RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Noah Eiger 








Ok. Let’s just say that was
scary-easy (i.e., deploying new machines). Thanks! Wow, if only real life could
run in RAM. 

 

Someone asked me to describe generally
what I was looking to do. I want to setup a test environment that contains:

2 DCs

1 Exchange box

1 database server

1+ XP Pro client

1+ W2k Pro client

 

This is really just to test GPOs, Exchange
functionality, etc. So, all of this (it seems) could be done in a virtual
network with access to the Internet via a virtual router/ISA box. 

 

The one thing that I can’t figure
out is that this client has a requirement to attach Mac OS X workstations to
the network. Macs obviously can’t run in the virtual environment. To
mimic the production environment, they need to be on the same subnet and so
should not hop through the virtual router. What would you suggest? This is
interaction with real network is what leaves me scratching my head a bit.

 

-- nme

 

 











Here’s
how I dupe virtual machines:

 

Create a
master image, sysprep it, shut it down.

Mark the vhd
as read-only

I then create
virtual hard disks with the “Differencing” option, using this
sysprepp’ed vhd as the base

I attach the new
virtual servers to these disks

 



 

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Roger Seielstad 
Just a SWAG, but AD Integrated secondaries would have the relatiely
undesirable effect of ballooning the DIT... At my former employer, we ran
something like 25-30 zones which were secondaried from the production side
of the business. That probably would have a more than noticable effect on
DIT size..


Roger Seielstad
E-mail Geek & MS-MVP  

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
> Sent: Friday, November 19, 2004 8:56 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> Because I have a couple of dozen remote DCs that serve DNS 
> for their locations. Our unix boxes are in a DNS zone that is 
> handled by bind/unix server. All of my DCs carry this zone as 
> a secondary.
> 
> This works fine, but it is a bit of a pain to maintain. I 
> have to remember to configure the zone on any new DCs, and I 
> have to have the unix guys add a "notify" line on the bind 
> server for the new DCs (OK, I don't HAVE to do the notify 
> part...). Plus, replication of the zone is handled by DNS 
> instead of the much more efficient AD replication.
> 
> Ever since laying eyes on w2k3 DNS server, I've always 
> wondered why the developers didn't allow for integrated 
> secondaries. Don't get me wrong, integrated stubs are great, 
> but between the two, I'd have thought integrated secondaries 
> would have been the more desirable. I just assumed I was 
> missing some technical reason that made it unfeasible.
> 
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Friday, November 19, 2004 11:13 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> 
> Because when it's integrated, there is no concept of 
> "secondaries" as we understood it to be in pre-2Kx world. 
> It's there in AD, and any DC can see and write to it. Now, if 
> you are secondarying the zones on another server located in 
> another forest/network, why would you want to store that info 
> in your own AD. You will not be modifying that zone locally 
> on the secondary anyway. Or, are you intending to?
>  
>  
> Sincerely,
> 
> Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were 
> worried about Yesterday?  -anon
> 
> 
> 
> From: [EMAIL PROTECTED] on behalf of Ken Cornetet
> Sent: Fri 11/19/2004 6:56 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> 
> 
> OK, integrated stub zones are cool, but I'm curious - why did 
> MS stop there? Why no integrated secondaries?
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Brian Desmond 



Well you can fully automate sysprep - I just have it setup to prompt me for the computer name & domain info - everything else is in the inf in the master image.
 
You know the speal about what MS is going to say if you don't use sysprep. 
 

--Brian Desmond[EMAIL PROTECTED]Payton on the web! www.wpcp.org v - 773.534.0034 x135f - 773.534.8101


From: [EMAIL PROTECTED]Sent: Fri 11/19/2004 3:16 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Virtual Server 2005
I don't use sysprep. I just use newsid from sysinternals. Then I edit the
.vmc to reflect the new VS name/location. I'm that lazy.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Mulnick, Al
Sent: Fri 11/19/2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Virtual Server 2005


Networking outside the box is usually done by adding the virtual host to the
phys host network card.  The phys NIC acts as a router in this case and
everything is NAT'd off to the external network.
That's the same for letting the hosted OS access anything off the host server
whether internet or internal network.
 
Copying virtual hosts can be done that way.  I believe there are some tools
that make this easier, but that's the way I know of that makes the server
supportable.  PXE is another way to provision servers in there. Depends on
how you like to use it.  There are instances for copying the virtual servers
to another isolated network that can also be done that don't require sysprep
that would work well for testing environments.
 
For newsgroups, you might want to check yahoo newsgroups to see if one exists
there yet.  
 
Does that help?



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004 3:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual Server 2005



Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet demo copy and had
some questions. Documentation and support has been spotty (e.g., the
newsgroup is not up and running yet). Here are a few questions. Any thoughts
or pointers to web resources appreciated.

 

-  I can't seem to figure out how you would set up a virtual network
(using a virtual w2k3 server for dns, dhcp, etc.) and then route that out to
the Internet. I guess one would need a virtual router/gateway. I think the
virtual DHCP server does this.

-  Is it possible to setup a virtual network that could also interact
with other OS machines (e.g., Linux, MacOS X, etc.). I want to setup a
virtual Windows network but also allow other OS machines to access file and
directory services and Exchange.

-  How would you duplicate virtual machines? It seems that once you
have built a single W2k3 server and patched it, you could simply copy it and
then sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Bernard, Aric 








PXE can be leveraged in a number of ways,
however keep in mind that the VMs in VS2005 don’t have a BIOS that
supports PXE natively.  You can of course mount a bootable floppy disk with a
PXE image and drive the VM from there.  You could use RIS or ADS to deploy new
images to the VMs.  Microsoft’s VSMT leverages a combination of DHCP,
PXE, ADS and VS2005 to migrate physical machines to virtual.

 

There are no issues when running VS2005 on
a machine that is joined to a domain, nor are there any issues when the guest
systems (VMs) are joined to the domain.

 

In terms of the network configuration, if
you can clarify exactly what you want and don’t want the VMs to be able
to do, I am sure we can specify the proper configuration.

 

Aric

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004
1:21 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT:
Virtual Server 2005



 

Thanks all. I will play around with the
various methods of duplicating servers (Al, I assume by PXE you mean in combination
with RIS? Do you use a virtual RIS server?)

 

As for the networking portion, I find that
when I add a virtual host to a physical card, the virtual machine gets an
address from my “real” network. 

 

Also, are there issues with running the
host machine on a machine that is joined to a real domain?

 









From: Mulnick, Al
[mailto:[EMAIL PROTECTED] 
Sent: Friday, November 19, 2004
12:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT:
Virtual Server 2005



 

Networking outside the box is usually done
by adding the virtual host to the phys host network card.  The phys NIC
acts as a router in this case and everything is NAT'd off to the external
network.

That's the same for letting the hosted OS
access anything off the host server whether internet or internal network.

 

Copying virtual hosts can be done that
way.  I believe there are some tools that make this easier, but that's the
way I know of that makes the server supportable.  PXE is another way to
provision servers in there. Depends on how you like to use it.  There are
instances for copying the virtual servers to another isolated network that can
also be done that don't require sysprep that would work well for testing
environments.

 

For newsgroups, you might want to check
yahoo newsgroups to see if one exists there yet.  

 

Does that help?

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004
3:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual
Server 2005

Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet
demo copy and had some questions. Documentation and support has been spotty
(e.g., the newsgroup is not up and running yet). Here are a few questions. Any
thoughts or pointers to web resources appreciated.

 

- 
I can’t seem to figure out how you would set up a virtual network
(using a virtual w2k3 server for dns, dhcp, etc.) and then route that out to
the Internet. I guess one would need a virtual router/gateway. I think the
virtual DHCP server does this.

- 
Is it possible to setup a virtual network that could also interact with
other OS machines (e.g., Linux, MacOS X, etc.). I want to setup a virtual
Windows network but also allow other OS machines to access file and directory
services and Exchange.

- 
How would you duplicate virtual machines? It seems that once you have
built a single W2k3 server and patched it, you could simply copy it and then
sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Mulnick, Al 



RIS is just one way of doing it.  Any PXE system could 
be used I would imagine ;)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Noah 
EigerSent: Friday, November 19, 2004 4:21 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Virtual 
Server 2005


Thanks all. I will play 
around with the various methods of duplicating servers (Al, I assume by PXE you 
mean in combination with RIS? Do you use a virtual RIS 
server?)
 
As for the networking 
portion, I find that when I add a virtual host to a physical card, the virtual 
machine gets an address from my “real” network. 
 
Also, are there issues 
with running the host machine on a machine that is joined to a real 
domain?
 




From: Mulnick, 
Al [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 12:38 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Virtual Server 
2005
 
Networking outside the 
box is usually done by adding the virtual host to the phys host network 
card.  The phys NIC acts as a router in this case and everything is NAT'd 
off to the external network.
That's the same for 
letting the hosted OS access anything off the host server whether internet or 
internal network.
 
Copying virtual hosts 
can be done that way.  I believe there are some tools that make this 
easier, but that's the way I know of that makes the server supportable.  
PXE is another way to provision servers in there. Depends on how you like to use 
it.  There are instances for copying the virtual servers to another 
isolated network that can also be done that don't require sysprep that would 
work well for testing environments.
 
For newsgroups, you 
might want to check yahoo newsgroups to see if one exists there yet.  

 
Does that 
help?
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Noah 
EigerSent: Friday, November 
19, 2004 3:24 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT: Virtual Server 
2005
Hello:
 
Is anyone using Virtual Server 2005? 
I am running a TechNet demo copy and had some questions. Documentation and 
support has been spotty (e.g., the newsgroup is not up and running yet). Here 
are a few questions. Any thoughts or pointers to web resources 
appreciated.
 
-  
I can’t seem to figure out how you 
would set up a virtual network (using a virtual w2k3 server for dns, dhcp, etc.) 
and then route that out to the Internet. I guess one would need a virtual 
router/gateway. I think the virtual DHCP server does 
this.
-  
Is it possible to setup a virtual 
network that could also interact with other OS machines (e.g., Linux, MacOS X, 
etc.). I want to setup a virtual Windows network but also allow other OS 
machines to access file and directory services and 
Exchange.
-  
How would you duplicate virtual 
machines? It seems that once you have built a single W2k3 server and patched it, 
you could simply copy it and then sysprep it.
 
Any thoughts? 
Thanks.
 
-- nme
 

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Noah Eiger 








Thanks all. I will play around with the
various methods of duplicating servers (Al, I assume by PXE you mean in
combination with RIS? Do you use a virtual RIS server?)

 

As for the networking portion, I find that
when I add a virtual host to a physical card, the virtual machine gets an
address from my “real” network. 

 

Also, are there issues with running the
host machine on a machine that is joined to a real domain?

 









From: Mulnick, Al
[mailto:[EMAIL PROTECTED] 
Sent: Friday, November 19, 2004
12:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT:
Virtual Server 2005



 

Networking outside the box is usually done
by adding the virtual host to the phys host network card.  The phys NIC
acts as a router in this case and everything is NAT'd off to the external
network.

That's the same for letting the hosted OS
access anything off the host server whether internet or internal network.

 

Copying virtual hosts can be done that
way.  I believe there are some tools that make this easier, but that's the
way I know of that makes the server supportable.  PXE is another way to
provision servers in there. Depends on how you like to use it.  There are
instances for copying the virtual servers to another isolated network that can
also be done that don't require sysprep that would work well for testing
environments.

 

For newsgroups, you might want to check
yahoo newsgroups to see if one exists there yet.  

 

Does that help?

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004
3:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual
Server 2005

Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet
demo copy and had some questions. Documentation and support has been spotty
(e.g., the newsgroup is not up and running yet). Here are a few questions. Any
thoughts or pointers to web resources appreciated.

 

- 
I can’t seem to figure out how you would set up a virtual network
(using a virtual w2k3 server for dns, dhcp, etc.) and then route that out to
the Internet. I guess one would need a virtual router/gateway. I think the
virtual DHCP server does this.

- 
Is it possible to setup a virtual network that could also interact with
other OS machines (e.g., Linux, MacOS X, etc.). I want to setup a virtual
Windows network but also allow other OS machines to access file and directory
services and Exchange.

- 
How would you duplicate virtual machines? It seems that once you have
built a single W2k3 server and patched it, you could simply copy it and then
sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread deji 
I don't use sysprep. I just use newsid from sysinternals. Then I edit the
.vmc to reflect the new VS name/location. I'm that lazy.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Mulnick, Al
Sent: Fri 11/19/2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Virtual Server 2005


Networking outside the box is usually done by adding the virtual host to the
phys host network card.  The phys NIC acts as a router in this case and
everything is NAT'd off to the external network.
That's the same for letting the hosted OS access anything off the host server
whether internet or internal network.
 
Copying virtual hosts can be done that way.  I believe there are some tools
that make this easier, but that's the way I know of that makes the server
supportable.  PXE is another way to provision servers in there. Depends on
how you like to use it.  There are instances for copying the virtual servers
to another isolated network that can also be done that don't require sysprep
that would work well for testing environments.
 
For newsgroups, you might want to check yahoo newsgroups to see if one exists
there yet.  
 
Does that help?



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004 3:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual Server 2005



Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet demo copy and had
some questions. Documentation and support has been spotty (e.g., the
newsgroup is not up and running yet). Here are a few questions. Any thoughts
or pointers to web resources appreciated.

 

-  I can't seem to figure out how you would set up a virtual network
(using a virtual w2k3 server for dns, dhcp, etc.) and then route that out to
the Internet. I guess one would need a virtual router/gateway. I think the
virtual DHCP server does this.

