aspx>
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
<http://www.mail-archive.com/activedir%40mail.activedir.org/>
List info : http://www.activedir.org/List.aspx
<http://www.activedir.org/List.aspx>
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
