RE: [ActiveDir][OT] FYI: MS-KBQ909360 - Potential file corruption on NTFS volumes

2005-11-08 Thread Tony Murray 
Very true.  I kind of miss Cthulhu's words of wisdom.  

As someone who likes and respects both Rick and Ed (and as list owner), it
falls upon me to put this thread to bed.

And now back to the technical discussion

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Tuesday, 8 November 2005 4:21 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] FYI: MS-KBQ909360 - Potential file corruption
on NTFS volumes

Exchange is cruel.  (TM - Cthulhu)

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, November 07, 2005 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] FYI: MS-KBQ909360 - Potential file corruption
on NTFS volumes

Huh? How did I get pulled into this? I seem to have a bad reputation around
here. Here I thought everyone loved my posts. I certainly enjoy them and
that has to mean something.

BTW, I don't spit or pull hair but I do kick.  Judo Chop! Judo Chop!!!

As for Ed, well he's just Ed you know? He sort of grows on you after a bit,
sort of like you Rick. A few shots of antibiotics and some extra sunlight
and maybe a bit of clorine bleach and it is all cleared up.

Think about it though, he has been doing Exchange a long time. Who wouldn't
be in a pissy mood? 


I'm here all week, tip your waitress.


 :o)


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, November 07, 2005 6:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption on
NTFS volumes

Taking offline...  I only berate joe in public...  (he fights nasty, too.
Spits, eye gouges, hair pulling and all...)

Forgot about that when I replied earlier.  

Rick 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Monday, November 07, 2005 5:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption on
NTFS volumes

Rick -

I was replying to your assertion:

"Miss one or two backups and that volume that holds your log files might
experience this issue with no fault of the admin at all."

An admin may not be at fault because a backup doesn't occur, with that I
agree.  However, an admin not knowing that the scheduled backups did not
occur and not monitoring that the log volume sufficiently to know that it is
running out of space is very much at fault.  I didn't say anything about
beating; that would solely be at your discretion.

As to my George Carlin remark, it was intended to be sarcasticly humorous; I
apologize if it missed the mark in your perception, and to anyone else on
this list who might have been offended by it.

I'm an eight-or-nine-year Exchange MVP, and a senior technology consultant
for a large multinational technology corporation.  I joined this list
because a fellow Exchange MVP recommended it as being THE place to discuss
Active Directory.  Nice to meet you.  Who are you?

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, November 07, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption on
NTFS volumes

Ed - 

With all due respect, both posts that you've made in response to this thread
have been negative (George Carlin hasn't written anything original...  Blah,
blah...) and the fact that I mention that I should beat my admin because of
missing a backup.  How I choose to treat my employees is my business.

I'm not sure why I'm even bothering to defend myself to you.

Please.  If you have nothing of value to add - don't respond.  If you want
to be a valued member of the list - try being nice.

Or, if it's just me you don't like - filter me out of your list.

I really don't appreciate the off-handed, single thought retorts.

Who ARE you, anyway?

Rick
--
Posting is provided "AS IS", and confers no rights or warranties ...
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Sunday, November 06, 2005 11:28 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Potential file corruption on
NTFS volumes

The admin is not at fault because he wasn't aware that the backup didn't
complete?  You're an awfully forgiving boss.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, November 06, 2005 7:04 AM
To: ActiveDir@mail.activedir.org
Su

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Steve Rochford 
> I like SCSI and IDE not only for their proven track record 
> [server and desktop respectively] but because the dang cables 
> don't get knocked off each time I reach into the case.  Those 
> cable connections on the back of the SATA drives are a little 
> worrying.  I've accidentally bumped the connection off my 
> workstation at home twice while adding the Happauge card and what not.

I can understand that with a home machine you're going to be taking the
top off at regular intervals to play with it (err; upgrade hardware etc)
but why on earth would you ever open a server unless it has a fault? We
have servers that go their entire life without being opened up. Is there
some major bit of server management that I'm missing by not taking it
apart on a regular basis??

Steve
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Incorporating external users.......

2005-11-08 Thread Smith, Brad 
Hello List,

I have a situation I would be interested in getting feedback from you all
on.  Our setup is Single Forest, Single domain, all W2K or later, DFL is W2K
Native.  We have a user population of around 14k and this domain is THE
central AD service for the entire company.  I am working with some
colleagues on projects that are going to see a large number of users (around
7k) external to the company require AD type authentication (mainly for
things like Share point and web based stuff).  My preferred proposal is to
create a second single forest single domain structure, place the services
and external user accounts in it, and have our core domain be trusted by the
external user domain so that internal users can access the service they need
to.  This will take time to document and procure hardware for, etc,  so the
business want justification as to why we shouldn't just add them to a
dedicated OU.  The reasons I am using thus far as follows:

1) I want to stipulate a more stringent password policy for external users
2) I want to prevent external users being members of the Authenticated Users
group for our core domain
3) I want a clear line of demarcation between services/data used for
external access and those provided for internal users

What other issues/considerations have list reader come across when
incorporating large amounts of external users?

TIA,

Brad




This email and any attached files are confidential and copyright protected. If 
you are not the addressee, any dissemination of this communication is strictly 
prohibited. Unless otherwise expressly agreed in writing, nothing stated in 
this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Rob MOIR 
> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Steve Rochford
> Sent: 08 November 2005 08:49
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Hardware Suggestions
> I can understand that with a home machine you're going to be 
> taking the top off at regular intervals to play with it (err; 
> upgrade hardware etc) but why on earth would you ever open a 
> server unless it has a fault? We have servers that go their 
> entire life without being opened up. Is there some major bit 
> of server management that I'm missing by not taking it apart 
> on a regular basis??

You mean you don't open your servers up to hoover up the binary code
when it falls off the disk platters?
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Tomasz Onyszko 

Smith, Brad wrote:
(...)



What other issues/considerations have list reader come across when
incorporating large amounts of external users?