-  Is it possible to setup a virtual network that could also interact
with other OS machines (e.g., Linux, MacOS X, etc.). I want to setup a
virtual Windows network but also allow other OS machines to access file and
directory services and Exchange.

-  How would you duplicate virtual machines? It seems that once you
have built a single W2k3 server and patched it, you could simply copy it and
then sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Mulnick, Al 



Networking outside the box is usually done by adding the 
virtual host to the phys host network card.  The phys NIC acts as a router 
in this case and everything is NAT'd off to the external 
network.
That's the same for letting the hosted OS access anything 
off the host server whether internet or internal network.
 
Copying virtual hosts can be done that way.  I believe 
there are some tools that make this easier, but that's the way I know of that 
makes the server supportable.  PXE is another way to provision servers in 
there. Depends on how you like to use it.  There are instances for copying 
the virtual servers to another isolated network that can also be done that don't 
require sysprep that would work well for testing 
environments.
 
For newsgroups, you might want to check yahoo newsgroups to 
see if one exists there yet.  
 
Does that help?


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Noah 
EigerSent: Friday, November 19, 2004 3:24 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] OT: Virtual Server 
2005


Hello:
 
Is anyone using Virtual Server 2005? 
I am running a TechNet demo copy and had some questions. Documentation and 
support has been spotty (e.g., the newsgroup is not up and running yet). Here 
are a few questions. Any thoughts or pointers to web resources 
appreciated.
 
-  
I can’t seem to figure out how you 
would set up a virtual network (using a virtual w2k3 server for dns, dhcp, etc.) 
and then route that out to the Internet. I guess one would need a virtual 
router/gateway. I think the virtual DHCP server does 
this.
-  
Is it possible to setup a virtual 
network that could also interact with other OS machines (e.g., Linux, MacOS X, 
etc.). I want to setup a virtual Windows network but also allow other OS 
machines to access file and directory services and 
Exchange.
-  
How would you duplicate virtual 
machines? It seems that once you have built a single W2k3 server and patched it, 
you could simply copy it and then sysprep it.
 
Any thoughts? 
Thanks.
 
-- nme
 

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Brian Desmond 








The newsgroup
is setup. Microsoft.public.virtualserver – it’s on msnews. I post there.

 

To connect a
virtual network to your LAN, you need to map it to a NIC in your PC. If your
thought process is to do NAT for a whole virtual network, you need to setup a
router server. I just have an image of a Win2k3 box with ISA04 installed that I
use for this purpose. You can have up to four NICs in a virtual server
connected to four different networks.

 

You can
connect any machine you want to a virtual network so long as it recognizes the
emulated NIC

 

Here’s
how I dupe virtual machines:

 

Create a
master image, sysprep it, shut it down.

Mark the vhd
as read-only

I then create
virtual hard disks with the “Differencing” option, using this
sysprepp’ed vhd as the base

I attach the
new virtual servers to these disks

 

What a
differencing disk does is only save the changes to the base file. You mark the
base read only because if the base is modified this will trickle up and all
your servers will be hosed.

 



Thanks.

 

--Brian
Desmond

[EMAIL PROTECTED]

Payton on the
web! www.wpcp.org

 

v - 773.534.0034 x135

f - 773.534.8101



 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004
2:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual
Server 2005



 

Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet
demo copy and had some questions. Documentation and support has been spotty
(e.g., the newsgroup is not up and running yet). Here are a few questions. Any
thoughts or pointers to web resources appreciated.

 

-   I
can’t seem to figure out how you would set up a virtual network (using a
virtual w2k3 server for dns, dhcp, etc.) and then route that out to the
Internet. I guess one would need a virtual router/gateway. I think the virtual
DHCP server does this.

-   Is it
possible to setup a virtual network that could also interact with other OS
machines (e.g., Linux, MacOS X, etc.). I want to setup a virtual Windows
network but also allow other OS machines to access file and directory services
and Exchange.

-   How would
you duplicate virtual machines? It seems that once you have built a single W2k3
server and patched it, you could simply copy it and then sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

RE: [ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Bernard, Aric 








An “internal” virtual network
can be configured to allow all Virtual hosts to communicate together without
interacting with other physical hosts on the VS2005 servers “real”
network.

VMs can be connected to the real network
of the VS2005 server allowing them to interact with all hosts on the “real”
network regardless of OS.

Duplicating virtual machines is as simple
as copying the disk file and then attaching the disk file to a new VM
configuration.  IN the case of a Windows based VM sysprep should be used to “clean-up”
the image.

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger
Sent: Friday, November 19, 2004
12:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Virtual
Server 2005



 

Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet
demo copy and had some questions. Documentation and support has been spotty
(e.g., the newsgroup is not up and running yet). Here are a few questions. Any
thoughts or pointers to web resources appreciated.

 

- 
I can’t seem to figure out how
you would set up a virtual network (using a virtual w2k3 server for dns, dhcp,
etc.) and then route that out to the Internet. I guess one would need a virtual
router/gateway. I think the virtual DHCP server does this.

- 
Is it possible to setup a virtual
network that could also interact with other OS machines (e.g., Linux, MacOS X,
etc.). I want to setup a virtual Windows network but also allow other OS
machines to access file and directory services and Exchange.

- 
How would you duplicate virtual
machines? It seems that once you have built a single W2k3 server and patched
it, you could simply copy it and then sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

[ActiveDir] OT: Virtual Server 2005

2004-11-19 Thread Noah Eiger 








Hello:

 

Is anyone using Virtual Server 2005? I am running a TechNet
demo copy and had some questions. Documentation and support has been spotty
(e.g., the newsgroup is not up and running yet). Here are a few questions. Any
thoughts or pointers to web resources appreciated.

 

- 
I can’t seem to figure out how
you would set up a virtual network (using a virtual w2k3 server for dns, dhcp,
etc.) and then route that out to the Internet. I guess one would need a virtual
router/gateway. I think the virtual DHCP server does this.

- 
Is it possible to setup a virtual
network that could also interact with other OS machines (e.g., Linux, MacOS X,
etc.). I want to setup a virtual Windows network but also allow other OS
machines to access file and directory services and Exchange.

- 
How would you duplicate virtual
machines? It seems that once you have built a single W2k3 server and patched
it, you could simply copy it and then sysprep it.

 

Any thoughts? Thanks.

 

-- nme

 

RE: [ActiveDir] Excahnge suggestion

2004-11-19 Thread Justin_Leney 
Return Receipt
   
   Your   RE: [ActiveDir] Excahnge suggestion  
   document:   
   
   wasJustin Leney/US/DCI  
   received
   by: 
   
   at:11/19/2004 03:15:04 PM   
   




List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Mulnick, Al 
 >>thus stubs self-learning, fault-tolerant replication, granular 
>>replication,
appreciative of rules (Sites, Subnets, Site-links etc.) Yeah, stubs are cool
and beautiful and all that. So, why are we still asking for AD-intg
secondaries if Stubs are good enough?

Why do we still want integrated zones?  Or even integrated secondary zones?
Because we want all records for a zone including CNAME, MX, etc.  

Stubs by defnition don't hold those records.  You would have to query the
server that holds the stub and that would forward the query on (much like a
caching server right?).  But you do get a read-only copy of the SOA, NS, and
A RR's which might take care of much of what you want to resolve for.  

Integrated zones are nice since they can be updated anywhere they live.
They can also suck because they can be updated anywhere they live.  All DC's
are authoritative (generally speaking of course). But darned if they aren't
convenient (security folks should likely jump out of their skin on that
statement ;)

Personally, I don't often see the benefit of integrated secondary zones.  I
can see the argument that, "hey, I already have a DNS host there and
wouldn't it be efficient to host a secondary there.  And gee, it sure was
easy to use the AD integrated replication so wouldn't it be cool if I could
do that too?" Makes sense on some levels.  But secondaries are pretty much
becoming obsolete in many uses.  Why put the effort into it?  Replicated
stubs could be great if I don't need those extra records. Forwarders would
be just as good in practice. Slightly more traffic could traverse the WAN,
but not likely enough to make a difference and sway the thinking IMHO. 

Fascinating conversation though.  I never fail to pick up some jewel of
information...

Oh yeah, the original question that started this landslide: "OK, integrated
stub zones are cool, but I'm curious - why did MS stop there? Why no
integrated secondaries?"  I suppose only Microsoft can really answer that,
although Dean's answer is likely the one you'll hear on any given day.
"Because" to paraphrase.


Al

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 1:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

>>Why is it not a good idea to store zone data in AD?
For the simple fact that I can use it as a vector to introduce malicious
contents into the secondarying AD.
>>Why not exploit a modern replication engine?
modern, legacy. Does it really matter which one we go through?
 
>>The admin. overhead to your approach seems high
I don't see the overhead, especially since I have now learnt that you could
AD-intg this and have it replicate to all participating servers. Everything
after that is simply normal DNS install/config. Even if I grant you that, I
still think that the fact that Cond-fwd (I made that up. tired of typing)
makes the server less overloaded (and therefore more responsive) than when
using Stubs balances this out.
I know I do not have to list all the advantages of cond-fwd for you - you
prolly wrote the specs on that, for all I know. However, in this disjointed
namespace scenario under discussion, I do not see how Stubs can achieve
superior results compared to cond-fwd.
 
>>thus stubs self-learning, fault-tolerant replication, granular 
>>replication,
appreciative of rules (Sites, Subnets, Site-links etc.) Yeah, stubs are cool
and beautiful and all that. So, why are we still asking for AD-intg
secondaries if Stubs are good enough?
 
And, yeah, I meant to say keys, not hives. As for exporting it instead of
AD-intg, my blinkers were foggy. I got used to the regular way of doing it,
and I've never had the need to do it another way. Now I know :(
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 10:13 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Much of your reply surprises me and reminds of past dealings with those
blinkered by the limitations of BIND ;-)  I really don't know where to begin
... conditional forwarding is a Q&D solution in my opinion (what does it
offer that stubs don't, there are some features but are they what motivate
your recommendation?).  In addition, why export the conditional forwarders,
why not AD integrate those as well (you also said "hive", I hope you mean
key:-)? 

The admin. overhead to your approach seems high, look for ways of allowing
the system to maintain these things for you ... thus stubs self-learning,
fault-tolerant replication, granular replication, appreciative of rules
(Sites, Subnets, Site-links etc.)

Why is it not a good idea to store

RE: [ActiveDir] AD and Exchange 5.5?

2004-11-19 Thread Jorge de Almeida Pinto 
you're welcome.

regards,
Jorge 

-Original Message-
From: vex
To: Jorge de Almeida Pinto
Sent: 11/18/2004 11:26 PM
Subject: Re: [ActiveDir] AD and Exchange 5.5?

Jorge de Almeida Pinto wrote:
> Hi,
>
> I just read your first mail again and I think I misread
it...
> Are you saying:
> * Creating an AD user account = OK
> * Creating an E55 mailbox for the user account = OK (the
mailbox has
> a the
> primary account the AD user)
> * E55 Mailbox information is NOT populated into the AD
user account
>
> If the latter is correct check the computer with the ADC
installed on
> for
> any errors


Yep, that's what it was, the ADC was broken... I sure wasn't
even thinking! Thanks for your assistance Jorge!




regards,
  --Brett

This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Dryden, Karen 
Title: Message



See if the mailbox got stamped with an address.  If 
it did, then the RUS did that.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Salandra, Justin A.Sent: Friday, November 19, 
  2004 12:14 PMTo: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Exchange 2003 - New mailboxes not created
  
      
  Recipient Update Server
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Jared 
  ManhatSent: Friday, November 
  19, 2004 9:56 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
  New mailboxes not created
   
  Whats 
  RUS?
   
  
  Jared 
  Manhat 
  Systems 
  Administrator 
  Accutest 
  Laboratories 
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Michael B. 
  SmithSent: Friday, November 
  19, 2004 9:36 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
  New mailboxes not created
   
  There 
  isn't a comprehensive list of sp1 fixes - but I recommend strongly you install 
  it, plus the recent OWA rollup that was released.
   
  So the 
  mailboxes NEVER show up? Or they are just delayed?
   
  If they 
  never show up - I'd check out my RUS configuration.
   
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Jared 
  ManhatSent: Friday, November 
  19, 2004 9:29 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
  mailboxes not createdImportance: High
  I 
  have an Exchange 2003 server running on Windows Server 2k3. I just noticed 
  Wednesday that if I create a new user 
  account in AD2k3 and give the user an Exchange mailbox, the mailbox does not 
  show up in the Exchange System Manager. Any ideas? I’ve never seen this 
  behavior before and I can find anything on 
  the web relating to it.
  I am not running Exchange 2k3 
  SP1, I didn’t install the SP 
  because I cant find a comprehensive list 
  of what they’ve changed.
  Thanks for the 
  help.
  Jared 
  Manhat
  Systems 
  Administrator
  Accutest 
  Laboratories

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Dean Wells 
I'll put this one down to a continued difference of opinion, appreciate your
input Deji.

-- 
Dean Wells 
MSEtechnology
* Email: [EMAIL PROTECTED] 
http://msetechnology.com 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 1:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

>>Why is it not a good idea to store zone data in AD?
For the simple fact that I can use it as a vector to introduce malicious
contents into the secondarying AD.
>>Why not exploit a modern replication engine?
modern, legacy. Does it really matter which one we go through?
 
