Re: [ActiveDir] admt 2.0 - nt4 computer migration
Gentlemen, thanks to all for your contributions to this. will be going to customer site later this week to do some exhaustive testing on this issue (assuming of course that the computers have not melted in the ridiculously warm weather we are having here !) any other things that you can add will be v gladly received. GT - Original Message - From: Rick Kingslan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 11, 2003 11:16 PM Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration Stuart, Graham - The Agent exec is ADMTAGNT.EXE. Also, I don't remember it running under the Explorer process, as when we did our migrations (well, the on-going saga...) it was an easy matter to check how a machine was doing by bringing up task manager to determine status and load on the box. Had to do this numerous times as workstations took too long and we needed to determine the real status of the process. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart Sent: Friday, July 11, 2003 3:41 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration G, Can't really speak to the specific technical upgrade process for ADMT. If I remember correctly, we simply installed the latest version over the top of the new one and everything seemed to work out. I think we did have to reinstall the password export service again... We ran the majority of our migrations from the ADMTv2 off of the .Net Server (e.g. 2003) Beta 3 CD. We wanted the v2 because of the password migration bit. We did update the ADMT from the Beta3 version to the RC1 version at about 3/4 through our migration. We didn't really see any differences and upgrading didn't solve a broke workstation migration issue we were having on a dual-proc machine. If it is the NT policy, then on the NT workstation you are trying to migrate, back out the allowed run policy and then try the migration again. If changing the policy via poledit doesn't work you can try looking at the reg keys. JSI FAQ (http://www.jsiinc.com/SUBA/tip/rh0050.htm) lists the two you need to look at (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er\ RestrictRun = 1 and entries under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\RestrictRun). Test the workstation by running some unallowed application first so that you know the policy has really been backed out and not reapplied through whatever your distribution mechanism is. If backing off the NT policy doesn't work then re-verify the ADMT setup (http://support.microsoft.com/?kbid=260871). Can you migrate any other NT/2000/XP workstations? If so then ADMT is probably set up correctly and the trouble will be with the specific NT workstation build. According to JSI's note 0362, the RestrictRun policy only works on processes run from the Explorer process. I have no clue if the agent process is being remotely initiated on the workstation via the Explorer process but if between workee and no-workee this is the only difference. Additionally, I couldn't find in my brief surfing expedition what specifically the agent .exe are. Looking at our ADMT console the two probable candidates are ADMTAgnt.exe and DCTAgentService.exe. If the only solution is to add the agent executables to the allowed list then hopefully someone else on the mailing list knows what these really are. Stuart Fuller Active Directory State of Montana -Original Message- From: Graham Turner [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 12:25 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration Stuart, i share your views. i have assmued this is going to be a problem general to NT4 workstation migration - based on first two tested - both failed with identical message. the number of NT4 workstations still in production means a manual migration is not the most practical option. in the course of resolving this i have observed that the contents of the ADMT2 distribution are about 8 months more recent than the production ADMT2 programs that were in good faith !! from the .NET RC1 media, i am assuming the upgrade to be a supported process and will just see if this issue is not specific to ADMT version - i have also noted from netiq.com that they had to patch migration software to resolve similar issues of computer migration migration - do you have any issues specific to versions of ADMT ?? if it does prove to be issues of the allowedrunlist whacking me then the question remains as to what exe's need to be added to support the ADMT operation thanks for your support GT - Original Message - From: Fuller, Stuart [EMAIL PROTECTED] To: [EMAIL
RE: [ActiveDir] what to do with DMZ servers
Title: Message Technically, we have 1 person. But he's a Director level, so he has some weight. It helps that he's also spent a lot of time with the sysadmin lead (me) and the network engineer (sits next to me). One of the best aspects of our company is that we've all worked together for a relatively long time - I'm the newest of the 3 of us, and I've been here just under 4 years. Sounds like it worked out in the end for you, though. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 4:30 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers That would be me. The lone man fighting that battle. You have a whole staff of people for that? Man...that must be nice J I have gotten them to compromise (well actually to design it right but make them think they won). They can create their empty root structure with our internal domain as a child domain of the rootand Ill get a separate forest/domain for the DMZ. -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 6:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers Where does your infosec staff fall on this issue? I'd assume any security specialist worth employing would agree with the separate domain concept. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:55 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers Have the exact same situation here. We currently have a separate NT domain (for a security boundary) for our INET machines. These machines exist on a DMZ...and run public internet sites that connect to a SQL backend inside our network. An ISA server provides the firewall and proxy services. Im currently having a fight with the operations staff on design. They want to do the Empty Root/two subdomain model (because they read a lot of useless MOC Courseware books). I can personally see very little benefit to consolidating these two separate domains into one forest. They see no logic in having a separate forest/separate domain for the Internet systems. Nothing short of a case study will sway them I believeany decent documents comparing the two? Or frankly..any documents that recommend a separate forest for your internet systems as a security boundary? -Original Message-From: Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:29 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] what to do with DMZ servers I have a question... (Assuming that the Servers in the DMZ are already away from the in-house domain) If before the upgrade none of the servers needed AD or access to your in-house domain, why would you want them to have it after the upgrade? J Just thinking semi-logically... Thanks, Raymond McClinnis Network Administrator Provident Credit Union -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Thursday, July 10, 2003 7:19 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers It would help if you determined what was going to be public access (via DMZ or otherwise) and determine the needs of the applications there. The other option we've been talking about is AD Application Mode (ADAM) from Microsoft. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 8:59 AMTo: ActiveDir ([EMAIL PROTECTED])Subject: [ActiveDir] what to do with DMZ servers Please help: My company is currently migrating from an NT domain structure to AD... I have some questions regarding how some of you went about hooking in your DMZ web servers to AD securely... What DID YOU DO?!! What are the recommended best practices? The options we have discussed so far are: Option1: Join DMZ servers to AD
RE: [ActiveDir] what to do with DMZ servers
Title: Message Sorry for the confusionbut just for clarification...you are saying that you use a single forest (empty root) for all your domains including your DMZ/Internet? -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 6:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers Brian, We implemented an empty root design (we now have 6 other domains) but we planned this from the start knowing that our company will do acquisition and divestiture - leaving us in a position to easily move domains off of the structure. Our forest is very stable, very healthy, and it works well for us. Two additional domain controllers for the Root Domain - which left us with a solid base for the other child domains - was the total cost. Reasonable from a management perspective, knowing that we will add and remove domains. And, I do have a forest in our extranet. Plus, we are looking into MIIS (or, MMS 3.0 for us who have been working with the product for more than a month) to assist with SSO and to manage accounts in a push manner to our extranet forest. In addition, ADAM is beginning to play a part as some of the Applications that we use can use an LDAP service for Authentication / Authorization. Bottomline - it's all a matter of choice. You can make all kinds of decisions, but the best thing to do is not make one. I've seen more projects die because of analysis paralysis than any other single cause.Many timesimplementing a not perfectly 'optimal' implementation (but very workable and viable)is better than waiting until you have the best solution, only to find that the window was missed or confidence is in question. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Friday, July 11, 2003 3:32 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] what to do with DMZ servers I got used to being shocked and surprised at what happens here long ago J All I can do is try to make it better any way I can. Sadly without some serious firepower with an MS stamp of approval on it...it's an uphill battle. I can find a bazillion docs however that suggest people migrate their NT domains using the Empty root strategy...makes one wonder at times. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 9:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers Brian, A few hours of sleep to think further about this - you ask for case studies. I would have to believe, and am certain of at least one - that SANS Institute is going to be able to provide this for you off of their site. We have a subscription and I can't say at the moment if this is pay or free (suspect pay - it usually is when you really need it...) but I just can't imagine what would posses someone to believe that what they are proposing is even remotely acceptable in any environment in today's computing world. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Thursday, July 10, 2003 11:55 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] what to do with DMZ servers Have the exact same situation here. We currently have a separate NT domain (for a security boundary) for our INET machines. These machines exist on a DMZ...and run public internet sites that connect to a SQL backend inside our network. An ISA server provides the firewall and proxy services. Im currently having a fight with the operations staff on design. They want to do the Empty Root/two subdomain model (because they read a lot of useless MOC Courseware books). I can personally see very little benefit to consolidating these two separate domains into one forest. They see no logic in having a separate forest/separate domain for the Internet systems. Nothing short of a case study will sway them I believeany decent documents comparing the two? Or frankly..any documents that recommend a separate forest for your internet systems as a security boundary? -Original Message- From: Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:29 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers I have a question... (Assuming that the Servers in the DMZ are already away from the in-house domain) If before the upgrade none of the servers needed AD or access to your in-house domain, why would you want them to have it after the upgrade? J Just thinking semi-logically... Thanks, Raymond McClinnis Network Administrator Provident Credit Union -Original Message- From: [EMAIL