If You are building this solution from the scratch or You can do some 
development on Your web app I will strongly encourae You to take a ook 
at ADFS services which will be shipped with Windows 2003 R2 in this year.


Some food for reading:
http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723998c5/ADFS_Overview.doc
http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428-9bbd-a103b9f27654&DisplayLang=en

--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Smith, Brad 
Thanks, I will certainly look into that . I neglected to mention that I need
to have a solution ready for pilot within Dec/Jan time frame.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: 08 November 2005 10:06
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Incorporating external users...

Smith, Brad wrote:
(...)

> 
> What other issues/considerations have list reader come across when 
> incorporating large amounts of external users?

If You are building this solution from the scratch or You can do some
development on Your web app I will strongly encourae You to take a ook at
ADFS services which will be shipped with Windows 2003 R2 in this year.

Some food for reading:
http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723
998c5/ADFS_Overview.doc
http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428-
9bbd-a103b9f27654&DisplayLang=en

--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)


This email and any attached files are confidential and copyright protected. If 
you are not the addressee, any dissemination of this communication is strictly 
prohibited. Unless otherwise expressly agreed in writing, nothing stated in 
this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Tomasz Onyszko 

Smith, Brad wrote:

Thanks, I will certainly look into that . I neglected to mention that I need
to have a solution ready for pilot within Dec/Jan time frame.


You can test Your solution with Windows 2003 R2 RC now - it is working 
with Windows SharePoint Services from R2 server and with .NET 
application if You make them claim-aware. I don't remember time frame 
for R2 but it should be available at the end of this year so I think 
that if You find ADFS suitable for Your needs and You can start working 
with RC version You will be ready on this date.




--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Smith, Brad 
Our domain level is at W2K Native, and isn't to be upgraded until the DCs
are migrated to W2K3 around March next year. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: 08 November 2005 10:25
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Incorporating external users...

Smith, Brad wrote:
> Thanks, I will certainly look into that . I neglected to mention that 
> I need to have a solution ready for pilot within Dec/Jan time frame.

You can test Your solution with Windows 2003 R2 RC now - it is working with
Windows SharePoint Services from R2 server and with .NET application if You
make them claim-aware. I don't remember time frame for R2 but it should be
available at the end of this year so I think that if You find ADFS suitable
for Your needs and You can start working with RC version You will be ready
on this date.



--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


This message has been scanned for viruses by MailControl - (see
http://bluepages.wsatkins.co.uk/?4318150)


This email and any attached files are confidential and copyright protected. If 
you are not the addressee, any dissemination of this communication is strictly 
prohibited. Unless otherwise expressly agreed in writing, nothing stated in 
this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Legato Replistor

2005-11-08 Thread Jensz, Travis 
We've recently used RepliStor for our 2000 to 2003 migration, and now we're
using it to maintain a hot spare at some of our larger sites.  Generally
speaking it's pretty good, and when everything's running well it transmits
data surprisingly quick - I haven't bothered yet trying to prove whether or
not it actually does replicate data on something more granular than a per
file basis, but it's pretty quick.  The main problem we had with it came
down to a conflict with the AV software on the target machine.  Since we're
only replicating one-way (and RepliStor is locking the target data for us)
we simply disabled AV on the target and we'll just enable it again if we
ever lose the live server.  However, it sounds like you plan to replicate
data around in a multi-master scenario, so disabling AV isn't really an
option... not sure how you'd get around it... maybe their support guys will
be able to help you out.  Also, all of our replication so far has been over
LAN connections, so our experience with the software has very much been a
best case scenario.  We'll be tackling WAN replication some time soon.

I'm sure the following applies to most data replication software, not just
RepliStor, but here are a few things which caused us pain:

- antivirus!!
- switches with QoS enabled
- files which had the offline attribute set
- buffer area filling up
 
As for DFSR, I wouldn't dream of using it the day it hits the shelf.  Give
it at least six months for the initial problems to ironed out first...
remember the pain of early Windows 2000 DFS?
 
Travis 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: 07 November 2005 21:33
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Legato Replistor

I've been doing various tests myself and while I wouldn't say a DFSR is a
quantum leap from Double-Take, I'd certainly agree that it is when compared
to FRS. Maybe even two leaps...  Certainly something that I consider one of
the main benefits of R2.

But besides all the talk on the file replication improvements, you should
also not loose focus on the various benefits of the updated core DFS itself.

Here are my favorite changes of DFS/DFSR (other than dramatically improving
repl. performance and efficiency):

· new object type "Folders" to create Link-Hierarchy within the same DFS
root
· powerful options to configure Target priority (handling of link target
referrals) outside of client's site (links within client's site will always
be listed first in referral list)
○ Random Order
○ Lowest Cost
○ Exclude Targets outside client's site
○ special Failback option: Client's can be configured to fail back
to preferred target (requires special hotfix - only available for XP SP2)
○ availability of options depend on special OS and AD additions
(e.g. although mixing OS versions is possible, if domain controllers or root
servers are running Windows Server 2003 without the release candidate
version of SP1, they cannot provide referrals that support target priority
or client failback)

· Replication possible with standalone DFS root (not only domain based), but
clients must be member of an AD domain
· Replication allows to specify bandwidth to be used
· differentiates between Replication Group and Content Set
○ Replication Group:
* set of servers/members that participate in replication of
content sets
○ Content Set:
* folder that's kept syncronized on each member
* does not need to be a shared folder 
(can be normal local folder on a member server - good for collection Logs
etc.)
* does not need to be part of a DFS namespace 

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Sonntag, 6. November 2005 09:39
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Legato Replistor

It will actually transmit something like 10K - because of the tight
compression. Or, to put it another way - in the 25Mb file scenario, the new
file will get to the other side using DFRS on 2 sites connected by dialup
before it gets to the other side using FRS on 2 sites connected by T1.
 
There are various "this-can't-be-true" unbelievable replication magics going
on here. I used to use Double-Take (from NSI) and used to think they were
doing black magic because of their compression and diff replication. DFSR
appears to be a quantum leap from that. I just had the pleasure of running
through some test this week, following a 35meg .wmv file I downloaded from
the DFSR Beta site. It's trully eye-popping.
 