>>The admin. overhead to your approach seems high
I don't see the overhead, especially since I have now learnt that you could
AD-intg this and have it replicate to all participating servers. Everything
after that is simply normal DNS install/config. Even if I grant you that, I
still think that the fact that Cond-fwd (I made that up. tired of typing)
makes the server less overloaded (and therefore more responsive) than when
using Stubs balances this out.
I know I do not have to list all the advantages of cond-fwd for you - you
prolly wrote the specs on that, for all I know. However, in this disjointed
namespace scenario under discussion, I do not see how Stubs can achieve
superior results compared to cond-fwd.
 
>>thus stubs self-learning, fault-tolerant replication, granular 
>>replication,
appreciative of rules (Sites, Subnets, Site-links etc.) Yeah, stubs are cool
and beautiful and all that. So, why are we still asking for AD-intg
secondaries if Stubs are good enough?
 
And, yeah, I meant to say keys, not hives. As for exporting it instead of
AD-intg, my blinkers were foggy. I got used to the regular way of doing it,
and I've never had the need to do it another way. Now I know :(
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 10:13 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Much of your reply surprises me and reminds of past dealings with those
blinkered by the limitations of BIND ;-)  I really don't know where to begin
... conditional forwarding is a Q&D solution in my opinion (what does it
offer that stubs don't, there are some features but are they what motivate
your recommendation?).  In addition, why export the conditional forwarders,
why not AD integrate those as well (you also said "hive", I hope you mean
key:-)? 

The admin. overhead to your approach seems high, look for ways of allowing
the system to maintain these things for you ... thus stubs self-learning,
fault-tolerant replication, granular replication, appreciative of rules
(Sites, Subnets, Site-links etc.)

Why is it not a good idea to store zone data in AD?  Why not exploit a
modern replication engine?


--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 12:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing
this, Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or
notify or such any more from then on.

When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.

Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.

I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.

[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion.

Sincer

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Dan DeStefano 
Thanks for your help.

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net  
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be 
privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any of the information contained within this communication. If you have 
received this communication in error, please contact the sender by telephone 
212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Renouf, Phil
Sent: Friday, November 19, 2004 1:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site


The best way to tackle stuff like this (as someone else mentioned as
well) is to sit down and gather the requirements in a very detailed
manner and then look at the possible solutions. Once you have the
absolute requirements (must haves, nice to haves, don't cares etc.) then
go through all the options and lay out the pros and cons of each, get a
price range for each (including bandwidth costs for setup and monthly)
and include that. Then you can bring that to the company and show that
either it's just not possible for their expected price range, or show
them that the cheaper they go the less functionality they will have.

That has the effect of showing tha you have done some serious
investigation and research and will hopefully mean that they question
your answers less and will focus them on making the decision of either
increasing the budget or living with less functionality than they
originally planned on.

Sorry if this is something you're already thinking of or something you
already know :)

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Friday, November 19, 2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site

Yeah, I figure that, but what I am being told is to find "the cheapest
way possible" to do this. This is not my decision as I believe that
disaster recovery is not something you want to go cheap on. However,
these are the parameters that come down from my superiors as frustrating
as it may be.

Thank you for your help. I am also looking into NSI Double Take; do you
have any experience with this product?

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net 
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be
privileged and is intended for the exclusive use of the above named
addressee(s). If you are not the intended recipient(s), you are
expressly prohibited from copying, distributing, disseminating, or in
any other way using any of the information contained within this
communication. If you have received this communication in error, please
contact the sender by telephone 212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Boza
Sent: Friday, November 19, 2004 11:06 AM
To: ActiveDir List
Subject: Re: [ActiveDir] Hot Spare Site


Dan,

In all honesty, you don't build hot site capability for $25K.

Using a replication service across WAN links is incredibly expensive
from a bandwidth perspective.  I mean, realistically, you can't even buy
a server and 50 workstations to put in the remote site for that money
(which you stated you expect to need to do), let alone begin the process
of replicating data.

For the kind of money you are talking about, realistically you are
looking at a warm server or two in your remote location, and shipping
backup tapes there in a regular basis, depending on how willing to lose
data your company is - if all the data up to the backup is required,
then you ship every day.
Buy all those folks that need to be able to be onsite laptops in the
next hardware refresh cycle they hit so they can bring their system with
them to plug in at the alternate site.

Immediate failover capabilities easily gets into the million dollar plus
range.  I've designed these solutions for clients in the past and have
on more than one occasion been asked to do so only to have others choke
when we start discussing what the costs would be.  The desired SLA is
almost always in direct opposition to the budget (some sort of theorem
there, I think).

Rick


On 11/19/04 9:45 AM, "Dan DeStefano" <[EMAIL PROTECTED]> wrote:

> There is definitely a hirearchy of importance for users. The site 
> would likely need to physically host like 50 or so workstations and 
> all the remaining

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
>>Why is it not a good idea to store zone data in AD?
For the simple fact that I can use it as a vector to introduce malicious
contents into the secondarying AD.
>>Why not exploit a modern replication engine?
modern, legacy. Does it really matter which one we go through?
 
>>The admin. overhead to your approach seems high
I don't see the overhead, especially since I have now learnt that you could
AD-intg this and have it replicate to all participating servers. Everything
after that is simply normal DNS install/config. Even if I grant you that, I
still think that the fact that Cond-fwd (I made that up. tired of typing)
makes the server less overloaded (and therefore more responsive) than when
using Stubs balances this out.
I know I do not have to list all the advantages of cond-fwd for you - you
prolly wrote the specs on that, for all I know. However, in this disjointed
namespace scenario under discussion, I do not see how Stubs can achieve
superior results compared to cond-fwd.
 
>>thus stubs self-learning, fault-tolerant replication, granular replication,
appreciative of rules (Sites, Subnets, Site-links etc.)
Yeah, stubs are cool and beautiful and all that. So, why are we still asking
for AD-intg secondaries if Stubs are good enough?
 
And, yeah, I meant to say keys, not hives. As for exporting it instead of
AD-intg, my blinkers were foggy. I got used to the regular way of doing it,
and I've never had the need to do it another way. Now I know :(
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 10:13 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Much of your reply surprises me and reminds of past dealings with those
blinkered by the limitations of BIND ;-)  I really don't know where to begin
... conditional forwarding is a Q&D solution in my opinion (what does it
offer that stubs don't, there are some features but are they what motivate
your recommendation?).  In addition, why export the conditional forwarders,
why not AD integrate those as well (you also said "hive", I hope you mean
key:-)? 

The admin. overhead to your approach seems high, look for ways of allowing
the system to maintain these things for you ... thus stubs self-learning,
fault-tolerant replication, granular replication, appreciative of rules
(Sites, Subnets, Site-links etc.)

Why is it not a good idea to store zone data in AD?  Why not exploit a
modern replication engine?


--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 12:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing
this, Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or
notify or such any more from then on.

When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.

Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.

I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.

[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion.

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Renouf, Phil 
The best way to tackle stuff like this (as someone else mentioned as
well) is to sit down and gather the requirements in a very detailed
manner and then look at the possible solutions. Once you have the
absolute requirements (must haves, nice to haves, don't cares etc.) then
go through all the options and lay out the pros and cons of each, get a
price range for each (including bandwidth costs for setup and monthly)
and include that. Then you can bring that to the company and show that
either it's just not possible for their expected price range, or show
them that the cheaper they go the less functionality they will have.

That has the effect of showing tha you have done some serious
investigation and research and will hopefully mean that they question
your answers less and will focus them on making the decision of either
increasing the budget or living with less functionality than they
originally planned on.

Sorry if this is something you're already thinking of or something you
already know :)

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Friday, November 19, 2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site

Yeah, I figure that, but what I am being told is to find "the cheapest
way possible" to do this. This is not my decision as I believe that
disaster recovery is not something you want to go cheap on. However,
these are the parameters that come down from my superiors as frustrating
as it may be.

Thank you for your help. I am also looking into NSI Double Take; do you
have any experience with this product?

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net 
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be
privileged and is intended for the exclusive use of the above named
addressee(s). If you are not the intended recipient(s), you are
expressly prohibited from copying, distributing, disseminating, or in
any other way using any of the information contained within this
communication. If you have received this communication in error, please
contact the sender by telephone 212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Boza
Sent: Friday, November 19, 2004 11:06 AM
To: ActiveDir List
Subject: Re: [ActiveDir] Hot Spare Site


Dan,

In all honesty, you don't build hot site capability for $25K.

Using a replication service across WAN links is incredibly expensive
from a bandwidth perspective.  I mean, realistically, you can't even buy
a server and 50 workstations to put in the remote site for that money
(which you stated you expect to need to do), let alone begin the process
of replicating data.

For the kind of money you are talking about, realistically you are
looking at a warm server or two in your remote location, and shipping
backup tapes there in a regular basis, depending on how willing to lose
data your company is - if all the data up to the backup is required,
then you ship every day.
Buy all those folks that need to be able to be onsite laptops in the
next hardware refresh cycle they hit so they can bring their system with
them to plug in at the alternate site.

Immediate failover capabilities easily gets into the million dollar plus
range.  I've designed these solutions for clients in the past and have
on more than one occasion been asked to do so only to have others choke
when we start discussing what the costs would be.  The desired SLA is
almost always in direct opposition to the budget (some sort of theorem
there, I think).

Rick


On 11/19/04 9:45 AM, "Dan DeStefano" <[EMAIL PROTECTED]> wrote:

> There is definitely a hirearchy of importance for users. The site 
> would likely need to physically host like 50 or so workstations and 
> all the remaining 100-200 users could probably work remotely via a 
> terminal server farm or something to that effect.
> 
> Yes, I am thinking of the site being able to failover immediately or 
> within
> 24-48 hours. Replication/geographically disperse clustering sounds 
> like what we are looking for. I have been looking into Veritas Global 
> Cluster Manager - is what you are referring to? Would Exchange be 
> cluster-aware of this product or only for MS Cluster Service?
> 
> _
>  
> Daniel DeStefano
> PC Support Specialist
>  
> IAG Research
> 345 Park Avenue South, 12th Floor
> New York, NY 10010
> T. 212.871.5262
> F. 212.871.5300
>  
> www.iagr.net 
> Measuring Ad Effectiveness on Television
>  
> The information contained in this communication is confidential, may 
> be privileged and is intended for the exclusive use of the above named

> addressee(s). If you are not the intended recipient(s), you are 
> expressly p

Re: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread ASB 
And where are the resources that will be access when the DNS names
have been resolved?

-ASB


On Fri, 19 Nov 2004 12:58:54 -0500, Ken Cornetet
<[EMAIL PROTECTED]> wrote:
> I don't want to forward because the remotes are on already overburdened WAN 
> links.
> 
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL 
> PROTECTED]
> Sent: Friday, November 19, 2004 12:48 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> How many new DCs are you adding per day/week/month? :)  If I were doing this, 
> Stub or Secondaries would take a back-seat. I would be investing in 
> Conditional Forwarding. I would have all my other DNS servers forward 
> unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2 
> designated DNS servers, I will configure Conditional Forwarders for all the 
> foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS 
> servers to forward the queries to. QED. No messing with secondaries or notify 
> or such any more from then on.
> 
> When I introduce a new DC/DNS server into my environment, all I will need to 
> do is configure it to forward to MY designated DNS servers. When I want to 
> add more designated servers, I don't have to recreate the 
> conditionally-forwarded zones. They are stored in the registry of the 
> existing designated servers, so I will just go export and import the hive as 
> necessary.
> 
> Of course, all my rants above is predicated on your designated DNS servers 
> being W2K3 servers.
> 
> I don't think the problem of AD-intg secondaries is simply technical 
> feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT, 
> you typically create secondaries for foreign zones [1]. Since the zones you 
> are secondarying are "foreign", I think storing those foreign information in 
> your AD is not a good idea.
> 
> [1]
> I disagree with Minasi's recommendation of creating secondaries of every 
> zones on every DNS server in a parent-child environment, but that's out of 
> the scope of this discussion.
> 
> Sincerely,
> 
> Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about 
> Yesterday?  -anon
> 
> 
> 
> From: [EMAIL PROTECTED] on behalf of Ken Cornetet
> Sent: Fri 11/19/2004 8:55 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> Because I have a couple of dozen remote DCs that serve DNS for their 
> locations. Our unix boxes are in a DNS zone that is handled by bind/unix 
> server. All of my DCs carry this zone as a secondary.
> 
> This works fine, but it is a bit of a pain to maintain. I have to remember to 
> configure the zone on any new DCs, and I have to have the unix guys add a 
> "notify" line on the bind server for the new DCs (OK, I don't HAVE to do the 
> notify part...). Plus, replication of the zone is handled by DNS instead of 
> the much more efficient AD replication.
> 
> Ever since laying eyes on w2k3 DNS server, I've always wondered why the 
> developers didn't allow for integrated secondaries. Don't get me wrong, 
> integrated stubs are great, but between the two, I'd have thought integrated 
> secondaries would have been the more desirable. I just assumed I was missing 
> some technical reason that made it unfeasible.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
> Sent: Friday, November 19, 2004 11:13 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> Because when it's integrated, there is no concept of "secondaries" as we 
> understood it to be in pre-2Kx world. It's there in AD, and any DC can see 
> and write to it. Now, if you are secondarying the zones on another server 
> located in another forest/network, why would you want to store that info in 
> your own AD. You will not be modifying that zone locally on the secondary 
> anyway. Or, are you intending to?
> 
> Sincerely,
> 
> Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about 
> Yesterday?  -anon
> 
> 
> 
> From: [EMAIL PROTECTED] on behalf of Ken Cornetet
> Sent: Fri 11/19/2004 6:56 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?
> 
> OK, integrated stub zones are cool, but I'm curious - why did MS stop there? 
> Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] migration of domains

2004-11-19 Thread Renouf, Phil 
Definitely true. If you are looking at migrating SQL or Exchange then
using a 3rd party migration tool from Quest or NetIQ is probably a good
idea. Specificly Quests tool would be preferred as it handles SQL
servers better than NetIQ. 