[ActiveDir] Quick AD integrated DNS question :)
Title: Message When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Wow really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
Re: [ActiveDir] OT: Tivoli
Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Tivoli
Title: OT: Tivoli FaqShop.com also has some cooperation with the Tivoli folks to republish material, and add FAQ type of answers. www.faqshop.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Duncan, LarrySent: Monday, July 14, 2003 11:54 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: Tivoli As much as I hate to further the cause: http://publib-b.boulder.ibm.com/Redbooks.nsf/portals/TivoliCustom1 -Original Message-From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:38 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] OT: Tivoli Any of you folks know of a good list (or would that be a "support group"?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch
RE: [ActiveDir] OT: Tivoli
But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Thats really what I am talking about - - same site too much chatter. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: [ActiveDir] OT: Tivoli
I've talked with folks over the years who have tried to implement Tivoli 100%. 100% doesn't seem attainable. Tivoli implementations generally last 2-4 years before they give up and find another product. There's quite a bit of development involved in getting it to work in each environment, which usually means bringing in Tivoli consultants at $250-500 per hour. Tivoli tends to infest companies where SMS is already installed and running, so there are quite a few horror stories from SMS Admins. I'd suggest doing a search on the SMS list for 'Tivoli'. http://www.topica.com/lists/mssms/read -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Monday, July 14, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli It's funny you ask that question. We are in the midst of figuring out what the cost will be to implement/maintain Tivoli for monitoring/software distribution/inventory. How much of an increase in staff is necessary? Completely off topic, I know. Just curious if anyone can share there success/horror stories on implementing Tivoli. What size shop, what did it cost, how much of an increase in staff? Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Monday, July 14, 2003 11:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] what to do with DMZ servers
Title: Message No - we have a completely separate forest for the Extranet. Pardon for any confusion. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 7:45 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers Sorry for the confusionbut just for clarification...you are saying that you use a single forest (empty root) for all your domains including your DMZ/Internet? -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 6:33 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] what to do with DMZ servers Brian, We implemented an empty root design (we now have 6 other domains) but we planned this from the start knowing that our company will do acquisition and divestiture - leaving us in a position to easily move domains off of the structure. Our forest is very stable, very healthy, and it works well for us. Two additional domain controllers for the Root Domain - which left us with a solid base for the other child domains - was the total cost. Reasonable from a management perspective, knowing that we will add and remove domains. And, I do have a forest in our extranet. Plus, we are looking into MIIS (or, MMS 3.0 for us who have been working with the product for more than a month) to assist with SSO and to manage accounts in a push manner to our extranet forest. In addition, ADAM is beginning to play a part as some of the Applications that we use can use an LDAP service for Authentication / Authorization. Bottomline - it's all a matter of choice. You can make all kinds of decisions, but the best thing to do is not make one. I've seen more projects die because of analysis paralysis than any other single cause.Many timesimplementing a not perfectly 'optimal' implementation (but very workable and viable)is better than waiting until you have the best solution, only to find that the window was missed or confidence is in question. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Friday, July 11, 2003 3:32 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers I got used to being shocked and surprised at what happens here long ago J All I can do is try to make it better any way I can. Sadly without some serious firepower with an MS stamp of approval on it...it's an uphill battle. I can find a bazillion docs however that suggest people migrate their NT domains using the Empty root strategy...makes one wonder at times. -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 9:10 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] what to do with DMZ servers Brian, A few hours of sleep to think further about this - you ask for case studies. I would have to believe, and am certain of at least one - that SANS Institute is going to be able to provide this for you off of their site. We have a subscription and I can't say at the moment if this is pay or free (suspect pay - it usually is when you really need it...) but I just can't imagine what would posses someone to believe that what they are proposing is even remotely acceptable in any environment in today's computing world. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Thursday, July 10, 2003 11:55 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] what to do with DMZ servers Have the exact same situation here. We currently have a separate NT domain (for a security boundary) for our INET machines. These machines exist on a DMZ...and run public internet sites that connect to a SQL backend inside our network. An ISA server provides the firewall and proxy services. Im currently having a fight with the operations staff on design. They want to do the Empty Root/two subdomain model (because they read a lot of useless MOC Courseware books). I can personally see very little benefit to consolidating these two separate domains into one forest. They see no logic in having a separate forest/separate domain for the Internet systems. Nothing short of a case study will sway them I believeany decent documents comparing the two? Or frankly..any documents that recommend a separate forest for your internet systems as a security boundary? -Original Message-From: Raymond McClinnis [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:29 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] what to do with DMZ servers