Let him join the beta - or download it and play with it. I don't think
describing it will do justice to its capabilities.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now

RE: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread Carr, Jonathan \(OFT\) 



I don't know about you but rebuilding DC's is not fun 
stuff.   Especially if it has 275 replication links to it from remote 
DC's..   believe me spend the money on the fault 
tolerance..


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Monday, November 07, 2005 10:09 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

How about just not partitioning the whole disk of the 
larger disks? Note I didn't come up with that idea, that came from a young 
whippersnapper I know out of Redmond whom I was discussing the fastest AD disk 
configs with a few weeks ago. I haven't tried it but it makes sense to me. Just 
allocate maybe 10-12GB of each of the 36GB drives across an array or 
so.
 
Course you could always say screw the fault tolerant RAIDs, 
this isn't Exchange, and run commando with a stripe set. If you have enough 
extra DC capacity in the site you could have them all running really fast and 
then when one blows it just goes away. Most applications that are written 
properly for AD handle that just fine except apps that hard sync to a single DC. 

 
If I have 7-8 disks, I wouldn't hesitate to put them in a 
single RAID-10/0+1 type config. OS and Logs are snoring on most DCs. All of the 
action is around the DIT unless you get that baby into memory which was the 
first I think 20 responses I got from the whippersnapper. Use 64 bit. I know 
but... use 64 bit... I know but use 64 bit I know but are you still 
here, use 64 bit
 
 
  joe


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Monday, November 07, 2005 6:54 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT



We have allot of users coming back to our central site and 
we use the following config.
 
 
adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS
 
adapter #3 ===>  raid 5 (3 disk)   with 
global hot spare AD Data
 
 
the key to this using this is that all the equipment (SCSI 
disk,SCSI controller) is Ultra 320 spec with low latency and low seek 
times  (15 K rpm usually).   The other thing that has been 
noticed is that use as small a disk as you can get.  (8 GB)   
Some of the manufacturers are saying they only can supply 36GB drives on new 
equipment.   These drive are ok but the seek time goes up because of 
the size of the drive
 
 
 
this config works good also
 

adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS   and  raid 5 (3 disk)   with global hot 
spare (total of 6 on this channel)
 
 
 
hope this 
helps
 
 
 
 
 





This e-mail, including 
any attachments, may be confidential, privileged or otherwise legally protected. 
It is intended only for the addressee. If you received this e-mail in error or 
from someone who was not authorized to send it to you, do not disseminate, copy 
or otherwise use this e-mail or its attachments.  Please notify the sender 
immediately by reply e-mail and delete the e-mail from your system. 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Sunday, November 06, 2005 11:12 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Raid suggestions for DC maybe OT

LOL. I actually pinged Rick on the "official" guidelines 
previously for an Enterprise class DC with 4 disks, he was actually one of 4 
people I queried since I hadn't seen what I considered good official docs on it. 
Rick quoted the K3 Deployment guide which is definitely a good start. It 
indicates
 
RAID 1 - OS
RAID 1 - Logs
RAID 1 or 0+1 - SYSVOL/DIT
 
If you have less than 1000 users using the DC it says you 
can use one single RAID-1 for the whole thing. Though you have the same issue 
here as you have for anything, how are the 1000 users using it and what else is 
using it? Exchange? If so, I doubt I would do a single RAID-1 unless it was very 
few users. 
 
Otherwise you are looking at a minimum of 6 disks for all 
RAID-1s or 8 disks if 0+1 and RAID-1. 
 
When you actually look at it, the OS and the logs are using 
little IOPS on a dedicated DC and splitting them off onto their own "disk" is 
probably unneccessary. The DIT assuming it isn't all cached and is being heavily 
hit (like say by Exchange) is raping the disk subsystem. When you have an app 
that wants lots of IOPS what do you? You increase the number of spindles... So 
for throughput, the fastest four disk configuration is going to 
be a RAID-5 or a 0+1 or 10. In tests I did several years ago with one 
hardware vendor RAID-10 and 5 were very close (within a few IOPS) with 
RAID-5 eeking out the lead. They both blew RAID-1 away. In more recent tests I 
heard of from someone using another hardware vendor, RAID 0+1 eeked out over 
RAID-5 by a few IOPS and again blew RAID-1 out of the water. Obviously the 
tests were different so I recommend folks do their own testing with their own 
hardware. The f

[ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread Sudhir Kaushal 

Hi,

I need to move my DHCP Server ( 2003
) to another machine ( 2003 ).  I did the configuration export by
giving the netsh dhcp server export command and am able to import the DHCP
configuration on the Target Server.  The concern is that Is this process
completes the whole move. What about the DHCP Database ? how to move it
or is there any tested process to  move the configuration and db to
another server.?  

Thanks in Advance. 

Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91
120 2582323 Ext. 2649
Denmark - + 45
70100024 Ext. 2649
 
“You never win Silver, You
lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread McNicholas, Joe 



Have a look for DHCPEXIM.exe


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: 08 November 2005 12:31To: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
to another machine 
Hi, I need to move my DHCP Server ( 2003 ) to another machine 
( 2003 ).  I did the configuration export by giving the netsh dhcp server 
export command and am able to import the DHCP configuration on the Target 
Server.  The concern is that Is this process completes the whole move. What 
about the DHCP Database ? how to move it or is there any tested process to 
 move the configuration and db to another server.?   
Thanks in Advance. Regards, Sudhir 
Kaushal Systems Engineer 
(GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 
Denmark - + 45 70100024 
Ext. 2649   
“You never win Silver, You lose 
Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread CHIANESE, DAVID 



http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp
 
Try the above link.  We just migrated 2 DHCP servers 
with this micosoft utility.
 