It is a good idea to figure out why you want to make this change (as
Peter points out) because with Exchange and SQL this can be a pretty
serious task requiring quite a bit of testing and preparation.

Phil 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson
Sent: Friday, November 19, 2004 8:40 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] migration of domains

Migrating complete servers such as SQL/Exchange is not the easiest thing
in the world. What do you wish to gain out of the exercise i.e. is it
worth the effort/cost/time etc

 

Regards

Peter Johnson

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Calders Stijn
Sent: 19 November 2004 13:48
To: [EMAIL PROTECTED]
Subject: [ActiveDir] migration of domains

 

Dear AD specialists,

 

 

At our university, we have three domains in the same forest: KDG.BE
(forest root domain with only two domain controllers), ADMIN.KDG.BE
(child of KDG.BE with a lot of servers (like SQL server, Exchange
server, Terminal Servers, ...)) and TEST.KDG.BE (child of KDG.BE with a
few servers (SQL server, file server, ... )). We want to migrate
everything from ADMIN.KDG.BE to KDG.BE. Three questions:

1)   Is this possible? (And doesn't it cost too much effort?)

2)   Is there a reason why this isn't a good idea?

3)   And what's the best way to do this? How can we be sure
everything is migrated right?

 

 

Many thanks in advance,

 

Stijn.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Dean Wells 
dnscmd /zoneadd /?


/DsForwarder -- as /Forwarder but DS integrated - use same options

-- 
Dean Wells 
MSEtechnology
* Email: [EMAIL PROTECTED] 
http://msetechnology.com 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

because I didn't think you could. Are you sure you could AD-intg
conditionally-forwarded zones? They are not "real" zones in the normal
sense, mind you.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Bernard, Aric
Sent: Fri 11/19/2004 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Even more off topic

Dèjì, why don't you AD integrate those conditional forwarders so that you
don't have to export and import the hive?


Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 9:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing
this, Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or
notify or such any more from then on.

When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.

Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.

I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.

[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion.

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember
to configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Bernard, Aric 
Dnscmd.exe  /zoneadd  /dsforwarder  /slave  /DP 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 10:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

because I didn't think you could. Are you sure you could AD-intg
conditionally-forwarded zones? They are not "real" zones in the normal sense,
mind you.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Bernard, Aric
Sent: Fri 11/19/2004 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Even more off topic

Dèjì, why don't you AD integrate those conditional forwarders so that you
don't have to export and import the hive?


Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 9:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing this,
Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or notify
or such any more from then on.

When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.

Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.

I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.

[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion.

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to
configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon

__

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread joe 
LOL. That would be me that was looking for a locked down server. That server
should also not have IE on it but I digress to my favorite pet peeve at the
moment (besides Exchange).

Anyway, the option of the lockdown would be a choice for me as the main
admin for a network. Not only is good for some lower level admins and users
to not have choices, it is immensely better than them having choices. This
is the whole concept behind GPOs and security policies, you are taking away
the right for others to choose what they want over what you want.

I can't admit to following the rest of the conversation. I dislike DNS and
try to ignore it when I can. However, I know about the security issue Dean
is talking about, we discussed it at the summit. It all comes down to
builtin groups being used to ACL things in AD. This is far more dangerous
than using say, even domain local groups, unless we are talking about Denies
and then they are both hokey. 

Dean and I agree on most things because we almost share a birthday. It is in
the stars... 

  joe

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 1:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

Choices are good, and I am all for it except those nasty "paper or plastic,
venti or grande, skimmed or half-and-half" choices :)
 
When it comes to matters like this, I defer to your superior judgement.
But.how does AD-intg secondaries address either of your scenarios? I can
see putting constraints on the "writeability" of ad-intg zones will be
desirable and effective for your purposes, but AD-intg secs 
hm..

 
And, talking about choices, wasn't it you who was asking to have a new
flavor of highly locked down Windows for servers alone? You wanted the
"relevant people" to strip it down and lock it so that tight that the
operators would find it very difficult to hurt themselves. How does that fit
into the "choices" option? Maybe Joe was the one asking for this. Maybe it
wasn't you.
But since you and Joe seem to agree on most things, I would like to see a
reconciliation of desires. 
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 9:35 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Real scenario - The way in which 2003 AD integrates the _msdcs subdomain
(now a zone) causes it to replicate forest wide.  This one zone subsequently
becomes writable on every K3 DNS(/DC) server within the forest.  I didn't
ask it to do that, I didn't intentionally make a key component of AD
available for modification ... all I said was "replicate it better"
(obviously that's highly simplified but you get the idea :-).

Hypothetical scenario - I'd like a non-AD related DNS zone available at
every one of my hundreds of sites.  Each site has DCs/DNS servers running
K3.  I'd like the zone's writability constrained (and enforced) to the
head-office site alone.  The moment I AD integrate to take advantage of the
vastly superior replication semantics, I inadvertently expose it to offsite
change ... again, all I wanted was to exploit replication not the
multimaster nature of AD. 

I can, of course, re-ACL the whole thing but, believe me, that's more pain
than I'm prepared to inflict on myself ... you, on the other hand, may like
that ;-).

My feeling is simply this; we would be better served by being offered a
choice as to which features are made available when a zone is AD integrated.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

I see what you are saying, but . why would I want to store the zone info
of DomainA in the AD of DomainB in an independent/disjointed, non-trusting
environment? What would be the compelling reason? Would something improve or
work better if this is implemented?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 8:24 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Deji,

There would a concept of "AD integrated secondaries" had MS decided to write
it; it may be desirable (to some) to maintain rea

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
because I didn't think you could. Are you sure you could AD-intg
conditionally-forwarded zones? They are not "real" zones in the normal sense,
mind you.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Bernard, Aric
Sent: Fri 11/19/2004 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Even more off topic

Dèjì, why don't you AD integrate those conditional forwarders so that you
don't have to export and import the hive?


Aric

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 9:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing this,
Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or notify
or such any more from then on.

When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.

Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.

I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.

[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion.

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to
configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated sec

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Dean Wells 
Much of your reply surprises me and reminds of past dealings with those
blinkered by the limitations of BIND ;-)  I really don't know where to begin
... conditional forwarding is a Q&D solution in my opinion (what does it
offer that stubs don't, there are some features but are they what motivate
your recommendation?).  In addition, why export the conditional forwarders,
why not AD integrate those as well (you also said "hive", I hope you mean
key:-)?  

The admin. overhead to your approach seems high, look for ways of allowing
the system to maintain these things for you ... thus stubs self-learning,
fault-tolerant replication, granular replication, appreciative of rules
(Sites, Subnets, Site-links etc.)

Why is it not a good idea to store zone data in AD?  Why not exploit a
modern replication engine?


-- 
Dean Wells 
MSEtechnology
* Email: [EMAIL PROTECTED] 
http://msetechnology.com 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 12:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing
this, Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or
notify or such any more from then on.
 
When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.
 
Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.
 
I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.
 
[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion. 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember
to configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
Choices are good, and I am all for it except those nasty "paper or plastic,
venti or grande, skimmed or half-and-half" choices :)
 
When it comes to matters like this, I defer to your superior judgement.
But.how does AD-intg secondaries address either of your scenarios? I can
see putting constraints on the "writeability" of ad-intg zones will be
desirable and effective for your purposes, but AD-intg secs  hm..

 
And, talking about choices, wasn't it you who was asking to have a new flavor
of highly locked down Windows for servers alone? You wanted the "relevant
people" to strip it down and lock it so that tight that the operators would
find it very difficult to hurt themselves. How does that fit into the
"choices" option? Maybe Joe was the one asking for this. Maybe it wasn't you.
But since you and Joe seem to agree on most things, I would like to see a
reconciliation of desires. 
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 9:35 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Real scenario - The way in which 2003 AD integrates the _msdcs subdomain
(now a zone) causes it to replicate forest wide.  This one zone subsequently
becomes writable on every K3 DNS(/DC) server within the forest.  I didn't
ask it to do that, I didn't intentionally make a key component of AD
available for modification ... all I said was "replicate it better"
(obviously that's highly simplified but you get the idea :-).

Hypothetical scenario - I'd like a non-AD related DNS zone available at
every one of my hundreds of sites.  Each site has DCs/DNS servers running
K3.  I'd like the zone's writability constrained (and enforced) to the
head-office site alone.  The moment I AD integrate to take advantage of the
vastly superior replication semantics, I inadvertently expose it to offsite
change ... again, all I wanted was to exploit replication not the
multimaster nature of AD. 

I can, of course, re-ACL the whole thing but, believe me, that's more pain
than I'm prepared to inflict on myself ... you, on the other hand, may like
that ;-).

My feeling is simply this; we would be better served by being offered a
choice as to which features are made available when a zone is AD integrated.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

I see what you are saying, but . why would I want to store the zone info
of DomainA in the AD of DomainB in an independent/disjointed, non-trusting
environment? What would be the compelling reason? Would something improve or
work better if this is implemented?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 8:24 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Deji,

There would a concept of "AD integrated secondaries" had MS decided to write
it; it may be desirable (to some) to maintain read-only yet AD replicated
zones.  I guess the point in question is - MS didn't.  I've asked the
question directly to those that chose not to within MS and their response
was quite simply "because we didn't :)".

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTE

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Bernard, Aric 
Even more off topic

Dèjì, why don't you AD integrate those conditional forwarders so that you don't 
have to export and import the hive?


Aric

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 9:48 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

How many new DCs are you adding per day/week/month? :)  If I were doing this,
Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or notify
or such any more from then on.
 
When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.
 
Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.
 
I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.
 
[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion. 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to
configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.active

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Ken Cornetet 
I don't want to forward because the remotes are on already overburdened WAN 
links.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 12:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


How many new DCs are you adding per day/week/month? :)  If I were doing this, 
Stub or Secondaries would take a back-seat. I would be investing in Conditional 
Forwarding. I would have all my other DNS servers forward unresolved queries to 
one or (ideally) 2 of MY DNS servers. On those 2 designated DNS servers, I will 
configure Conditional Forwarders for all the foreign zones hosted on the Unix 
boxen and specify the Unix boxes as the DNS servers to forward the queries to. 
QED. No messing with secondaries or notify or such any more from then on.
 
When I introduce a new DC/DNS server into my environment, all I will need to do 
is configure it to forward to MY designated DNS servers. When I want to add 
more designated servers, I don't have to recreate the conditionally-forwarded 
zones. They are stored in the registry of the existing designated servers, so I 
will just go export and import the hive as necessary.
 
Of course, all my rants above is predicated on your designated DNS servers 
being W2K3 servers.
 
I don't think the problem of AD-intg secondaries is simply technical 
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT, you 
typically create secondaries for foreign zones [1]. Since the zones you are 
secondarying are "foreign", I think storing those foreign information in your 
AD is not a good idea.
 
[1]
I disagree with Minasi's recommendation of creating secondaries of every zones 
on every DNS server in a parent-child environment, but that's out of the scope 
of this discussion. 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? 
 -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their locations. 
Our unix boxes are in a DNS zone that is handled by bind/unix server. All of my 
DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to 
configure the zone on any new DCs, and I have to have the unix guys add a 
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the 
notify part...). Plus, replication of the zone is handled by DNS instead of the 
much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the 
developers didn't allow for integrated secondaries. Don't get me wrong, 
integrated stubs are great, but between the two, I'd have thought integrated 
secondaries would have been the more desirable. I just assumed I was missing 
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we 
understood it to be in pre-2Kx world. It's there in AD, and any DC can see and 
write to it. Now, if you are secondarying the zones on another server located 
in another forest/network, why would you want to store that info in your own 
AD. You will not be modifying that zone locally on the secondary anyway. Or, 
are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? 
 -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there? 
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
How many new DCs are you adding per day/week/month? :)  If I were doing this,
Stub or Secondaries would take a back-seat. I would be investing in
Conditional Forwarding. I would have all my other DNS servers forward
unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2
designated DNS servers, I will configure Conditional Forwarders for all the
foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS
servers to forward the queries to. QED. No messing with secondaries or notify
or such any more from then on.
 
When I introduce a new DC/DNS server into my environment, all I will need to
do is configure it to forward to MY designated DNS servers. When I want to
add more designated servers, I don't have to recreate the
conditionally-forwarded zones. They are stored in the registry of the
existing designated servers, so I will just go export and import the hive as
necessary.
 
Of course, all my rants above is predicated on your designated DNS servers
being W2K3 servers.
 
I don't think the problem of AD-intg secondaries is simply technical
feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT,
you typically create secondaries for foreign zones [1]. Since the zones you
are secondarying are "foreign", I think storing those foreign information in
your AD is not a good idea.
 
[1]
I disagree with Minasi's recommendation of creating secondaries of every
zones on every DNS server in a parent-child environment, but that's out of
the scope of this discussion. 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Because I have a couple of dozen remote DCs that serve DNS for their
locations. Our unix boxes are in a DNS zone that is handled by bind/unix
server. All of my DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to
configure the zone on any new DCs, and I have to have the unix guys add a
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the
notify part...). Plus, replication of the zone is handled by DNS instead of
the much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the
developers didn't allow for integrated secondaries. Don't get me wrong,
integrated stubs are great, but between the two, I'd have thought integrated
secondaries would have been the more desirable. I just assumed I was missing
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Linked files.