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Monday, July 14, 2003 10:28 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message To date, the only issues which I am experiencing are related to the cache on my primary DNS server corrupting. Other than that, its been rock solid. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:23 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Monday, July 14, 2003 10:28 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Well say we are talking perhaps 20 remote offices of a hundred or so systems per office. Isnt the DNS information replicated anyway to all DCs within AD even if the DC isn't a DNS Server? Or am I missing something? -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, July 14, 2003 10:28 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] what to do with DMZ servers
Title: Message That's ok...Its what I thought you said. I just wanted to make sure I was reading it correctly. Thanks! -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers No - we have a completely separate forest for the Extranet. Pardon for any confusion. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 7:45 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] what to do with DMZ servers Sorry for the confusionbut just for clarification...you are saying that you use a single forest (empty root) for all your domains including your DMZ/Internet? -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 6:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers Brian, We implemented an empty root design (we now have 6 other domains) but we planned this from the start knowing that our company will do acquisition and divestiture - leaving us in a position to easily move domains off of the structure. Our forest is very stable, very healthy, and it works well for us. Two additional domain controllers for the Root Domain - which left us with a solid base for the other child domains - was the total cost. Reasonable from a management perspective, knowing that we will add and remove domains. And, I do have a forest in our extranet. Plus, we are looking into MIIS (or, MMS 3.0 for us who have been working with the product for more than a month) to assist with SSO and to manage accounts in a push manner to our extranet forest. In addition, ADAM is beginning to play a part as some of the Applications that we use can use an LDAP service for Authentication / Authorization. Bottomline - it's all a matter of choice. You can make all kinds of decisions, but the best thing to do is not make one. I've seen more projects die because of analysis paralysis than any other single cause.Many timesimplementing a not perfectly 'optimal' implementation (but very workable and viable)is better than waiting until you have the best solution, only to find that the window was missed or confidence is in question. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Friday, July 11, 2003 3:32 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] what to do with DMZ servers I got used to being shocked and surprised at what happens here long ago J All I can do is try to make it better any way I can. Sadly without some serious firepower with an MS stamp of approval on it...it's an uphill battle. I can find a bazillion docs however that suggest people migrate their NT domains using the Empty root strategy...makes one wonder at times. -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 9:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] what to do with DMZ servers Brian, A few hours of sleep to think further about this - you ask for case studies. I would have to believe, and am certain of at least one - that SANS Institute is going to be able to provide this for you off of their site. We have a subscription and I can't say at the moment if this is pay or free (suspect pay - it usually is when you really need it...) but I just can't imagine what would posses someone to believe that what they are proposing is even remotely acceptable in any environment in today's computing world. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Thursday, July 10, 2003 11:55 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] what to do with DMZ servers Have the exact same situation here. We currently have a separate NT domain (for a security boundary) for our INET machines. These machines exist on a DMZ...and run public internet sites that connect to a SQL backend inside our network. An ISA server provides the firewall and proxy services. Im currently having a fight with the operations staff on design. They want to do the Empty Root/two subdomain model (because they read a lot of useless MOC Courseware books). I can personally see very little benefit to consolidating these two separate domains into one forest. They see no logic in having a separate forest/separate domain for the Internet systems. Nothing short of a case study will sway them I believeany decent documents comparing the
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message We only run 2 DC's per site, except for those sites where we have a root DC as well. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:11 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) That's really what I am talking about - - same site too much chatter. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Nevermind..I found some MASSIVE nt4 - 2k3 document that seems to cover it. Man that's alotta reading :/ -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED]] Sent: Monday, July 14, 2003 2:54 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] OT: Tivoli