 
Regards,
 
Dave Chianese


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: Tuesday, November 08, 2005 7:31 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
to another machine 
Hi, I need to move my DHCP Server ( 2003 ) to another machine 
( 2003 ).  I did the configuration export by giving the netsh dhcp server 
export command and am able to import the DHCP configuration on the Target 
Server.  The concern is that Is this process completes the whole move. What 
about the DHCP Database ? how to move it or is there any tested process to 
 move the configuration and db to another server.?   
Thanks in Advance. Regards, Sudhir 
Kaushal Systems Engineer 
(GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 
Denmark - + 45 70100024 
Ext. 2649   
“You never win Silver, You lose 
Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread ASB 
~
I don't have a problem with SATA (an upgrade from PATA) if used as designed.
It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended for
desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.   
It's not too long ago that Windows and Intel processors were
considered "not designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> That's a desktop user? The apple desktop?
>
> I don't have a problem with SATA (an upgrade from PATA) if used as designed.
> It's designed for desktop storage.  Not that it can't be adjusted to
> server/enterprise, but it's price point and architecture are intended for
> desktops (i.e. cheap but not as reliable as a shared resource).
>
> Used appropriately, I'm quite happy with it.  But it's intended to be cheap
> and replaceable.
>
> Cheap, fast, reliable - pick two (or something like that ;)
>
> That shouldn't last if history is any indication, but for now I'll try not
> to build too many centrally required applications on that technology unless
> I can put a lot of abstraction in front of it (large pools that aren't
> bothered by the loss of several components at a time.)
>
>
>
>
>
>
>
> >From: "Rob MOIR" <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ,
> >Subject: RE: [ActiveDir] Hardware Suggestions
> >Date: Mon, 7 Nov 2005 18:36:10 -
> >
> >I've deployed SATA for storage of large files in Apple XRaid units in a
> >Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still just as
> >happy ;-) but it was the only way to give the user what they wanted inside
> >the budget we had.
> >
> >One advantage of the XRaid is that it's fitted out from the get go to use
> >SATA disks and the only reason you'd ever have to do anything to it is to
> >replace a drive that you already know has gone bad.
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> >Sent: Mon 07/11/2005 17:34
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >
> >
> >SATA == Desktop drives.
> >
> >They weren't originally concepted to be enterprise class storage.  I see
> >them as being back-engineered to be used this way, but most of what I've
> >seen has been to deploy them as a JBOD in situations where you can absorb
> >the continuous loss of hardware and not impact performance and
> >availability.
> >   Typically in pools of disk and hsm solutions (what is it that hsm is
> >called now? ILM? :)
> >
> >If you plan to deploy DAS solutions (internal or external), SATA is not
> >likely the way to go right now.  You may want to wait a bit longer if the
> >data is important.
> >
> >
> >For large pools of inexpensive disks, SATA might be worthwhile to
> >investigate if you have a large loading bay, a good support agreement, and
> >close access to the highway.
> >
> >-ajm
> >
> >
> >
> > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > ><[EMAIL PROTECTED]>
> > >Reply-To: ActiveDir@mail.activedir.org
> > >To: ActiveDir@mail.activedir.org
> > >Subject: Re: [ActiveDir] Hardware Suggestions
> > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > >
> > >
> > >
> > >I personally have SATA experience in the tower/desktop world but none in
> > >the rack units.  Are the physical connections any stronger in the rack
> > >world?
> > >
> > >I like SCSI and IDE not only for their proven track record [server and
> > >desktop respectively] but because the dang cables don't get knocked off
> > >each time I reach into the case.  Those cable connections on the back of
> > >the SATA drives are a little worrying.  I've accidentally bumped the
> > >connection off my workstation at home twice while adding the Happauge
> >card
> > >and what not.
> > >
> > >In SBSland early on we had issues with them getting loaded up, if they
> >are
> > >underpowered, we're seeing a bit of bottlenecks, and as one of the SBS
> > >support gang said out of Mothership Los Colinas, if your vendor won't
> > >guarantee that equipment for 3 years, do you really want to put that data
> > >on that device?
> > >
> > >So far the SATAs that we have running around in SBSland servers are okay,
> > >but I'll report back in another 2 years and let you know.
> > >
> > >I can't speak for the Dell rack stuff, but the Dell tower stuff...lemme
> > >just say I'm glad Brian steered me towards HP.
> > >
> > >
> > >
> > >Rob MOIR wrote:
> > >>>-Original Message-
> > >>>From: [EMAIL PROTECTED]
> > >>>[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
> > >>>Sent: 07 November 2005 15:13
> > >>>To: ActiveDir@mail.activedir.org
> > >>>Subject: RE: [ActiveDir] Hardware Suggestions
> > >>>
> > >>
> > >>
> > >>>Bo

[ActiveDir] Change Auditor tools

2005-11-08 Thread Rascher, Raymond 
Hello, I am looking for a software product which can monitor, log and alert
when changes are made to Active Directory. If the product could also archive
security logs that would be a nice addition as well. If you can suggest some
products along with you experiences that would be great.

Thanks,
Ray
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread joe 



The only time I really found building DCs painful was in 
the early days of 2000 when you had more than 50 DCs and it was a crap shoot on 
whether or not FRS was going to work and you were waiting for a long time to get 
sysvol working even if you only had 100kb of data in it. Other than that WAN 
sites could be a pain but IFM helps considerably there. 
 
Of course there are DCs that I think a stripe set would be 
bad for, I would specifically think of any DCs that were maintaining state for 
an application that was hard coded to it (again the syncing type 
apps). Bridgeheads might be another place. 
 
In the 
10 years of directly running ops in an Enterprise company I think the 
actual number of disk failures across the hundreds of servers I managed could be 
counted on two hands. I have had more MOBO failures (and an actual MOBO catch on 
fire once) than disk failures, especially towards the end when we dumped 
Dell to go to IBM when we approached a 35% failure rate on IBM MOBOs. This 
includes some machines that I built back in the 90's on NT4 SP3 for heavy duty 
financial SQL apps where we spent 6 months testing the apps for failover and 
burning the servers in including yanking disks out of the bays while they were 
spinning and having them gyroscope around in our hands for a laugh. We wanted 
failures so we could test all of the failover and support processes and the darn 
things would keep working. 
 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Tuesday, November 08, 2005 7:00 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

I don't know about you but rebuilding DC's is not fun 
stuff.   Especially if it has 275 replication links to it from remote 
DC's..   believe me spend the money on the fault 
tolerance..