2004-11-19 Thread Dean Wells 



Note 
that if you do decide to use CNAMEs to redirect CIFS/SMB queries to servers 
using a.n.other name, you must configure DisableStrictNameChecking in each of 
the server's registries.
 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\ParametersOn 
the Edit menu, click Add Value, and then add the following registry 
value: Value name: DisableStrictNameChecking Data type: 
REG_DWORD Radix/Base: Decimal Value: 1 
-- Dean Wells MSEtechnology* Email: dwells@msetechnology.com http://msetechnology.com 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jacqui 
HurstSent: Friday, November 19, 2004 11:56 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Linked 
files.


If you are keeping the same file structures 
and just changing the server names can you not setup cnames in DNS to point to 
the new servers?
 
Not tried it myself but thought it might be 
worth a suggestion.
 
Jacqui
 
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Paul van 
GeldropSent: 19 November 2004 
16:41To: '[EMAIL PROTECTED]'Subject: [ActiveDir] OT: Linked 
files.
 
Hi all,
 
A bit offtopic, I realise, but hopefully somebody will 
be able to provide an answer.
The problem: We're on the verge of consolidating a 
rather big load of user files to a new environment. However, we'd like to avoid 
the pitfall of linked files, for example, OLE links on Office documents and 
such. Say that we're moving a document from server A to server B and the 
document has a link to another document on server A. That other document we also 
move to server B. The link in the file is, of course, not updated, and errors 
have their wicked way. 
To prevent this from happening, we'd like to scan the 
different volumes for files that have links to other files and get a clear 
report.
We examined the Link Updater (lu.exe, Quest Software), 
but that utility requires you to enter the source and target path of the linked 
files and doesn't accept wildcards, so that won't quite do the trick as we don't 
know those paths, that's what we're trying to find 
out.
Anyone who might be able to give a handy pointer in the 
right direction for a tool like that ?
Thanks in advance,
 
Paul.
This e-mail and any 
attachment is for authorised use by the intended recipient(s) only. It may 
contain proprietary material, confidential information and/or be subject to 
legal privilege. It should not be copied, disclosed to, retained or used by, any 
other party. If you are not an intended recipient then please promptly delete 
this e-mail and any attachment and all copies and inform the sender. Thank 
you.

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Dean Wells 
Real scenario - The way in which 2003 AD integrates the _msdcs subdomain
(now a zone) causes it to replicate forest wide.  This one zone subsequently
becomes writable on every K3 DNS(/DC) server within the forest.  I didn't
ask it to do that, I didn't intentionally make a key component of AD
available for modification ... all I said was "replicate it better"
(obviously that's highly simplified but you get the idea :-).

Hypothetical scenario - I'd like a non-AD related DNS zone available at
every one of my hundreds of sites.  Each site has DCs/DNS servers running
K3.  I'd like the zone's writability constrained (and enforced) to the
head-office site alone.  The moment I AD integrate to take advantage of the
vastly superior replication semantics, I inadvertently expose it to offsite
change ... again, all I wanted was to exploit replication not the
multimaster nature of AD.  

I can, of course, re-ACL the whole thing but, believe me, that's more pain
than I'm prepared to inflict on myself ... you, on the other hand, may like
that ;-).

My feeling is simply this; we would be better served by being offered a
choice as to which features are made available when a zone is AD integrated.

-- 
Dean Wells 
MSEtechnology
* Email: [EMAIL PROTECTED] 
http://msetechnology.com 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

I see what you are saying, but . why would I want to store the zone info
of DomainA in the AD of DomainB in an independent/disjointed, non-trusting
environment? What would be the compelling reason? Would something improve or
work better if this is implemented?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 8:24 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Deji,

There would a concept of "AD integrated secondaries" had MS decided to write
it; it may be desirable (to some) to maintain read-only yet AD replicated
zones.  I guess the point in question is - MS didn't.  I've asked the
question directly to those that chose not to within MS and their response
was quite simply "because we didn't :)".

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Dan DeStefano 
Yeah, I figure that, but what I am being told is to find "the cheapest way 
possible" to do this. This is not my decision as I believe that disaster 
recovery is not something you want to go cheap on. However, these are the 
parameters that come down from my superiors as frustrating as it may be.

Thank you for your help. I am also looking into NSI Double Take; do you have 
any experience with this product?

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net  
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be 
privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any of the information contained within this communication. If you have 
received this communication in error, please contact the sender by telephone 
212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Boza
Sent: Friday, November 19, 2004 11:06 AM
To: ActiveDir List
Subject: Re: [ActiveDir] Hot Spare Site


Dan,

In all honesty, you don't build hot site capability for $25K.

Using a replication service across WAN links is incredibly expensive from a
bandwidth perspective.  I mean, realistically, you can't even buy a server
and 50 workstations to put in the remote site for that money (which you
stated you expect to need to do), let alone begin the process of replicating
data.

For the kind of money you are talking about, realistically you are looking
at a warm server or two in your remote location, and shipping backup tapes
there in a regular basis, depending on how willing to lose data your company
is - if all the data up to the backup is required, then you ship every day.
Buy all those folks that need to be able to be onsite laptops in the next
hardware refresh cycle they hit so they can bring their system with them to
plug in at the alternate site.

Immediate failover capabilities easily gets into the million dollar plus
range.  I've designed these solutions for clients in the past and have on
more than one occasion been asked to do so only to have others choke when we
start discussing what the costs would be.  The desired SLA is almost always
in direct opposition to the budget (some sort of theorem there, I think).

Rick


On 11/19/04 9:45 AM, "Dan DeStefano" <[EMAIL PROTECTED]> wrote:

> There is definitely a hirearchy of importance for users. The site would likely
> need to physically host like 50 or so workstations and all the remaining
> 100-200 users could probably work remotely via a terminal server farm or
> something to that effect.
> 
> Yes, I am thinking of the site being able to failover immediately or within
> 24-48 hours. Replication/geographically disperse clustering sounds like what
> we are looking for. I have been looking into Veritas Global Cluster Manager -
> is what you are referring to? Would Exchange be cluster-aware of this product
> or only for MS Cluster Service?
> 
> _
>  
> Daniel DeStefano
> PC Support Specialist
>  
> IAG Research
> 345 Park Avenue South, 12th Floor
> New York, NY 10010
> T. 212.871.5262
> F. 212.871.5300
>  
> www.iagr.net 
> Measuring Ad Effectiveness on Television
>  
> The information contained in this communication is confidential, may be
> privileged and is intended for the exclusive use of the above named
> addressee(s). If you are not the intended recipient(s), you are expressly
> prohibited from copying, distributing, disseminating, or in any other way
> using any of the information contained within this communication. If you have
> received this communication in error, please contact the sender by telephone
> 212.871.5262 or by response via e-mail.
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
> Sent: Thursday, November 18, 2004 4:03 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Hot Spare Site
> 
> 
> Additionally, what do you define as restoration of service?  Do you have to
> restore service and data to all users instantly or are some users more
> urgent than others?
> 
> File/print restoration of service indicates that you want to have the data
> available seamlessly.  That often looks like a replication and/or
> geographically disperse clustering solution.
> 
> Exchange is another animal altogether and requirements definition needs to
> be tight to easily solve that one.
> 
> al 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil
> Sent: Thursday, November 18, 2004 3:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Hot Spare Site
> 
> It co

[ActiveDir] Directory Expert's Conference 2005

2004-11-19 Thread Gil Kirkpatrick 
Greetings fellow travelers,

I want to make sure you are all aware of the next Directory Experts Conference 
March 13-16 in Vancouver, BC, Canada. Along with the usual technically-focused 
AD content, we've added a few new things: 

* We are hosting the North American MMSUG (MIIS Users Group) meeting as a 
separate MIIS track. Now you can learn the meanings of words like "metaverse" 
and "connectorspace", and my favorite: "hologram".

* We are including sessions on other Microsoft IdM technologies including AD 
Federation Services.

* For the pointy-haired boss in your life, there will be a half-day management 
session that includes an NDA AD strategy briefing by Stuart Kwan.

* Is your AD-fu great? Now you can know for sure.  This year we will have an AD 
security shootout with two teams trying to break into and subvert their 
opponents' Active Directory. (And yes, this time the hw/sw environment is being 
built by professionals, not me bolting together a bunch of half-a**ed PCs at 
the last minute.) 

Many of your favorite n'er-do-wells will be speaking:

* Uber-PUM Stuart Kwan
* Guido "Propane" Grillenmeier
* Andreas "It is not a tumor" Luther
* Wook "The Philosopher" Lee and his partner in crime Jesse "I gotta get me a 
cool nickname" Sutela
* Alain Lissoir (author of the WMI Scriptonomicon)
* Paul "I'd tell you but I'd have to kill you" Rich
* Deji "How the hell do I type those funny characters" Akómöláfé

and a cast of thousands.

The facilities look great, you'll meet a bunch of really smart AD- and MIIS- 
focused people, and I guarantee that you will learn a lot. And if clowns and 
pony rides aren't enough to convince you to attend, there's always the infamous 
"no one leaves the room till dawn" pre-conference poker game, where the score 
is currently NetPro sales guys 1, US Air Force 0.

Find out more at http://www.netpro.com/events/dec2005

BTW the call for papers is still open. If you have an insteresting AD or 
MIIS-related case-study or other AD-technology related presentation you'd like 
to make, follow the "Call for papers" link at the bottom of the page.

Attention AD MVPs: email at mailto:[EMAIL PROTECTED] if your management needs 
some convincing.

Hope to see you there,

-gil

Gil Kirkpatrick
CTO, NetPro
Author of "Active Directory Programming"
DEC founder and facilitator
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Salandra, Justin A. 
Title: Exchange 2003 - New mailboxes not created








    Recipient Update Server

 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: Friday, November 19, 2004
9:56 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created

 

Whats RUS?

 



Jared Manhat 
Systems Administrator 
Accutest Laboratories 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus
the recent OWA rollup that was released.

 

So the mailboxes NEVER
show up? Or they are just delayed?

 

If they never show up -
I'd check out my RUS configuration.

 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jared Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I have an
Exchange 2003 server running on Windows Server 2k3. I just noticed Wednesday
that if I create a new user account in AD2k3
and give the user an Exchange mailbox, the mailbox does not show up in the
Exchange System Manager. Any ideas? I’ve never seen this behavior before
and I can find anything on the web
relating to it.

I am not running Exchange 2k3 SP1, I
didn’t
install the SP because I cant find a comprehensive list of
what they’ve changed.

Thanks for the help.

Jared Manhat

Systems
Administrator

Accutest Laboratories

RE: [ActiveDir] Forcing SYSVOL from authenticating DC

2004-11-19 Thread David Adner 
But does this really mean the same thing as forcing the client to use the
SYSVOL from the authenticating DC?  I haven't been able to find any
documentation that specifically states this is now the default behavior in
2003 or if not, how to enable it.  Also, it was my understanding that making
DFS recognize site link cost information wasn't the default behavior, too...

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Grillenmeier, Guido
> Sent: Thursday, November 18, 2004 10:51
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Forcing SYSVOL from authenticating DC
> 
> DFS in 2003 has generally been improved in a way that it 
> leverages IP and Site-Cost information to generate the list 
> of DFS targets returned to clients (in this case the SYSVOL share). 
> 
> So yes, this is a non-issue in 2003.
> 
> /Guido
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
> Sent: Thursday, November 18, 2004 5:17 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Forcing SYSVOL from authenticating DC
> 
>  Sites without domain controllers cause DFS referral to 
> remote site for SYSVOL contents:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;823362
> 
> >This is for 2003.
> 
> Only applies to 2000 AFAIK. We were told it was fixed in 2003.
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
> Sent: Wednesday, November 17, 2004 7:08 PM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Forcing SYSVOL from authenticating DC
> 
> I remember there's a way (hotfix and/or reg key) to make 
> clients use the SYSVOL of the authenticating DC instead of 
> possibly getting a different SYSVOL due to the behavior of 
> DFS.  I can't find how to do this on MS's site.  Can anyone 
> point me at the information? 
> This is for 2003.
> 
> TTIA
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Linked files.

2004-11-19 Thread Jacqui Hurst 








If you are keeping the same file structures and just
changing the server names can you not setup cnames in DNS to point to the new
servers?

 

Not tried it myself but thought it might be worth a
suggestion.

 

Jacqui

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul van Geldrop
Sent: 19 November 2004 16:41
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OT: Linked
files.



 

Hi
all,

 

A bit offtopic, I realise, but hopefully somebody will be able to
provide an answer.

The problem: We're on the verge of consolidating a rather big load of
user files to a new environment. However, we'd like to avoid the pitfall of
linked files, for example, OLE links on Office documents and such. Say that
we're moving a document from server A to server B and the document has a link
to another document on server A. That other document we also move to server B.
The link in the file is, of course, not updated, and errors have their wicked
way. 

To prevent this from happening, we'd like to scan the different volumes
for files that have links to other files and get a clear report.

We examined the Link Updater (lu.exe, Quest Software), but that utility
requires you to enter the source and target path of the linked files and
doesn't accept wildcards, so that won't quite do the trick as we don't know
those paths, that's what we're trying to find out.

Anyone who might be able to give a handy pointer in the right direction
for a tool like that ?

Thanks in advance,

 

Paul.


This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Ken Cornetet 
Because I have a couple of dozen remote DCs that serve DNS for their locations. 
Our unix boxes are in a DNS zone that is handled by bind/unix server. All of my 
DCs carry this zone as a secondary.