Tivoli today is not nearly as horrible on the Windows Server Platform as it may have been before. Reference the following article...starting at about paragraph 7: http://www.informationweek.com/story/showArticle.jhtml?articleID=6502661 IBM's IBM Tivoli Monitoring products are nearly completely based on WMI. ITM seems to provide flexibility and capability to effectively monitor one's windows server platform w/o wanting to take a shot at the developers for making your life Hell. I am an admitted convert. I'm certainly not saying that Tivoli is the best [I don't know who is.]. ITM does have its limitations and issues. I am saying that the Tivoli products needed to monitor a Windows Server infrastructure are 'today' should not be the resource drain that it may have been in the past...providing you leave the past in the past...don't bring that stuff (--being kind) over to the new and improved Tivoli... One could even simply attribute this notion to the fact that ITM, again is almost completely based on WMI (Windows Management Instrumentation). Any one directly leveraging WMI is quite aware of the capabilities... especially on W2k/W2k3 boxes. From a 'single product' standpoint, you won't go wrong with selecting MOM, AppManager, or Tivoli. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Rod Trent| | | [EMAIL PROTECTED] | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 12:52 PM| | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] OT: Tivoli | --| But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ:
RE: [ActiveDir] OT: Tivoli
Title: RE: [ActiveDir] OT: Tivoli Funny...we heard nearly the exact same comments about JD Edwards Wasn't true of course...but the comments were the same :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 14, 2003 3:39 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli Tivoli today is not nearly as horrible on the Windows Server Platform as it may have been before. Reference the following article...starting at about paragraph 7: http://www.informationweek.com/story/showArticle.jhtml?articleID=6502661 IBM's IBM Tivoli Monitoring products are nearly completely based on WMI. ITM seems to provide flexibility and capability to effectively monitor one's windows server platform w/o wanting to take a shot at the developers for making your life Hell. I am an admitted convert. I'm certainly not saying that Tivoli is the best [I don't know who is.]. ITM does have its limitations and issues. I am saying that the Tivoli products needed to monitor a Windows Server infrastructure are 'today' should not be the resource drain that it may have been in the past...providing you leave the past in the past...don't bring that stuff (--being kind) over to the new and improved Tivoli... One could even simply attribute this notion to the fact that ITM, again is almost completely based on WMI (Windows Management Instrumentation). Any one directly leveraging WMI is quite aware of the capabilities... especially on W2k/W2k3 boxes. From a 'single product' standpoint, you won't go wrong with selecting MOM, AppManager, or Tivoli. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Rod Trent | | | [EMAIL PROTECTED] | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 07/14/2003 12:52 PM | | | Please respond to | | | ActiveDir | | | | |-+-- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] OT: Tivoli | --| But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr | | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 07/14/2003 11:38 AM | | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? winmail.dat
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I'd expect it to be minimal, although I don't have a lot of emperical data to prove it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] OT: Tivoli
There's still that question of cost. Not just product price (which is generally out of sight), but the cost of training, additional hardware resources, consultants, IBM's insistence on implementing their other add-ons, and IBM's ultimate plan of selling their services so IT can be outsourced. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 3:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli Tivoli today is not nearly as horrible on the Windows Server Platform as it may have been before. Reference the following article...starting at about paragraph 7: http://www.informationweek.com/story/showArticle.jhtml?articleID=6502661 IBM's IBM Tivoli Monitoring products are nearly completely based on WMI. ITM seems to provide flexibility and capability to effectively monitor one's windows server platform w/o wanting to take a shot at the developers for making your life Hell. I am an admitted convert. I'm certainly not saying that Tivoli is the best [I don't know who is.]. ITM does have its limitations and issues. I am saying that the Tivoli products needed to monitor a Windows Server infrastructure are 'today' should not be the resource drain that it may have been in the past...providing you leave the past in the past...don't bring that stuff (--being kind) over to the new and improved Tivoli... One could even simply attribute this notion to the fact that ITM, again is almost completely based on WMI (Windows Management Instrumentation). Any one directly leveraging WMI is quite aware of the capabilities... especially on W2k/W2k3 boxes. From a 'single product' standpoint, you won't go wrong with selecting MOM, AppManager, or Tivoli. Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Rod Trent| | | [EMAIL PROTECTED] | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 12:52 PM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] OT: Tivoli | --- ---| But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
[ActiveDir] question about dns.exe in w2k/sp4
Hi All: Our DNS guy has a concern (minor?) about a previous fix being in the latest dns.exe rolled into W2K/SP4. I don't want to take the chance of using an expensive trouble ticket to allay his concern. Is there a specific discussion group he might ask his question or is this one appropriate? Thanks for any direction/redirection! Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO Software Installation