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Monday, November 07, 2005 10:09 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

How about just not partitioning the whole disk of the 
larger disks? Note I didn't come up with that idea, that came from a young 
whippersnapper I know out of Redmond whom I was discussing the fastest AD disk 
configs with a few weeks ago. I haven't tried it but it makes sense to me. Just 
allocate maybe 10-12GB of each of the 36GB drives across an array or 
so.
 
Course you could always say screw the fault tolerant RAIDs, 
this isn't Exchange, and run commando with a stripe set. If you have enough 
extra DC capacity in the site you could have them all running really fast and 
then when one blows it just goes away. Most applications that are written 
properly for AD handle that just fine except apps that hard sync to a single DC. 

 
If I have 7-8 disks, I wouldn't hesitate to put them in a 
single RAID-10/0+1 type config. OS and Logs are snoring on most DCs. All of the 
action is around the DIT unless you get that baby into memory which was the 
first I think 20 responses I got from the whippersnapper. Use 64 bit. I know 
but... use 64 bit... I know but use 64 bit I know but are you still 
here, use 64 bit
 
 
  joe


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Monday, November 07, 2005 6:54 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT



We have allot of users coming back to our central site and 
we use the following config.
 
 
adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS
 
adapter #3 ===>  raid 5 (3 disk)   with 
global hot spare AD Data
 
 
the key to this using this is that all the equipment (SCSI 
disk,SCSI controller) is Ultra 320 spec with low latency and low seek 
times  (15 K rpm usually).   The other thing that has been 
noticed is that use as small a disk as you can get.  (8 GB)   
Some of the manufacturers are saying they only can supply 36GB drives on new 
equipment.   These drive are ok but the seek time goes up because of 
the size of the drive
 
 
 
this config works good also
 

adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS   and  raid 5 (3 disk)   with global hot 
spare (total of 6 on this channel)
 
 
 
hope this 
helps
 
 
 
 
 





This e-mail, including 
any attachments, may be confidential, privileged or otherwise legally protected. 
It is intended only for the addressee. If you received this e-mail in error or 
from someone who was not authorized to send it to you, do not disseminate, copy 
or otherwise use this e-mail or its attachments.  Please notify the sender 
immediately by reply e-mail and delete the e-mail from your system. 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Sunday, November 06, 2005 11:12 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Raid suggestions for DC maybe OT

LOL. I actually pinged Rick on the "of

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Al Mulnick 
Agreed. That bit of history is exactly what I was thinking as I wrote that.  
Those things that today are not enterprise ready, may be tomorrow. Not sure 
if the thing has to change or if my perception of the "enterprise" does, but 
change is constant ;)


Like I said, I wouldn't want it today for an enterprise class machine (large 
centralized enterprise for clarification, where >1000 people concurrently 
rely on it for business critical service).


-ajm



From: ASB <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions
Date: Tue, 8 Nov 2005 08:13:22 -0500

~
I don't have a problem with SATA (an upgrade from PATA) if used as 
designed.

It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended for
desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.
It's not too long ago that Windows and Intel processors were
considered "not designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> That's a desktop user? The apple desktop?
>
> I don't have a problem with SATA (an upgrade from PATA) if used as 
designed.

> It's designed for desktop storage.  Not that it can't be adjusted to
> server/enterprise, but it's price point and architecture are intended 
for

> desktops (i.e. cheap but not as reliable as a shared resource).
>
> Used appropriately, I'm quite happy with it.  But it's intended to be 
cheap

> and replaceable.
>
> Cheap, fast, reliable - pick two (or something like that ;)
>
> That shouldn't last if history is any indication, but for now I'll try 
not
> to build too many centrally required applications on that technology 
unless

> I can put a lot of abstraction in front of it (large pools that aren't
> bothered by the loss of several components at a time.)
>
>
>
>
>
>
>
> >From: "Rob MOIR" <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ,
> >Subject: RE: [ActiveDir] Hardware Suggestions
> >Date: Mon, 7 Nov 2005 18:36:10 -
> >
> >I've deployed SATA for storage of large files in Apple XRaid units in a
> >Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
just as
> >happy ;-) but it was the only way to give the user what they wanted 
inside

> >the budget we had.
> >
> >One advantage of the XRaid is that it's fitted out from the get go to 
use
> >SATA disks and the only reason you'd ever have to do anything to it is 
to

> >replace a drive that you already know has gone bad.
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> >Sent: Mon 07/11/2005 17:34
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >
> >
> >SATA == Desktop drives.
> >
> >They weren't originally concepted to be enterprise class storage.  I 
see
> >them as being back-engineered to be used this way, but most of what 
I've
> >seen has been to deploy them as a JBOD in situations where you can 
absorb

> >the continuous loss of hardware and not impact performance and
> >availability.
> >   Typically in pools of disk and hsm solutions (what is it that hsm is
> >called now? ILM? :)
> >
> >If you plan to deploy DAS solutions (internal or external), SATA is not
> >likely the way to go right now.  You may want to wait a bit longer if 
the

> >data is important.
> >
> >
> >For large pools of inexpensive disks, SATA might be worthwhile to
> >investigate if you have a large loading bay, a good support agreement, 
and

> >close access to the highway.
> >
> >-ajm
> >
> >
> >
> > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > ><[EMAIL PROTECTED]>
> > >Reply-To: ActiveDir@mail.activedir.org
> > >To: ActiveDir@mail.activedir.org
> > >Subject: Re: [ActiveDir] Hardware Suggestions
> > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > >
> > >
> > >
> > >I personally have SATA experience in the tower/desktop world but none 
in
> > >the rack units.  Are the physical connections any stronger in the 
rack

> > >world?
> > >
> > >I like SCSI and IDE not only for their proven track record [server 
and
> > >desktop respectively] but because the dang cables don't get knocked 
off
> > >each time I reach into the case.  Those cable connections on the back 
of

> > >the SATA drives are a little worrying.  I've accidentally bumped the
> > >connection off my workstation at home twice while adding the Happauge
> >card
> > >and what not.
> > >
> > >In SBSland early on we had issues with them getting loaded up, if 
they

> >are
> > >underpowered, we're seeing a bit of bottlenecks, and as one of the 
SBS

> > >support gang said out of Mothership Los Colinas, if your vendor won't
> > >guarantee that eq

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread Sudhir Kaushal 

Thanks for the response. 

