Won't work for me. I have about 50,000 users in my home AD on about 3 domains and 8 DCs... Oh I also have trusts to a couple of R2 and NT4 Domains. <eg>
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Monday, October 10, 2005 3:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding custom fields to AD :-P I think someone needs to run SBS at home. See what nice solid DNS/AD is all about :-) <lurk mode back on> joe wrote: > Heck NetBEUI with all broadcasts would work perfect for all internal > SBS needs. :o) > > ---------------------------------------------------------------------- > -- > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Susan > Bradley, CPA aka Ebitz - SBS Rocks [MVP] > *Sent:* Monday, October 10, 2005 12:33 AM > *To:* ActiveDir@mail.activedir.org > *Subject:* Re: [ActiveDir] Adding custom fields to AD > > <cough> > > I love DNS and AD and argue strongly for the glue all the time. > {example answer in SBS newsgroup to person not wanting a > domain....."why in the WORLD do you want to run as workgroup? A > domain is just a workgroup with more toys!"} > > But then again I run insecure SBS where our wizards set up the glue > for us and we don't have to worry about it. > > <okay back to lurking> > > joe wrote: > >> I don't think the rest of the planet loves DNS, I think a lot of >> people put up with it as a necessary evil due to exactly the reason >> you state. There isn't even a viable option on the table. WINS simply >> won't scale due to the lack of hierarchy. I myself also realize that >> it is a necessary evil but it doesn't mean I have to necessarily like >> it. ;o) I certainly don't like managing it nor running it as >> integrated into the AD itself. The fact that AD is critically >> dependent on a service that it itself provides smacks my internal >> like it or hate it sensors about. I am very much pro-someone else >> running DNS properly and I run AD properly. >> >> >> >> --------------------------------------------------------------------- >> --- >> *From:* [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] *On Behalf Of *Rick >> Kingslan >> *Sent:* Sunday, October 09, 2005 11:31 AM >> *To:* ActiveDir@mail.activedir.org >> *Subject:* RE: [ActiveDir] Adding custom fields to AD >> >> "what would you think would be a good replacement for dns/wins?" >> >> There currently isn't one. Not really even a viable option on the >> table. joe doesn't like DNS. The rest of the planet loves DNS - >> including those eggheads (loveable eggheads that they are) at IETF >> are the holders of the standards, and they love DNS too. :-) >> >> Microsoft fought hard to get TO standards cooperation . Don't look >> for anything in the near future to break away from that in regards to >> DNS. >> >> Rick >> >> -- >> Posting is provided "AS IS", and confers no rights or warranties ... >> >> >> >> >> --------------------------------------------------------------------- >> --- >> *From:* [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] *On Behalf Of *Tom Kern >> *Sent:* Saturday, October 08, 2005 4:44 PM >> *To:* ActiveDir@mail.activedir.org >> *Subject:* Re: [ActiveDir] Adding custom fields to AD >> >> I've had the reverse- >> last place i worked at had corrupted WINS at least once every 2 >> months(this could of been due to my lousy admin skills) i've never >> had issues with dns(could be my dumb luck) now i work for a corp that >> has netbios/tcp disabled and relies solely on dns(both MS and BIND) >> with no name resolution issues. >> also wins replication seems much more complex than standard >> primary/secondary dns replication. >> >> >> and i'm not one to think i know anything as an admin or would even >> think of getting into such a disscussion with someone as experienced >> and knowldgable as you, but i've always found dns easier than wins >> and netbios names in general. >> >> my only diffculty came with learning dns on BIND/Linux and just >> wrapping my head around AD intergrated dns when i first came to Windows. >> sometimes when you learn something via the command line, using the >> gui just confuses things. >> >> then again i'm probably one of those guys who "thinks" he knows dns >> but really doesn't know anything and hasen't found out yet :( >> >> >> what would you think would be a good replacement for dns/wins? >> thanks >> >> >> On 10/8/05, *joe* <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> wrote: >> >> I wasn't saying I like WINS better than DNS or vice versa, just >> said I don't like DNS. I especially dislike the AD/DNS >> integration. I don't like chicken and egg problems. >> >> BTW, as you bring up WINS. 1. I've never had a corrupted WINS >> Database. 2. Fewer admins had name resolution issues replication >> based issues with WINS than they do with DNS. 3. The complexity >> of DNS seems to put many admins off the deep end, interestingly >> enough, the same admins who said they couldn't figure out WINS >> say they know all about DNS. >> >> But again, my comment wasn't I like WINS more than DNS, or I like >> any name resolution systems better than DNS, it was simply I >> don't like DNS. >> >> >> ------------------------------------------------------------------------ >> *From:* [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> [mailto: >> [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>] *On Behalf Of *Tom Kern >> *Sent:* Saturday, October 08, 2005 12:42 PM >> >> *To:* ActiveDir@mail.activedir.org >> <mailto:ActiveDir@mail.activedir.org> >> *Subject: *Re: [ActiveDir] Adding custom fields to AD >> >> >> ok, i'll bite. >> GPO's, i understand but whats there to hate about DNS? >> its better than WINS. >> I've never had a corrputed dns database. >> >> thanks >> >> >> On 10/8/05, *joe* <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> wrote: >> >> Yeah, GPOs aren't AD. GPOs are an application that use AD. I >> hate GPOs. DNS >> too. >> >> :o) >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> [mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>] On Behalf Of >> Rick Kingslan >> Sent: Saturday, October 08, 2005 11:19 AM >> To: ActiveDir@mail.activedir.org >> <mailto:ActiveDir@mail.activedir.org> >> Subject: RE: [ActiveDir] Adding custom fields to AD >> >> Interesting question - and as to the 'implode point' for >> ESE/Jet