Does anyone have any good references on how to develop packages to install through a GPO? I am currently doing some research on Technet. Thanks Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Would think it would decrease traffic in the long run because of users at that end on the WAN pipe can retrieve locally cached lookups. Shawn -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:20 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I'd expect it to be minimal, although I don't have a lot of emperical data to prove it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: OT: [ActiveDir] question about dns.exe in w2k/sp4
We just installed SP4 on a DC because of two previous DNS issues we were having. It did indeed fix Q811314 Q329258. The version in SP4 is 5.00.2195.6715 which is newer than both the previous hotfix version. -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:43 PM To: Active Directory Mailing List (E-mail) Cc: Finkel, Barry S. Subject: [ActiveDir] question about dns.exe in w2k/sp4 Hi All: Our DNS guy has a concern (minor?) about a previous fix being in the latest dns.exe rolled into W2K/SP4. I don't want to take the chance of using an expensive trouble ticket to allay his concern. Is there a specific discussion group he might ask his question or is this one appropriate? Thanks for any direction/redirection! Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message All the zone data is replicated with the domain (unless you're using application partitions in WS2K3), so there is nothing "extra". Traffic depends on if youstore client A and PTR records. If you do, the replication traffic can be substantial depending on lease times, scavenging periods and such. -gil -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:26 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] GPO Software Installation
Unless you want to mess around with .Zap files, GPO needs MSI (Windows Installer) installations. You can use Wise Solutions or InstallShield to generate MSI's for apps that don't already conform to this standard. But, most apps already come in MSI format. You just need to know the proper command-line switches to deploy through GPO with options. www.wise.com www.installshield.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Monday, July 14, 2003 4:23 PM To: ActiveDir (E-mail) Subject: [ActiveDir] GPO Software Installation Does anyone have any good references on how to develop packages to install through a GPO? I am currently doing some research on Technet. Thanks Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Nah..you didn't miss anything..he was just being a D1ck J Thanks for the info! -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:50 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message One question on that. Dealing with the GC-Less sites. I know that Exchange2k relies heavily on GCs during their day to day processes. Would perhaps E2k3 be more suited to this environment than E2k? Or has this reliance on a local GC followed on to E2k3 Heh..I guess this kinda wandered off on an even broader tangent eh? Server consolidation is a hot topic as of late, if at all possible, NOT putting an Exchange site and GC and DC and DNS server at each location would be a large plus J -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:50 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either
RE: [ActiveDir] OT: Tivoli
That's consistent with my experience as well. Consulting $$$ often get out of control, and complete implementation is rarely achieved. A statistic I recall from last year was that approx 30% of all Tivoli sales concluded with a successful deployment within the first year. 70%... didn't -gil -Original Message- From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli I've talked with folks over the years who have tried to implement Tivoli 100%. 100% doesn't seem attainable. Tivoli implementations generally last 2-4 years before they give up and find another product. There's quite a bit of development involved in getting it to work in each environment, which usually means bringing in Tivoli consultants at $250-500 per hour. Tivoli tends to infest companies where SMS is already installed and running, so there are quite a few horror stories from SMS Admins. I'd suggest doing a search on the SMS list for 'Tivoli'. http://www.topica.com/lists/mssms/read -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Monday, July 14, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli It's funny you ask that question. We are in the midst of figuring out what the cost will be to implement/maintain Tivoli for monitoring/software distribution/inventory. How much of an increase in staff is necessary? Completely off topic, I know. Just curious if anyone can share there success/horror stories on implementing Tivoli. What size shop, what did it cost, how much of an increase in staff? Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rod Trent Sent: Monday, July 14, 2003 11:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Tivoli But, at what cost? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Tivoli Here ya' go. You will probably enjoy managing with Tivoli's current products. I'm monitoring our entire W2k3/AD lab environment with Tivoli. I think they've gotten it right this time (with customization). http://publib-b.boulder.ibm.com/Redbooks.nsf/Portals/TivoliTME10MailingList Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com |-+-- | | Bjelke John A Contr| | | AFRL/VSIO | | | [EMAIL PROTECTED]| | | f.mil | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 07/14/2003 11:38 AM| | | Please respond to | | | ActiveDir | | | | |-+-- --- ---| | | | To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] | | cc: | | Subject: [ActiveDir] OT: Tivoli | --- ---| Any of you folks know of a good list (or would that be a support group?) for Tivoli? John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] C8H10N4O2 Philosophy! Empty thinking by ignorant conceited men who think they can digest without eating! -Iris Murdoch List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Printer Script
Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Printer Script
There is one on the Microsoft site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/printing/ScrPrn01.asp . You can configure this to run from a group policy. Tim Hines, MCSA, MCSE (2000 NT4) MVP - Active Directory - Original Message - From: Richard Sumilang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 14, 2003 6:42 PM Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Software Installation
There are a few articles on the Win2k site. I've pasted the links below. http://www.microsoft.com/windows2000/techinfo/howitworks/management/apdplymgt.asp http://www.microsoft.com/windows2000/techinfo/planning/management/swinstall.asp http://www.microsoft.com/windows2000/techinfo/planning/management/veritas.asp Tim Hines, MCSA, MCSE (2000 NT4) MVP - Active Directory - Original Message - From: Salandra, Justin A. [EMAIL PROTECTED] To: ActiveDir (E-mail) [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:23 PM Subject: [ActiveDir] GPO Software Installation Does anyone have any good references on how to develop packages to install through a GPO? I am currently doing some research on Technet. Thanks Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires
RE: [ActiveDir] Printer Script
This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in "holy crap" or "Damn where did that come from" or "Wow...I completely missed that" Incredulous? Lolyou need to lay off the coffee J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated
RE: [ActiveDir] Quick AD integrated DNS question :)
Coffee? How did you know? My reputation preceded me again :) In any case, I went back and read my original post. Flippant? maybe. Snotty, definitely not. As to Gil taking umbrage at it... I still don't get it. Make that double espresso, please. No milk. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 4:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in holy crap or Damn where did that come from or Wow...I completely missed that Incredulous? Lolyou need to lay off the coffee :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Deji, I took the comment: "Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. " as being snotty, and it seems that wasn't intended. Mea culpa (Latin for "my bad"). My comment re: DC-less sites was to distinguish between "GC-less sites", which we've had since RC3 and "GC-less logon", which is new in WS2k3. They are diffeent, which was my point. -g -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:36 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say "Woah" Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos "Woah", not mine. Don't you think? As for "Site coverage" in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil KirkpatrickSent: Mon 7/14/2003 2:49 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I didn't take it as snotty towards myself, but towards another list member (Brian in this case). As I said before, my bad. And I think we've used up enough bits on this topic. Agreed? -g -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:01 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Coffee? How did you know? My reputation preceded me again :) In any case, I went back and read my original post. Flippant? maybe. Snotty, definitely not. As to Gil taking umbrage at it... I still don't get it. Make that double espresso, please. No milk. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 4:34 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in "holy crap" or "Damn where did that come from" or "Wow...I completely missed that" Incredulous? Lolyou need to lay off the coffee J -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say "Woah" Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos "Woah", not mine. Don't you think? As for "Site coverage" in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil KirkpatrickSent: Mon 7/14/2003 2:49 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS
RE: [ActiveDir] Quick AD integrated DNS question :)
Deji, I might suggest that the attempt at levity include liberal smiley faces in the future. Gil got the jump before I did, because, given your posts in the past - this one seemed quite out of character. I really wasn't sure if you were having a bad day or if Brian had just really 'hit the wrong nerve'. And, he was asking ME to Woa, so if anyone should be offended, it should be me (and, I wasn't). Personally, I think that this is about enough of this thread. Not constructive. Let's move on. 'Nuff said. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 6:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS
Re: [ActiveDir] Printer Script
I tried that and it didn't work. I took it out of the bat file and tried it manually and I got this error... - C:\Documents and SettingsSet WshNetwork = CreateObject(WScript.Network) C:\Documents and Settings\WshNetwork.AddWindowsPrinterConnection \\AnotherComputer-27\HPLaserJ 'WshNetwork.AddWindowsPrinterConnection' is not recognized as an internal or external command, operable program or batch file.��� C:\Documents and Settings\_ - This is how my bat file looks like - net use Q: \\Server\Shared Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\ AnotherComputer-27\HPLaserJ WshNetwork.SetDefaultPrinter \\ AnotherComputer-27\HPLaserJ Set WshNetwork = Nothing - I am running Windows 2000 Server and all clients are Windows 2000 Pro. Thanks - Richard S. On Monday, July 14, 2003, at 04:38 PM, [EMAIL PROTECTED] wrote: This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Printer Script