I have gone through some of the microsoft
documents. The tool dhcpexim works for 2000 whereas my source and target
servers are 2003. For 2003 the procedure mentioned in the link http://support.microsoft.com/kb/325473
says to use netsh import and export commands. They also have mentioned
that its moves both the database as well as configuration. 

When i used this command, as per my understanding
it perfectly moves the configuration of the DHCP on the target server and
i am able to see all the scopes and the Addresses leases. However my dhcp.mdb
database size on the target server remains default 1032 kb . Where as the
the db size on the source server is bigger then this. 

May i know why is this happening? Or is there
any other process also to be followed ? 

Thanks..

Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91
120 2582323 Ext. 2649
Denmark - + 45
70100024 Ext. 2649
 
“You never win Silver, You
lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.








"CHIANESE, DAVID" 
@phlyins.com>
Sent by: ActiveDir-owner
11/08/2005 06:22 PM
Please respond to ActiveDir
        
        To:
       
        cc:
       
        Subject:
       RE: [ActiveDir] moving DHCP Server to
another machine


http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp
 
Try the above link.  We just
migrated 2 DHCP servers with this micosoft utility.
 
 
Regards,
 
Dave Chianese


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir
Kaushal
Sent: Tuesday, November 08, 2005 7:31 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] moving DHCP Server to another machine 


Hi, 

I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ).  I
did the configuration export by giving the netsh dhcp server export command
and am able to import the DHCP configuration on the Target Server.  The
concern is that Is this process completes the whole move. What about the
DHCP Database ? how to move it or is there any tested process to  move
the configuration and db to another server.?  


Thanks in Advance. 

Regards, 
Sudhir Kaushal 
Systems Engineer (GIS) 
Computer Sciences Corporation. 
India - + 91 120 2582323 Ext. 2649 
Denmark - + 45 70100024 Ext. 2649 
  
“You never win Silver, You lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.

RE: [ActiveDir] Change Auditor tools

2005-11-08 Thread Daniel Gilbert 
Check out a product called Change Auditor for Active Directory (CAAD)
from NetPro (www.netpro.com).

*Not plugging the product just answering the e-mail*

Dan

>  Original Message 
> Subject: [ActiveDir] Change Auditor tools
> From: "Rascher, Raymond" <[EMAIL PROTECTED]>
> Date: Tue, November 08, 2005 6:52 am
> To: "'ActiveDir@mail.activedir.org'" 
> 
> Hello, I am looking for a software product which can monitor, log and alert
> when changes are made to Active Directory. If the product could also archive
> security logs that would be a nice addition as well. If you can suggest some
> products along with you experiences that would be great.
> 
> Thanks,
> Ray
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread iain.mccall 



 
 
Have you looked at.
 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3ee35f7b-6b5a-4942-b1cb-9f7462989039.mspx
 
 

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
  KaushalSent: 08 November 2005 13:53To: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
  Server to another machine
  Thanks for the response. 
  I have gone through some of the 
  microsoft documents. The tool dhcpexim works for 2000 whereas my source and 
  target servers are 2003. For 2003 the procedure mentioned in the link 
  http://support.microsoft.com/kb/325473 says to use netsh import and export 
  commands. They also have mentioned that its moves both the database as well as 
  configuration. When i used this 
  command, as per my understanding it perfectly moves the configuration of the 
  DHCP on the target server and i am able to see all the scopes and the 
  Addresses leases. However my dhcp.mdb database size on the target server 
  remains default 1032 kb . Where as the the db size on the source server is 
  bigger then this. May i know why is 
  this happening? Or is there any other process also to be followed ? 
  Thanks.. Regards, Sudhir 
  Kaushal Systems Engineer 
  (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 
  2649 Denmark - 
  + 45 70100024 Ext. 2649   “You 
  never win Silver, You lose Gold”This 
  is a PRIVATE message. If you are not the intended recipient, please delete 
  without copying and kindly advise us by e-mail of the mistake in delivery. 
  NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any 
  order or other contract unless pursuant to explicit written agreement or 
  government initiative expressly permitting the use of e-mail for such 
  purpose.
  


  
  "CHIANESE, DAVID" 
@phlyins.com> Sent by: ActiveDir-owner 
11/08/2005 06:22 PM Please respond to ActiveDir 
                  To:     
            cc:     
        
    Subject:        RE: [ActiveDir] moving 
DHCP Server to another machinehttp://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp 
    Try the 
  above link.  We just migrated 2 DHCP servers with this micosoft 
  utility.     
  Regards,   Dave 
  Chianese 
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
  KaushalSent: Tuesday, November 08, 2005 7:31 AMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
  to another machine Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ). 
   I did the configuration export by giving the netsh dhcp server export 
  command and am able to import the DHCP configuration on the Target Server. 
   The concern is that Is this process completes the whole move. What about 
  the DHCP Database ? how to move it or is there any tested process to 
   move the configuration and db to another server.?   Thanks in Advance. 
  Regards, 
  Sudhir Kaushal Systems Engineer 
  (GIS) Computer Sciences Corporation. 
  India - + 91 
  120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 
  2649  “You never win Silver, You lose Gold”This 
  is a PRIVATE message. If you are not the intended recipient, please delete 
  without copying and kindly advise us by e-mail of the mistake in delivery. 
  NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any 
  order or other contract unless pursuant to explicit written agreement or 
  government initiative expressly permitting the use of e-mail for such 
  purpose. 
  