This works fine, but it is a bit of a pain to maintain. I have to remember to 
configure the zone on any new DCs, and I have to have the unix guys add a 
"notify" line on the bind server for the new DCs (OK, I don't HAVE to do the 
notify part...). Plus, replication of the zone is handled by DNS instead of the 
much more efficient AD replication.

Ever since laying eyes on w2k3 DNS server, I've always wondered why the 
developers didn't allow for integrated secondaries. Don't get me wrong, 
integrated stubs are great, but between the two, I'd have thought integrated 
secondaries would have been the more desirable. I just assumed I was missing 
some technical reason that made it unfeasible.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?


Because when it's integrated, there is no concept of "secondaries" as we 
understood it to be in pre-2Kx world. It's there in AD, and any DC can see and 
write to it. Now, if you are secondarying the zones on another server located 
in another forest/network, why would you want to store that info in your own 
AD. You will not be modifying that zone locally on the secondary anyway. Or, 
are you intending to?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? 
 -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there? 
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Mulnick, Al 
Title: Exchange 2003 - New mailboxes not created



Recipient Update Service.  
 
Keep in mind the mailbox only shows up in the Exchange 
System Manager after an instance has been created in the store (after mail has 
arrived for the user else they have logged in once at least).  Otherwise 
you only see the mailbox data in the Active Directory.
 
Send them a piece of email and see if you don't find the 
mailbox then :)


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jared 
ManhatSent: Friday, November 19, 2004 9:56 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created


Whats 
RUS?
 

Jared 
Manhat Systems 
Administrator 
Accutest 
Laboratories 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Michael B. 
SmithSent: Friday, November 
19, 2004 9:36 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created
 
There isn't a 
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus 
the recent OWA rollup that was released.
 
So the mailboxes NEVER 
show up? Or they are just delayed?
 
If they never show up - 
I'd check out my RUS configuration.
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Jared ManhatSent: Friday, November 19, 2004 9:29 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
mailboxes not createdImportance: 
High
I 
have an Exchange 2003 server running on Windows Server 2k3. I just noticed 
Wednesday that if I create a new user 
account in AD2k3 and give the user an Exchange mailbox, the mailbox does not 
show up in the Exchange System Manager. Any ideas? I’ve never seen this behavior 
before and I can find anything on 
the web relating to it.
I 
am not running Exchange 2k3 SP1, I didn’t install the SP 
because I cant find a comprehensive list of 
what they’ve changed.
Thanks for the 
help.
Jared 
Manhat
Systems 
Administrator
Accutest 
Laboratories

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Peter Johnson 
Title: Exchange 2003 - New mailboxes not created








RUS is the recipient update service. It’s
a part of Exchange that stamps mail enabled objects such as users etc with e-mail
addresses based on the policies that you define. It normally runs fine and simply
stamps objects with new addresses as they are created. However sometimes it goes
off on a tangent.

 

Are the users you are creating being giving
valid e-mail addresses? If not then it’s a pretty safe bet your RUS as wandered
off somewhere J J 

 

Cheers

Peter Johnson

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: 19 November 2004 16:56
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

Whats RUS?

 



Jared Manhat 
Systems
Administrator 
Accutest Laboratories 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus
the recent OWA rollup that was released.

 

So the mailboxes NEVER
show up? Or they are just delayed?

 

If they never show up -
I'd check out my RUS configuration.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I have an Exchange 2003 server
running on Windows Server 2k3. I just noticed Wednesday that if I create a
new user account in AD2k3 and give the user an Exchange mailbox, the mailbox
does not show up in the Exchange System Manager. Any ideas? I’ve never
seen this behavior before and I can find anything on the web relating to it.

I am not running Exchange 2k3 SP1, I didn’t install the SP because I cant find a comprehensive list of what
they’ve changed.

Thanks for the help.

Jared Manhat

Systems Administrator

Accutest Laboratories

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Paul van Geldrop 
Title: Exchange 2003 - New mailboxes not created








Recipient Update Services, you'll
find it in the Exchange Administrator, just above the servers.

 

Paul.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: vrijdag 19 november 2004
15:56
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

Whats RUS?

 



Jared Manhat 
Systems Administrator 
Accutest Laboratories 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a comprehensive list of sp1
fixes - but I recommend strongly you install it, plus the recent OWA rollup
that was released.

 

So the mailboxes NEVER show up? Or they
are just delayed?

 

If they never show up - I'd check out my
RUS configuration.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared
 Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I
have an Exchange 2003 server running on Windows Server 2k3. I just noticed
Wednesday that if I create a new user account in AD2k3
and give the user an Exchange mailbox, the mailbox does not show up in the
Exchange System Manager. Any ideas? I've never seen this behavior before
and I can find anything on the web
relating to it.

I
am not running Exchange 2k3 SP1, I didn't install
the SP because I cant find a comprehensive list of what
they've changed.

Thanks
for the help.

Jared Manhat

Systems Administrator

Accutest
Laboratories





This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

[ActiveDir] OT: Linked files.

2004-11-19 Thread Paul van Geldrop 








Hi
all,

 

A bit
offtopic, I realise, but hopefully somebody will be able to provide an answer.

The
problem: We're on the verge of consolidating a rather big load of user
files to a new environment. However, we'd like to avoid the pitfall of
linked files, for example, OLE links on Office documents and such. Say that we're
moving a document from server A to server B and the document has a link to
another document on server A. That other document we also move to server B. The
link in the file is, of course, not updated, and errors have their wicked way. 

To
prevent this from happening, we'd like to scan the different volumes for
files that have links to other files and get a clear report.

We
examined the Link Updater (lu.exe, Quest Software), but that utility requires
you to enter the source and target path of the linked files and doesn't
accept wildcards, so that won't quite do the trick as we don't know
those paths, that's what we're trying to find out.

Anyone
who might be able to give a handy pointer in the right direction for a tool
like that ?

Thanks
in advance,

 

Paul.





This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Jared Manhat 
Title: Exchange 2003 - New mailboxes not created








Whats RUS?

 



Jared
 Manhat 
Systems Administrator 
Accutest Laboratories 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004 9:36
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a comprehensive list of sp1
fixes - but I recommend strongly you install it, plus the recent OWA rollup
that was released.

 

So the mailboxes NEVER show up? Or they
are just delayed?

 

If they never show up - I'd check out my
RUS configuration.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared
 Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I
have an Exchange 2003 server running on Windows Server 2k3. I just noticed
Wednesday that if I create a new user account in AD2k3
and give the user an Exchange mailbox, the mailbox does not show up in the
Exchange System Manager. Any ideas? I’ve never seen this behavior before
and I can find anything on the web
relating to it.

I
am not running Exchange 2k3 SP1, I didn’t
install the SP because I cant find a comprehensive list of
what they’ve changed.

Thanks
for the help.

Jared Manhat

Systems Administrator

Accutest
Laboratories

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
I see what you are saying, but . why would I want to store the zone info
of DomainA in the AD of DomainB in an independent/disjointed, non-trusting
environment? What would be the compelling reason? Would something improve or
work better if this is implemented?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Dean Wells
Sent: Fri 11/19/2004 8:24 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



Deji,

There would a concept of "AD integrated secondaries" had MS decided to write
it; it may be desirable (to some) to maintain read-only yet AD replicated
zones.  I guess the point in question is - MS didn't.  I've asked the
question directly to those that chose not to within MS and their response
was quite simply "because we didn't :)".

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Mulnick, Al 
Definitely a correlation if no theorem.  

An additional thought.  Using Tapes and shipping them is cheaper but it
tends to have issues tied to it. For example, tape is slower and not always
reliable.  Using a disk based solution is becoming realistic with newer
technologies such as SATA etc. 

Solutions range from EMC BCV technology to the Veritas software type
solutions and everything in between.  If you use a hardware vendor solution
you tend to have easier implementation with the applications since it's
often abstracted.  There are distance limitations however if real-time data
is imperative and as Rick points out, cost can be a barrier.  Software
solutions are known to work but you're dealing with software that is there
to protect the host it's running on.  Kind of opens the door for the
possibility of issues. Clustering over space and time can be tricky, but
almost always includes some of the other solutions to go with it. 

Definition of the scope and problem and expectations is the key to solving
this.  After that it's just your creativity in applying the solutions that
counts.

For example, it may be that the data for Exchange is not needed immediately.
Then you could implement a solution that involves putting back functionality
before data and rely on traditional backup/restore of data to put the data
back.  Recovery storage groups make that easy.

File systems are a different breed.  They tend to change many small files
frequently.  Plus, the data is what you're after.  As Rick mentioned, buy
laptops and have them store the data on the laptops and synch them with
servers.  If the data server goes away, then you still have access to the
data.  Or, you could rely on a tape restore solution or even do backups to
disk as mentioned above. FWIW, I think you can design an elegant solution
with backup to disk and tape (belts and braces right) and some well defined,
written and practiced procedures.  Practice is the key to this one. 

Short of it, spend your energy defining the problem to the smallest degree
possible.  Then go after solutions and see how they fit in your organization
in terms of practicality and costs.  I typically like to plan without costs
as a focus and then backfill to the solution that meets problem and
expectations.  That way the solution works AND they get what they expect.

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Boza
Sent: Friday, November 19, 2004 11:06 AM
To: ActiveDir List
Subject: Re: [ActiveDir] Hot Spare Site

Dan,

In all honesty, you don't build hot site capability for $25K.

Using a replication service across WAN links is incredibly expensive from a
bandwidth perspective.  I mean, realistically, you can't even buy a server
and 50 workstations to put in the remote site for that money (which you
stated you expect to need to do), let alone begin the process of replicating
data.

For the kind of money you are talking about, realistically you are looking
at a warm server or two in your remote location, and shipping backup tapes
there in a regular basis, depending on how willing to lose data your company
is - if all the data up to the backup is required, then you ship every day.
Buy all those folks that need to be able to be onsite laptops in the next
hardware refresh cycle they hit so they can bring their system with them to
plug in at the alternate site.

Immediate failover capabilities easily gets into the million dollar plus
range.  I've designed these solutions for clients in the past and have on
more than one occasion been asked to do so only to have others choke when we
start discussing what the costs would be.  The desired SLA is almost always
in direct opposition to the budget (some sort of theorem there, I think).

Rick


On 11/19/04 9:45 AM, "Dan DeStefano" <[EMAIL PROTECTED]> wrote:

> There is definitely a hirearchy of importance for users. The site 
> would likely need to physically host like 50 or so workstations and 
> all the remaining 100-200 users could probably work remotely via a 
> terminal server farm or something to that effect.
> 
> Yes, I am thinking of the site being able to failover immediately or 
> within
> 24-48 hours. Replication/geographically disperse clustering sounds 
> like what we are looking for. I have been looking into Veritas Global 
> Cluster Manager - is what you are referring to? Would Exchange be 
> cluster-aware of this product or only for MS Cluster Service?
> 
> _
>  
> Daniel DeStefano
> PC Support Specialist
>  
> IAG Research
> 345 Park Avenue South, 12th Floor
> New York, NY 10010
> T. 212.871.5262
> F. 212.871.5300
>  
> www.iagr.net 
> Measuring Ad Effectiveness on Television
>  
> The information contained in this communication is confidential, may 
> be privileged and is intended for the exclusive use of the above named 
> addressee(s). If you are not the intended recipient(s), you are 
> expressly prohibited from co

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Dean Wells 
Deji, 

There would a concept of "AD integrated secondaries" had MS decided to write
it; it may be desirable (to some) to maintain read-only yet AD replicated
zones.  I guess the point in question is - MS didn't.  I've asked the
question directly to those that chose not to within MS and their response
was quite simply "because we didn't :)".

-- 
Dean Wells 
MSEtechnology
* Email: [EMAIL PROTECTED] 
http://msetechnology.com 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop there?
Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread deji 
Because when it's integrated, there is no concept of "secondaries" as we
understood it to be in pre-2Kx world. It's there in AD, and any DC can see
and write to it. Now, if you are secondarying the zones on another server
located in another forest/network, why would you want to store that info in
your own AD. You will not be modifying that zone locally on the secondary
anyway. Or, are you intending to?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Ken Cornetet
Sent: Fri 11/19/2004 6:56 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones?



OK, integrated stub zones are cool, but I'm curious - why did MS stop
there? Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome

2004-11-19 Thread Fugleberg, David A 
I can definitely confirm the behavior Joe describes.  I posted a tale of
woe about this a couple months back.  In our case, AD was replicating
between all sites quickly (due to site link notification being enabled
on all site links), but FRS was replicating based on the default site
link interval of 180 minutes.  We never noticed an issue with this until
we made a change to the account policy that affected a couple of the
attributes listed by Joe.  When we did, we saw the values 'ping-ponging'
between old and new values on DCs all over the world til FRS caught up
everywhere and all DCs settled on the new value.  

Having these values replicate via both mechanisms seems to be a
genuinely Bad Idea, but you typically don't see any issues of this sort
as long as FRS is working perfectly and both AD and FRS replication are
happening on roughly the same schedule.  

Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, November 18, 2004 8:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows
Logon Welcome


Info like number of bad passwords before lockout are maintained in the
directory. In replicated attributes... 

Look at the following attribs on the Domain NC head and their matching
systemFlags values... 

lockoutDuration
lockoutObservationWindow
lockoutThreshold
maxPwdAge
minPwdAge
minPwdLength
pwdHistoryLength
pwdProperties


I have seen the case MULTIPLE times where policies were not in sync
across all DCs of a domain due to my favorite service - FRS - dorking up
and the policy seesawing back and forth because DC 1 sets the policy to
one value, that replicates to DC 2 which has the old policy and sees it
and changes it back, that replicates back to DC 1 and it says that
doesn't match its GPO so it changes it back. Back and forth back and
forth. 