Save it as .vbs -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Printer Script I tried that and it didn't work. I took it out of the bat file and tried it manually and I got this error... - C:\Documents and SettingsSet WshNetwork = CreateObject(WScript.Network) C:\Documents and Settings\WshNetwork.AddWindowsPrinterConnection \\AnotherComputer-27\HPLaserJ 'WshNetwork.AddWindowsPrinterConnection' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\_ - This is how my bat file looks like - net use Q: \\Server\Shared Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\ AnotherComputer-27\HPLaserJ WshNetwork.SetDefaultPrinter \\ AnotherComputer-27\HPLaserJ Set WshNetwork = Nothing - I am running Windows 2000 Server and all clients are Windows 2000 Pro. Thanks - Richard S. On Monday, July 14, 2003, at 04:38 PM, [EMAIL PROTECTED] wrote: This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Hey Deji, slap a smiley face on that post or a disclaimer about sarcasm and email not mixing like beer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It adds an attribute or two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? attachment: winmail.dat
RE: [ActiveDir] Printer Script
Bingo! ;-) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Schlegel Sent: Monday, July 14, 2003 8:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Printer Script Save it as .vbs -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Printer Script I tried that and it didn't work. I took it out of the bat file and tried it manually and I got this error... - C:\Documents and SettingsSet WshNetwork = CreateObject(WScript.Network) C:\Documents and Settings\WshNetwork.AddWindowsPrinterConnection \\AnotherComputer-27\HPLaserJ 'WshNetwork.AddWindowsPrinterConnection' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\_ - This is how my bat file looks like - net use Q: \\Server\Shared Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\ AnotherComputer-27\HPLaserJ WshNetwork.SetDefaultPrinter \\ AnotherComputer-27\HPLaserJ Set WshNetwork = Nothing - I am running Windows 2000 Server and all clients are Windows 2000 Pro. Thanks - Richard S. On Monday, July 14, 2003, at 04:38 PM, [EMAIL PROTECTED] wrote: This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message No sweatI apologize for my comments as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 8:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Coffee? How did you know? My reputation preceded me again :) In any case, I went back and read my original post. Flippant? maybe. Snotty, definitely not. As to Gil taking umbrage at it... I still don't get it. Make that double espresso, please. No milk. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 4:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in holy crap or Damn where did that come from or Wow...I completely missed that Incredulous? Lolyou need to lay off the coffee J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Good info there...answered one of a number of questions I also had...although you did add a few more. J -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Hey Deji, slap a smiley face on that postor a disclaimer about sarcasm and email not mixing likebeer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It addsan attributeor two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
RE: [ActiveDir] Printer Script
You need to put that in a .vbs file, not a .bat or .cmd file It's a vbscript. Just copy the exact text I sent. Paste it into Notepad, modify it to reflect the name of your print server and printer. Save it as printmapper.vbs and put it in the same location where you currently have your login scripts. Then, edit your login script. At the top, just after the Echo off line - if you have that - add the following line: call printmapper.vbs Save your loginscript file. Now run it. It should work. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 6:17 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Printer Script I tried that and it didn't work. I took it out of the bat file and tried it manually and I got this error... - C:\Documents and SettingsSet WshNetwork = CreateObject(WScript.Network) C:\Documents and Settings\WshNetwork.AddWindowsPrinterConnection \\AnotherComputer-27\HPLaserJ 'WshNetwork.AddWindowsPrinterConnection' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\_ - This is how my bat file looks like - net use Q: \\Server\Shared Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\ AnotherComputer-27\HPLaserJ WshNetwork.SetDefaultPrinter \\ AnotherComputer-27\HPLaserJ Set WshNetwork = Nothing - I am running Windows 2000 Server and all clients are Windows 2000 Pro. Thanks - Richard S. On Monday, July 14, 2003, at 04:38 PM, [EMAIL PROTECTED] wrote: This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
Re: [ActiveDir] Printer Script
If I save it as a .vbs how can I have a login script and visual basic script run during login? On Monday, July 14, 2003, at 06:42 PM, Rick Kingslan wrote: Bingo! ;-) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Schlegel Sent: Monday, July 14, 2003 8:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Printer Script Save it as .vbs -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Printer Script I tried that and it didn't work. I took it out of the bat file and tried it manually and I got this error... --- - - C:\Documents and SettingsSet WshNetwork = CreateObject(WScript.Network) C:\Documents and Settings\WshNetwork.AddWindowsPrinterConnection \\AnotherComputer-27\HPLaserJ 'WshNetwork.AddWindowsPrinterConnection' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\_ --- - - This is how my bat file looks like --- - - net use Q: \\Server\Shared Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\ AnotherComputer-27\HPLaserJ WshNetwork.SetDefaultPrinter \\ AnotherComputer-27\HPLaserJ Set WshNetwork = Nothing --- - - I am running Windows 2000 Server and all clients are Windows 2000 Pro. Thanks - Richard S. On Monday, July 14, 2003, at 04:38 PM, [EMAIL PROTECTED] wrote: This should work: Set WshNetwork = CreateObject(WScript.Network) WshNetwork.AddWindowsPrinterConnection \\YourPrintServer\PrinterName WshNetwork.SetDefaultPrinter \\YourPrintServer\PrinterName Set WshNetwork = Nothing If you put that in a login script. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Richard Sumilang Sent: Mon 7/14/2003 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Printer Script Has anyone wrote a script to connect a user to a shared printer on the network when the log in? Is this possible? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