*
This electronic message contains information from Hampshire Constabulary which may be legally privileged and confidential. Any opinions expressed may be those of the individual and not necessarily the Hampshire Constabulary.
The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message in error, please notify us by telephone 
+44 (0) 845 045 45 45 or email to [EMAIL PROTECTED] immediately. Please then delete this email and destroy any copies of it. 
All communications, including telephone calls and electronic messages 
to and from the Hampshire Constabulary may be subject to monitoring.  Replies to this email may be seen by employees other than the intended recipient.  
***

RE: [ActiveDir] Change Auditor tools

2005-11-08 Thread Olegario, Alan 
Another product that I've looked at to do this (but never purchased due
to limited funding) was Active Administrator.

http://www.scriptlogic.com/products/activeadmin/ 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Tuesday, November 08, 2005 8:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Change Auditor tools

Check out a product called Change Auditor for Active Directory (CAAD)
from NetPro (www.netpro.com).

*Not plugging the product just answering the e-mail*

Dan

>  Original Message 
> Subject: [ActiveDir] Change Auditor tools
> From: "Rascher, Raymond" <[EMAIL PROTECTED]>
> Date: Tue, November 08, 2005 6:52 am
> To: "'ActiveDir@mail.activedir.org'" 
> 
> Hello, I am looking for a software product which can monitor, log and 
> alert when changes are made to Active Directory. If the product could 
> also archive security logs that would be a nice addition as well. If 
> you can suggest some products along with you experiences that would be
great.
> 
> Thanks,
> Ray
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Change Auditor tools

2005-11-08 Thread Tomasz Onyszko 

Rascher, Raymond wrote:

Hello, I am looking for a software product which can monitor, log and alert
when changes are made to Active Directory. If the product could also archive
security logs that would be a nice addition as well. If you can suggest some
products along with you experiences that would be great.


Check TripWire products - they introduced lately auditing of AD changes.
http://www.tripwire.com/press/press_release/pr.cfm?prid=274

I haven't tried it so I can't tell You how it is working.


--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Change Auditor tools

2005-11-08 Thread Peter Johnson 
Look at some tools from NetIQ as well as Quest. Exactly what changes are
you looking for? NetIQ do prevention as well as monitoring tools. MOM
can do a certain amount of this as well with the Security Management
Pack extensions.

Regards
Peter Johnson 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rascher,
Raymond
Sent: 08 November 2005 15:52
To: 'ActiveDir@mail.activedir.org'
Subject: [ActiveDir] Change Auditor tools

Hello, I am looking for a software product which can monitor, log and
alert when changes are made to Active Directory. If the product could
also archive security logs that would be a nice addition as well. If you
can suggest some products along with you experiences that would be
great.

Thanks,
Ray
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread Sudhir Kaushal 

Yes i took the fresh backup and restore
on the target server successfully. However the dhcp.mdb size remains same...
:-(  

Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91
120 2582323 Ext. 2649
Denmark - + 45
70100024 Ext. 2649
 
“You never win Silver, You
lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.









@hampshire.pnn.police.uk>
Sent by: ActiveDir-owner
11/08/2005 07:43 PM
Please respond to ActiveDir
        
        To:
       
        cc:
       
        Subject:
       RE: [ActiveDir] moving DHCP Server to
another machine


 
 
Have you looked at.
 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3ee35f7b-6b5a-4942-b1cb-9f7462989039.mspx
 

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir
Kaushal
Sent: 08 November 2005 13:53
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] moving DHCP Server to another machine


Thanks for the response. 

I have gone through some of the microsoft documents. The tool dhcpexim
works for 2000 whereas my source and target servers are 2003. For 2003
the procedure mentioned in the link http://support.microsoft.com/kb/325473
says to use netsh import and export commands. They also have mentioned
that its moves both the database as well as configuration. 

When i used this command, as per my understanding it perfectly moves the
configuration of the DHCP on the target server and i am able to see all
the scopes and the Addresses leases. However my dhcp.mdb database size
on the target server remains default 1032 kb . Where as the the db size
on the source server is bigger then this. 

May i know why is this happening? Or is there any other process also to
be followed ? 

Thanks.. 

Regards, 
Sudhir Kaushal 
Systems Engineer (GIS) 
Computer Sciences Corporation. 
India - + 91 120 2582323 Ext. 2649 
Denmark - + 45 70100024 Ext. 2649 
  
“You never win Silver, You lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.







"CHIANESE, DAVID"

@phlyins.com> 
Sent by: ActiveDir-owner 
11/08/2005 06:22 PM

Please respond to ActiveDir 
        
        To:        

        cc:        

        Subject:        RE: [ActiveDir]
moving DHCP Server to another machine



http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp

  
Try the above link.  We just migrated 2 DHCP servers with this micosoft
utility. 
  
  
Regards, 
  
Dave Chianese 


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir
Kaushal
Sent: Tuesday, November 08, 2005 7:31 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] moving DHCP Server to another machine 


Hi, 

I need to move my DHCP Server ( 2003 ) to another machine ( 2003 ).  I
did the configuration export by giving the netsh dhcp server export command
and am able to import the DHCP configuration on the Target Server.  The
concern is that Is this process completes the whole move. What about the
DHCP Database ? how to move it or is there any tested process to  move
the configuration and db to another server.?  


Thanks in Advance. 

Regards, 
Sudhir Kaushal 
Systems Engineer (GIS) 
Computer Sciences Corporation. 
India - + 91 120 2582323 Ext. 2649 
Denmark - + 45 70100024 Ext. 2649 
 
“You never win Silver, You lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
---

RE: [ActiveDir] Change Auditor tools

2005-11-08 Thread James_Day 
I did a pretty in depth bakeoff between Quest Change Manager, NetIQ GPG and
Security Manager, and NetPro Change Auditor.  I found the NetPRO product to
deliver much better auditing with much less time to deployment (24 hours
for NetIQ to get about 1/4 of the events we generated, 15 hours for Quest
to get about half, and 2 hours for NetPro to get close to 80%).  For event
log consolidation both Quest and NetIQ had decent options.