Blue, >> Brettsh can answer that one. I'm pretty sure that we have a >> good idea on >> where the point of diminishing returns is, but it likely FAR >> exceeds what >> anyone might practically do today - even with added classes >> and attributes. >> >> As for why ESE - it works, it is self maintaining to a great >> degree, there >> is very little overhead in the DB, and it is quite optimized >> to the type of >> work that is required for AD. Brettsh can certainly add more. >> >> I am one for preaching more svelte attitudes on your AD. As >> joe mentions - >> it's for authN purposes first and foremost. It CAN handle >> DNS, it does GPO >> (though - truth be told the majority of GPO function is but a >> link to an >> attribute, while the actual GPO pieces reside in SYSVOL, so >> not much AD - >> lots of FRS), etc. >> >> App Parts make sense in some arenas where the amount of data >> is going to be >> very small and contained to just a few areas. I, too, like >> joe advocate >> ADAM. I try to sell ADAM constantly as THE solution for most >> anything that >> doesn't have to do with authN. Customer AppDev wants to >> stuff new things >> into AD constantly. Partly, they don't know the down >> sides. Partly, they >> think they have to learn something new. Partly, they don't >> really care if >> YOUR AD is affected by their decisions, as long as they >> deliver the solution >> in the timeframe specified. So, it's up to you, Mr. Admin >> and Mr. Architect >> to tell whoever wants to use your AD, no - we don't do it >> that way because >> it's very bad. We will use ADAM. Get used to it. >> >> Rick >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> [mailto: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>] On Behalf Of Mylo >> Sent: Friday, October 07, 2005 8:04 PM >> To: ActiveDir@mail.activedir.org >> <mailto:ActiveDir@mail.activedir.org> >> Subject: Re: [ActiveDir] Adding custom fields to AD >> >> That's a good point about plonking stuff in AD.... a case of >> once a good >> thing comes along everyone wants to climb aboard. I remember >> doing ZENworks >> stuff with Novell where all the application configuration >> information for >> software distribution was shunted into NDS/E-Directory... all >> that bloat >> adds up replication-wise (still, at least there was >> partitioning). >> >> One thing I am curious about though is why MS opted for >> JET as the DB of >> choice for AD.. was it the only viable option at the time ? >> What's the >> ceiling on actual database size before it caves in >> (performance-wise)? >> >> Mylo >> >> joe wrote: >> >>>I am going to basically say what the other said only I am >> going to put >>>it this way >>> >>>IF the data needs to be available at all locations or a >> majority of >>>locations where your domain controllers are located, consider >> adding >>>the data to AD. >>> >>>IF the data is going to be needed only at a couple of sites >> or a single >>>site, put them into another store. My preference being AD/AM >> unless you >>>need to do some complicated joins or queries of the data that >> LDAP >>>doesn't support. >>> >>>There is also the possibility of using app partitions but if >> you were >>>going to go that far, just use AD/AM. >>> >>>The thing I have about sticking this data into AD is that AD is >>>becoming, in many companies, a dumping ground of all the crap >> that was >>>in all the other directories in the company. I realize this >> was the >>>initial view from MS on how this should work but I worked in >> a large >>>company and thought that was silly even then. >>> >>>The number one most important thing for AD is to authenticate >> Windows >> users. >>>Every time you dump more crap into AD you are working towards >> impacting >>>that capability or the capability to quickly restore or the >> ability to >>>quickly add more DCs. The more I see the one stop everything >> loaded >>>into ADs the more I think that the NOS directory should be >> NOS only. >>>Plus, I wonder how long before we hit some interesting object >> size >>>limits. I have asked for details from some MS folks a couple >> of times >>>on the issues with admin limit exceeded errors that you get when >>>overpopulating a normal multivalue attribute (i.e. not >> linked) and it >>>causing no other attributes to be added to the object. I >> wonder what >>>other >> limits like that exist. >>> >>> >>> >>> joe >>> >>> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >>>[mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>] On Behalf Of >> Steve Shaff >>>Sent: Tuesday, August 09, 2005 12:16 PM >>>To: ActiveDir@mail.activedir.org >> <mailto:ActiveDir@mail.activedir.org> >>>Subject: [ActiveDir] Adding custom fields to AD >>> >>>Group, >>> >>>My manager wanted me to check, even though, I don't think >> that it is >>>possible, but, I will present the question. >>> >>>He would like to add some custom fields, about 30, to AD. He >> would >>>like to add bio information into AD to be pulled by >> Sharepoint and >>>other applications for people to read. I think that this is a >> waste of >>>time, space and effort. However, it is not my call and if >> this is what >>>he >> wants.... >>> >>>What are everyone's thoughts on the topic? >>> >>>Thanks >>>S >>>List info : http://www.activedir.org/List.aspx >>>List FAQ : http://www.activedir.org/ListFAQ.aspx >>>List archive: >>> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> <http://www.mail-archive.com/activedir%40mail.activedir.org/> >>> >>>List info : http://www.activedir.org/List.aspx >>>List FAQ : http://www.activedir.org/ListFAQ.aspx >>>List archive: >>>http://www.mail-archive.com/activedir%40mail.activedir.org/ >> <http://www.mail-archive.com/activedir%40mail.activedir.org/> >>> >>> >>> >>> >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> List info : http://www.activedir.org/List.aspx >> <http://www.activedir.org/List.aspx> >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> <http://www.mail-archive.com/activedir%40mail.activedir.org/> >> >> List info : http://www.activedir.org/List.aspx >> <http://www.activedir.org/List.aspx> >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> >> > List info : http://www.activedir.org/List.aspx List FAQ : > http://www.activedir.org/ListFAQ.aspx List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