I have seen that both with domain security policies and I have seen it
with restricted groups. I once had an issue where one DC was screwed for
FRS and I was trying to back out a restricted policy for admins/domain
admins. I had to keep watching a DC to see who the admins were to know
when I could connect to it since in one policy I was the admin, in the
other I wasn't and the AD replication was flip flopping the membership
back and forth. 

I have discovered by accident sites that have had this problem when
looking at replication metadata and seeing say the lockoutThreshold
attribute having a version number in the tens of thousands. 


  joe
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
Guido
Sent: Wednesday, November 17, 2004 4:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows
Logon Welcome

Darren - if I understand Joe correctly, he doesn't mean that the policy
values are replicated. It's the fact that DCs may have different
thresholds for acct. lockout (due to the described setup) that the bad
logon count which is passed on from one DC to another would trigger a
lockout at a different threshold on the different DCs and you'd never be
sure which would apply. 
However, I doubt we'd have replication back and forth: if a DC with a
threshold of 10 passes on the bad logon attempt to the PDCE with a
theshold of 5, the PDCE would pontentially set the user-account to
locked while the other DC would still be fine with 5 more logon
attempts. But if this change of the user-account is then replicated out
to the other DC, I'm pretty sure that the DC set to 10 attempts doesn't
then unlock the account (and causes further replication).  

So Joe, you may want to elaborate on that.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 17, 2004 6:25 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows
Logon Welcome

Joe-
Are you sure data like that is stored in AD? I thought, actually, that
security policy like this was still stored in the security hive of the
registry (i.e. the SAM) for each machine and thus not replicated.  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, November 16, 2004 10:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows
Logon Welcome

This would be extremely unstable. 

Not only is the policy being changed by the GPO replicated through FRS,
it is also being changed by the values replicating around for the Domain
NC head though AD replication. I.E. The machine that got say a value of
10 for bad hits for lockout would replicate to the machine that had a
value of say 5. Then the second would be changed back by policy and try
to replicate to the first and back and forth. 

What I am trying to say is instead of having one policy on one machine
and another on another machine, you would have no idea at any gi

Re: [ActiveDir] Hot Spare Site

2004-11-19 Thread Rick Boza 
Dan,

In all honesty, you don't build hot site capability for $25K.

Using a replication service across WAN links is incredibly expensive from a
bandwidth perspective.  I mean, realistically, you can't even buy a server
and 50 workstations to put in the remote site for that money (which you
stated you expect to need to do), let alone begin the process of replicating
data.

For the kind of money you are talking about, realistically you are looking
at a warm server or two in your remote location, and shipping backup tapes
there in a regular basis, depending on how willing to lose data your company
is - if all the data up to the backup is required, then you ship every day.
Buy all those folks that need to be able to be onsite laptops in the next
hardware refresh cycle they hit so they can bring their system with them to
plug in at the alternate site.

Immediate failover capabilities easily gets into the million dollar plus
range.  I've designed these solutions for clients in the past and have on
more than one occasion been asked to do so only to have others choke when we
start discussing what the costs would be.  The desired SLA is almost always
in direct opposition to the budget (some sort of theorem there, I think).

Rick


On 11/19/04 9:45 AM, "Dan DeStefano" <[EMAIL PROTECTED]> wrote:

> There is definitely a hirearchy of importance for users. The site would likely
> need to physically host like 50 or so workstations and all the remaining
> 100-200 users could probably work remotely via a terminal server farm or
> something to that effect.
> 
> Yes, I am thinking of the site being able to failover immediately or within
> 24-48 hours. Replication/geographically disperse clustering sounds like what
> we are looking for. I have been looking into Veritas Global Cluster Manager -
> is what you are referring to? Would Exchange be cluster-aware of this product
> or only for MS Cluster Service?
> 
> _
>  
> Daniel DeStefano
> PC Support Specialist
>  
> IAG Research
> 345 Park Avenue South, 12th Floor
> New York, NY 10010
> T. 212.871.5262
> F. 212.871.5300
>  
> www.iagr.net 
> Measuring Ad Effectiveness on Television
>  
> The information contained in this communication is confidential, may be
> privileged and is intended for the exclusive use of the above named
> addressee(s). If you are not the intended recipient(s), you are expressly
> prohibited from copying, distributing, disseminating, or in any other way
> using any of the information contained within this communication. If you have
> received this communication in error, please contact the sender by telephone
> 212.871.5262 or by response via e-mail.
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
> Sent: Thursday, November 18, 2004 4:03 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Hot Spare Site
> 
> 
> Additionally, what do you define as restoration of service?  Do you have to
> restore service and data to all users instantly or are some users more
> urgent than others?
> 
> File/print restoration of service indicates that you want to have the data
> available seamlessly.  That often looks like a replication and/or
> geographically disperse clustering solution.
> 
> Exchange is another animal altogether and requirements definition needs to
> be tight to easily solve that one.
> 
> al 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil
> Sent: Thursday, November 18, 2004 3:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [ActiveDir] Hot Spare Site
> 
> It completely depends on the budget that youwould(could) have for a project
> like this and the corporate definition of the services that would be
> required to a Hot Site DR situation. You mentioned Exchange and file sharing
> as the two most important so that answers one side, what do you/your company
> deem as cost-effective? Would 25k be the range, or is 250k or 2.5mil a
> reasonable number.
> 
> How immediate does the transfer from production site to DR site need to be?
> Does it need to be instant or is a lag of a few hours or even a day
> acceptable?
> 
> Phil
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
> Sent: Thursday, November 18, 2004 3:44 PM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Hot Spare Site
> 
> I have been given the task of coming up with some strategies for creating a
> physical hot spare site for our headquarters for disaster recovery. Not
> having done this before, I am not sure where to begin. The two major
> resources that need to be replicated are our file shares and our Exchange
> server. All other company data, web applications, Web sites, etc are at
> colocation sites.
> Does anyone have any suggestions on the best and most cost-effective
> way(s) to accomplish this? A good bulk of our users can perform their jobs
> remotely via ter

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Peter Johnson 
Title: Exchange 2003 - New mailboxes not created








Have you recently changed you DC config?
Something similar happened to me a little while ago. Check which DC your RUS is
configured to talk to. 

 

Cheers

Peter

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramsay, Steve
Sent: 19 November 2004 17:47
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

Sounds like Michael's
suggestion of checking RUS should be your next step.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: 19 November 2004 14:55
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created

Frederic, 

No, the mailboxes NEVER
show up.

 

Dan,

I sent an email to a
dummy account I created and it just gets bounced back with "The recipient name is not recognized"



Jared Manhat 
Systems
Administrator 
Accutest Laboratories 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus
the recent OWA rollup that was released.

 

So the mailboxes NEVER
show up? Or they are just delayed?

 

If they never show up -
I'd check out my RUS configuration.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I have an Exchange 2003 server
running on Windows Server 2k3. I just noticed Wednesday that if I create a
new user account in AD2k3 and give the user an Exchange mailbox, the mailbox
does not show up in the Exchange System Manager. Any ideas? I've never seen
this behavior before and I can find anything on the web relating to it.

I am not running Exchange 2k3 SP1, I didn't install the SP because I cant find a comprehensive list of what they've
changed.

Thanks for the help.

Jared Manhat

Systems Administrator

Accutest Laboratories









** 

This is a commercial communication from Commerzbank AG.


This communication is confidential and is intended only for the person to whom it is addressed.  If you are not that person you are not permitted to make use of the information and you are requested to notify  immediately that you have received it and then destroy the copy in your possession.


Commerzbank AG may monitor outgoing and incoming e-mails. By replying to this e-mail you consent to such monitoring. This e-mail message and any attached files have been scanned for the presence of computer viruses. However, you are advised that you open attachments at your own risk.


This email was sent either by Commerzbank AG, London Branch, or by Commerzbank Securities, a division of Commerzbank.  Commerzbank AG is a limited liability company incorporated in the Federal Republic of Germany.  Registered Company Number in England BR001025. Our registered address in  the UK is 23 Austin Friars, London, EC2P 2JD. We are regulated by the Financial Services Authority for the conduct of investment business in the UK and we appear on the FSA register under number 124920. 


**

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Frederic Allaert 
Title: Exchange 2003 - New mailboxes not created



New mailboxes don't show up in System Manager until the 
user has logged on to the mailbox,
or a mail has been sent to it. This is by 
design...
 
But it should have worked by sending off an e-mail to the 
SMTP-address of the mailbox.
Are u sure the Exchange had already picked your dummy 
user from AD?
 
Vriendelijke groeten / Best regards,   
Frederic Allaert 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jared 
ManhatSent: vrijdag 19 november 2004 15:55To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created


Frederic, 

No, the mailboxes NEVER 
show up.
 
Dan,
I sent an email to a 
dummy account I created and it just gets bounced back with “The recipient name is not 
recognized”

Jared 
Manhat Systems 
Administrator 
Accutest 
Laboratories 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Michael B. 
SmithSent: Friday, November 
19, 2004 9:36 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created
 
There isn't a 
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus 
the recent OWA rollup that was released.
 
So the mailboxes NEVER 
show up? Or they are just delayed?
 
If they never show up - 
I'd check out my RUS configuration.
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Jared ManhatSent: Friday, November 19, 2004 9:29 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
mailboxes not createdImportance: 
High
I 
have an Exchange 2003 server running on Windows Server 2k3. I just noticed 
Wednesday that if I create a new user 
account in AD2k3 and give the user an Exchange mailbox, the mailbox does not 
show up in the Exchange System Manager. Any ideas? I’ve never seen this behavior 
before and I can find anything on 
the web relating to it.
I 
am not running Exchange 2k3 SP1, I didn’t install the SP 
because I cant find a comprehensive list of 
what they’ve changed.
Thanks for the 
help.
Jared 
Manhat
Systems 
Administrator
Accutest 
Laboratories

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Ramsay, Steve 
Title: Exchange 2003 - New mailboxes not created



Sounds like Michael's suggestion of checking 
RUS should be your next step.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jared 
ManhatSent: 19 November 2004 14:55To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created


Frederic, 

No, the mailboxes NEVER 
show up.
 
Dan,
I sent an email to a 
dummy account I created and it just gets bounced back with "The recipient name is not 
recognized"

Jared 
Manhat Systems 
Administrator 
Accutest 
Laboratories 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Michael B. 
SmithSent: Friday, November 
19, 2004 9:36 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Exchange 2003 - 
New mailboxes not created
 
There isn't a 
comprehensive list of sp1 fixes - but I recommend strongly you install it, plus 
the recent OWA rollup that was released.
 
So the mailboxes NEVER 
show up? Or they are just delayed?
 
If they never show up - 
I'd check out my RUS configuration.
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Jared ManhatSent: Friday, November 19, 2004 9:29 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
mailboxes not createdImportance: 
High
I 
have an Exchange 2003 server running on Windows Server 2k3. I just noticed 
Wednesday that if I create a new user 
account in AD2k3 and give the user an Exchange mailbox, the mailbox does not 
show up in the Exchange System Manager. Any ideas? I've never seen this behavior 
before and I can find anything on 
the web relating to it.
I 
am not running Exchange 2k3 SP1, I didn't install the SP 
because I cant find a comprehensive list of 
what they've changed.
Thanks for the 
help.
Jared 
Manhat
Systems 
Administrator
Accutest 
Laboratories



** 

This is a commercial communication from Commerzbank AG.


This communication is confidential and is intended only for the person to whom it is addressed.  If you are not that person you are not permitted to make use of the information and you are requested to notify  immediately that you have received it and then destroy the copy in your possession.


Commerzbank AG may monitor outgoing and incoming e-mails. By replying to this e-mail you consent to such monitoring. This e-mail message and any attached files have been scanned for the presence of computer viruses. However, you are advised that you open attachments at your own risk.


This email was sent either by Commerzbank AG, London Branch, or by Commerzbank Securities, a division of Commerzbank.  Commerzbank AG is a limited liability company incorporated in the Federal Republic of Germany.  Registered Company Number in England BR001025. Our registered address in  the UK is 23 Austin Friars, London, EC2P 2JD. We are regulated by the Financial Services Authority for the conduct of investment business in the UK and we appear on the FSA register under number 124920. 


**

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Jared Manhat 
Title: Exchange 2003 - New mailboxes not created








Frederic, 

No, the mailboxes NEVER show up.

 

Dan,

I sent an email to a dummy account I created
and it just gets bounced back with “The
recipient name is not recognized”



Jared
 Manhat 
Systems Administrator 
Accutest Laboratories 













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Friday, November 19, 2004
9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange
2003 - New mailboxes not created



 

There isn't a comprehensive list of sp1
fixes - but I recommend strongly you install it, plus the recent OWA rollup
that was released.

 

So the mailboxes NEVER show up? Or they
are just delayed?

 

If they never show up - I'd check out my
RUS configuration.

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared
 Manhat
Sent: Friday, November 19, 2004
9:29 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Exchange 2003
- New mailboxes not created
Importance: High

I
have an Exchange 2003 server running on Windows Server 2k3. I just noticed
Wednesday that if I create a new user account in AD2k3
and give the user an Exchange mailbox, the mailbox does not show up in the
Exchange System Manager. Any ideas? I’ve never seen this behavior before
and I can find anything on the web
relating to it.

I
am not running Exchange 2k3 SP1, I didn’t
install the SP because I cant find a comprehensive list of
what they’ve changed.

Thanks
for the help.

Jared Manhat

Systems Administrator

Accutest
Laboratories

[ActiveDir] OT: Why no AD integrated DNS secondary zones?

2004-11-19 Thread Ken Cornetet 
OK, integrated stub zones are cool, but I'm curious - why did MS stop
there? Why no integrated secondaries?
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Dan DeStefano 
There is definitely a hirearchy of importance for users. The site would likely 
need to physically host like 50 or so workstations and all the remaining 
100-200 users could probably work remotely via a terminal server farm or 
something to that effect.

Yes, I am thinking of the site being able to failover immediately or within 
24-48 hours. Replication/geographically disperse clustering sounds like what we 
are looking for. I have been looking into Veritas Global Cluster Manager - is 
what you are referring to? Would Exchange be cluster-aware of this product or 
only for MS Cluster Service?

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net  
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be 
privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any of the information contained within this communication. If you have 
received this communication in error, please contact the sender by telephone 
212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al
Sent: Thursday, November 18, 2004 4:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site


Additionally, what do you define as restoration of service?  Do you have to
restore service and data to all users instantly or are some users more
urgent than others?  

File/print restoration of service indicates that you want to have the data
available seamlessly.  That often looks like a replication and/or
geographically disperse clustering solution.  

Exchange is another animal altogether and requirements definition needs to
be tight to easily solve that one. 

al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil
Sent: Thursday, November 18, 2004 3:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site

It completely depends on the budget that youwould(could) have for a project
like this and the corporate definition of the services that would be
required to a Hot Site DR situation. You mentioned Exchange and file sharing
as the two most important so that answers one side, what do you/your company
deem as cost-effective? Would 25k be the range, or is 250k or 2.5mil a
reasonable number.

How immediate does the transfer from production site to DR site need to be?
Does it need to be instant or is a lag of a few hours or even a day
acceptable?

Phil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Thursday, November 18, 2004 3:44 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Hot Spare Site

I have been given the task of coming up with some strategies for creating a
physical hot spare site for our headquarters for disaster recovery. Not
having done this before, I am not sure where to begin. The two major
resources that need to be replicated are our file shares and our Exchange
server. All other company data, web applications, Web sites, etc are at
colocation sites.
Does anyone have any suggestions on the best and most cost-effective
way(s) to accomplish this? A good bulk of our users can perform their jobs
remotely via terminal services temporarily if need be. Could a terminal
server farm work effectively using primarily what's built into windows
(terminal services and load balancing), or would Citrix be the only
solution.
 
I would greatly appreciate any help.
 
_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net 
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be
privileged and is intended for the exclusive use of the above named
addressee(s). If you are not the intended recipient(s), you are expressly
prohibited from copying, distributing, disseminating, or in any other way
using any of the information contained within this communication. If you
have received this communication in error, please contact the sender by
telephone 212.871.5262 or by response via e-mail.
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Michael B. Smith 
Title: Exchange 2003 - New mailboxes not created



There isn't a comprehensive list of sp1 fixes - but I 
recommend strongly you install it, plus the recent OWA rollup that was 
released.
 
So the mailboxes NEVER show up? Or they are just 
delayed?
 
If they never show up - I'd check out my RUS 
configuration.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jared 
ManhatSent: Friday, November 19, 2004 9:29 AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
mailboxes not createdImportance: High

I have an Exchange 2003 
server running on Windows Server 2k3. I just noticed Wednesday that 
if I create a new user account in AD2k3 and give the user an Exchange mailbox, 
the mailbox does not show up in the Exchange System Manager. Any ideas? 
I’ve never seen this behavior before and I can find anything on 
the web relating to it.
I am not running Exchange 
2k3 SP1, I didn’t install the SP because I cant find a 
comprehensive list of what they’ve changed.
Thanks for the 
help.
Jared Manhat
Systems 
Administrator
Accutest 
Laboratories

RE: [ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Frederic Allaert 
Title: Exchange 2003 - New mailboxes not created



Not really a fix for your problem, but 
you send an e-mail to the mailbox by manually 

entering the SMTP 
address, then Exchange will create the mailbox for 
you... 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Jared 
ManhatSent: vrijdag 19 november 2004 15:29To: 
[EMAIL PROTECTED]Subject: [ActiveDir] Exchange 2003 - New 
mailboxes not createdImportance: High

I have an Exchange 2003 
server running on Windows Server 2k3. I just noticed Wednesday that 
if I create a new user account in AD2k3 and give the user an Exchange mailbox, 
the mailbox does not show up in the Exchange System Manager. Any ideas? 
I’ve never seen this behavior before and I can find anything on 
the web relating to it.
I am not running Exchange 
2k3 SP1, I didn’t install the SP because I cant find a 
comprehensive list of what they’ve changed.
Thanks for the 
help.
Jared Manhat
Systems 
Administrator
Accutest 
Laboratories

RE: [ActiveDir] Hot Spare Site

2004-11-19 Thread Dan DeStefano 
I haven't actually been given a budget, just told to come up with solutions. 
However, the budget would probably be more on the $25k end of the scale than 
the $2.5m. I have also not been given a time frame for the project, but I would 
imagine it would be for 1st-2nd quarter of next year.

_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net  
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be 
privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any of the information contained within this communication. If you have 
received this communication in error, please contact the sender by telephone 
212.871.5262 or by response via e-mail.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Renouf, Phil
Sent: Thursday, November 18, 2004 3:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hot Spare Site


It completely depends on the budget that youwould(could) have for a
project like this and the corporate definition of the services that
would be required to a Hot Site DR situation. You mentioned Exchange and
file sharing as the two most important so that answers one side, what do
you/your company deem as cost-effective? Would 25k be the range, or is
250k or 2.5mil a reasonable number.

How immediate does the transfer from production site to DR site need to
be? Does it need to be instant or is a lag of a few hours or even a day
acceptable?

Phil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Thursday, November 18, 2004 3:44 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Hot Spare Site

I have been given the task of coming up with some strategies for
creating a physical hot spare site for our headquarters for disaster
recovery. Not having done this before, I am not sure where to begin. The
two major resources that need to be replicated are our file shares and
our Exchange server. All other company data, web applications, Web
sites, etc are at colocation sites.
Does anyone have any suggestions on the best and most cost-effective
way(s) to accomplish this? A good bulk of our users can perform their
jobs remotely via terminal services temporarily if need be. Could a
terminal server farm work effectively using primarily what's built into
windows (terminal services and load balancing), or would Citrix be the
only solution.
 
I would greatly appreciate any help.
 
_
 
Daniel DeStefano
PC Support Specialist
 
IAG Research
345 Park Avenue South, 12th Floor
New York, NY 10010
T. 212.871.5262
F. 212.871.5300
 
www.iagr.net 
Measuring Ad Effectiveness on Television
 
The information contained in this communication is confidential, may be
privileged and is intended for the exclusive use of the above named
addressee(s). If you are not the intended recipient(s), you are
expressly prohibited from copying, distributing, disseminating, or in
any other way using any of the information contained within this
communication. If you have received this communication in error, please
contact the sender by telephone 212.871.5262 or by response via e-mail.
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Exchange 2003 - New mailboxes not created

2004-11-19 Thread Jared Manhat 
Title: Exchange 2003 - New mailboxes not created






I have an Exchange 2003 server running on Windows Server 2k3. I just noticed Wednesday that if I create a new user account in AD2k3 and give the user an Exchange mailbox, the mailbox does not show up in the Exchange System Manager. Any ideas? I’ve never seen this behavior before and I can find anything on the web relating to it.

I am not running Exchange 2k3 SP1, I didn’t install the SP because I cant find a comprehensive list of what they’ve changed.

Thanks for the help.

Jared Manhat

Systems Administrator

Accutest Laboratories

Re: [ActiveDir] AD and Exchange 5.5?

2004-11-19 Thread Rick Boza 
Joe, as usual, is right on.

This is most likely an ADC issue, as someone else pointed toward earlier.
And you don't necessarily HAVE to have an ADC in place for Ex5.5 to function
with your domain.

Having said that, in ADUC if you see Exchange attributes and you have the
ability to right-click a user and see an option for 'Exchange Tasks' then at
the very least SOME work has been done to AD to make it Exchange aware - the
schema was extended at the least (well, almost definitely).

If this is the case, it's most likely the ADC (could be the RUS as well, but
most likely ADC).  That's where I would start, anyhow.

With more detailed information about the configuration, as well as exactly
what steps you are taking to try and do what you want to do, including what
you expect and what you actually get, would help.


On 11/19/04 1:25 AM, "joe" <[EMAIL PROTECTED]> wrote:

> I have read this a couple of times and I very possibly am going to show my
> Exchange knowledge to be very weak around 5.5 which I do not doubt at all
> but
> 
> Doing something in 5.5 shouldn't do ANYTHING in AD unless you have E2K/E2K3
> up with it and using the ADC/SRS to move data back and forth between the 5.5
> GAL and AD should it?
> 
> Or to put it another way, what were you expecting it to do?
> 
>   joe
> 
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of vex
> Sent: Wednesday, November 17, 2004 6:38 PM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] AD and Exchange 5.5?
> 
> Greetings,
>   I'm currently having an issue with my Exchange Server (5.5SP4) running on
> Win2kSP4.
>  
> I can create new user accounts just fine but when I attempt to create their
> mailbox, the Exchange information isn't being applied to the AD. Any ideas?
> Heck, I don't even know where to start, I've never had this problem
> before...
>  
>  
>  
>  
>   --Brett
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ: http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] migration of domains

2004-11-19 Thread Peter Johnson 








Migrating complete servers such as SQL/Exchange
is not the easiest thing in the world. What do you wish to gain out of the exercise
i.e. is it worth the effort/cost/time etc

 

Regards

Peter Johnson

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calders Stijn
Sent: 19 November 2004 13:48
To: [EMAIL PROTECTED]
Subject: [ActiveDir] migration of
domains



 

Dear AD specialists,

 

 

At our university, we
have three domains in the same forest: KDG.BE (forest root domain with only two
domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like
SQL server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child
of KDG.BE with a few servers (SQL server, file server, … )). We want to
migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions:

1)  
Is this possible? (And doesn’t
it cost too much effort?)

2)  
Is there a reason why this
isn’t a good idea?

3)  
And what’s the best way to do
this? How can we be sure everything is migrated right?

 

 

Many thanks in advance,

 

Stijn.

Re: [ActiveDir] migration of domains

2004-11-19 Thread Robbie Foust 
I believe you can use the Active Directory Migration Tool (ADMT) to do 
domain consolidations. A search on Microsoft's website for ADMT should 
bring up many references to it. It is a free program.

- Robbie
Calders Stijn wrote:
Dear AD specialists,
At our university, we have three domains in the same forest: KDG.BE 
(forest root domain with only two domain controllers), ADMIN.KDG.BE 
(child of KDG.BE with a lot of servers (like SQL server, Exchange 
server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a 
few servers (SQL server, file server, … )). We want to migrate 
everything from ADMIN.KDG.BE to KDG.BE. Three questions:

1) Is this possible? (And doesn’t it cost too much effort?)
2) Is there a reason why this isn’t a good idea?
3) And what’s the best way to do this? How can we be sure everything 
is migrated right?

Many thanks in advance,
Stijn.
--
Robbie Foust, IT Analyst
OIT/CASI - Administrative Information Support
Duke University
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Getting print info from event log

2004-11-19 Thread Steve Rochford 
Use a script to interrogate the log using WMI - this is part of the
script I use to dump the data to a SQL database; this just prints it on
screen. 

Steve

sStart="2004111810.00+060"
sEnd=  "2004111811.00+060"
sServer="tconwl6"

sSQL="SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'system' and
eventcode=10 and timegenerated>='" & sStart & "' and timeGenerated <'" &
sEnd & "'"
Set wbemobjectset = GetObject("winmgmts:\\" & sServer).ExecQuery(sSQL)
For Each wbemObject In wbemObjectSet
sDetails=wbemObject.Message
  iOwnPos=instr(sDetails,"owned by")
  sDoc=left(sDetails,iOwnPos-1)
  iSpacePos=instr(iOwnPos+10,sDetails," ")
  sUser=mid(sDetails,iOwnPos+9,iSpacePos-(iOwnPos+9))
  iPrintedOnPos=instr(sDetails,"printed on")+11
  iViaPos=instr(iPrintedOnPos,sDetails,"via port")-1
  sPrinterName=mid(sDetails,iPrintedOnPos,iViaPos-iPrintedOnPos)
  iPagesPos=instr(sDetails,"pages printed")+15
  iPages=mid(sDetails,iPagesPos)
  wscript.echo sUser, sDoc, iPages
Next
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: 15 October 2004 22:56
To: ActiveDir
Subject: [ActiveDir] Getting print info from event log

Does anyone have or know anyway to pull print info out of the System
event logs so that it can be easily reviewed Example I need to know who,
how many pages now I can go thru each event and record this info by hand
but it seems rather tedious and that there should be an easier way to
gather this info.

Any help is appreciated,

Thanks,
Aaron Visser

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] migration of domains

2004-11-19 Thread Calders Stijn 








Dear AD specialists,

 

 

At our university, we have three domains in the same forest:
KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE
(child of KDG.BE with a lot of servers (like SQL server, Exchange server,
Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a few servers
(SQL server, file server, … )). We want to migrate everything from
ADMIN.KDG.BE to KDG.BE. Three questions:



1)   Is this
possible? (And doesn’t it cost too much effort?)

2)   Is there a
reason why this isn’t a good idea?

3)   And what’s
the best way to do this? How can we be sure everything is migrated right?

 

 

Many thanks in advance,

 

Stijn.