Regards;

James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
202-230-2983
[EMAIL PROTECTED]


|-+-->
| |   "Olegario, Alan"   |
| |   <[EMAIL PROTECTED]|
| |   m> |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   11/08/2005 09:21 AM EST|
| |   Please respond to  |
| |   ActiveDir  |
|-+-->
  
>--|
  | 
 |
  |   To: 
 |
  |   cc:   (bcc: James Day/Contractor/NPS) 
 |
  |   Subject:  RE: [ActiveDir] Change Auditor tools
 |
  
>--|




Another product that I've looked at to do this (but never purchased due
to limited funding) was Active Administrator.

http://www.scriptlogic.com/products/activeadmin/

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Tuesday, November 08, 2005 8:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Change Auditor tools

Check out a product called Change Auditor for Active Directory (CAAD)
from NetPro (www.netpro.com).

*Not plugging the product just answering the e-mail*

Dan

>  Original Message 
> Subject: [ActiveDir] Change Auditor tools
> From: "Rascher, Raymond" <[EMAIL PROTECTED]>
> Date: Tue, November 08, 2005 6:52 am
> To: "'ActiveDir@mail.activedir.org'" 
>
> Hello, I am looking for a software product which can monitor, log and
> alert when changes are made to Active Directory. If the product could
> also archive security logs that would be a nice addition as well. If
> you can suggest some products along with you experiences that would be
great.
>
> Thanks,
> Ray
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Brian Desmond 
Personally, I usually schedule physical maintenance once per calendar year
on all my servers. Primarily, I have the muffler bearings lubricated inside.
We also check the bit bucket and empty it if need be. Sometimes a buffer
overflows into the bit bucket, unpatched machines in particular tend to need
to be emptied. 

Thanks,
Brian Desmond
[EMAIL PROTECTED]
 
c - 312.731.3132
 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Tuesday, November 08, 2005 3:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Hardware Suggestions

> I like SCSI and IDE not only for their proven track record 
> [server and desktop respectively] but because the dang cables 
> don't get knocked off each time I reach into the case.  Those 
> cable connections on the back of the SATA drives are a little 
> worrying.  I've accidentally bumped the connection off my 
> workstation at home twice while adding the Happauge card and what not.

I can understand that with a home machine you're going to be taking the
top off at regular intervals to play with it (err; upgrade hardware etc)
but why on earth would you ever open a server unless it has a fault? We
have servers that go their entire life without being opened up. Is there
some major bit of server management that I'm missing by not taking it
apart on a regular basis??

Steve
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread Rick Kingslan 



Jonathan -
 
275 replication links seems, at least to my tired eyes this 
AM, to be a lot.  Are you running a branch office environment, or is this a 
number of remote sites that link back to a single hub?
 
I'm interested as to why there are so many repl links to 
your DCs, only if it's one DC.  In my experience, that's not optimal, and 
we can provide some prescriptive guidance to help optimize the topology with no 
addition of hardware, just some tuning of site/subnet 
configurations.
 
Rick [msft]

--Posting is provided "AS IS", and confers no rights or 
warranties ...  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Tuesday, November 08, 2005 6:00 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

I don't know about you but rebuilding DC's is not fun 
stuff.   Especially if it has 275 replication links to it from remote 
DC's..   believe me spend the money on the fault 
tolerance..


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Monday, November 07, 2005 10:09 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

How about just not partitioning the whole disk of the 
larger disks? Note I didn't come up with that idea, that came from a young 
whippersnapper I know out of Redmond whom I was discussing the fastest AD disk 
configs with a few weeks ago. I haven't tried it but it makes sense to me. Just 
allocate maybe 10-12GB of each of the 36GB drives across an array or 
so.
 
Course you could always say screw the fault tolerant RAIDs, 
this isn't Exchange, and run commando with a stripe set. If you have enough 
extra DC capacity in the site you could have them all running really fast and 
then when one blows it just goes away. Most applications that are written 
properly for AD handle that just fine except apps that hard sync to a single DC. 

 
If I have 7-8 disks, I wouldn't hesitate to put them in a 
single RAID-10/0+1 type config. OS and Logs are snoring on most DCs. All of the 
action is around the DIT unless you get that baby into memory which was the 
first I think 20 responses I got from the whippersnapper. Use 64 bit. I know 
but... use 64 bit... I know but use 64 bit I know but are you still 
here, use 64 bit
 
 
  joe


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Monday, November 07, 2005 6:54 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT



We have allot of users coming back to our central site and 
we use the following config.
 
 
adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS
 
adapter #3 ===>  raid 5 (3 disk)   with 
global hot spare AD Data
 
 
the key to this using this is that all the equipment (SCSI 
disk,SCSI controller) is Ultra 320 spec with low latency and low seek 
times  (15 K rpm usually).   The other thing that has been 
noticed is that use as small a disk as you can get.  (8 GB)   
Some of the manufacturers are saying they only can supply 36GB drives on new 
equipment.   These drive are ok but the seek time goes up because of 
the size of the drive
 
 
 
this config works good also
 

adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS   and  raid 5 (3 disk)   with global hot 
spare (total of 6 on this channel)
 
 
 
hope this 
helps
 
 
 
 
 





This e-mail, including 
any attachments, may be confidential, privileged or otherwise legally protected. 
It is intended only for the addressee. If you received this e-mail in error or 
from someone who was not authorized to send it to you, do not disseminate, copy 
or otherwise use this e-mail or its attachments.  Please notify the sender 
immediately by reply e-mail and delete the e-mail from your system. 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Sunday, November 06, 2005 11:12 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Raid suggestions for DC maybe OT

LOL. I actually pinged Rick on the "official" guidelines 
previously for an Enterprise class DC with 4 disks, he was actually one of 4 
people I queried since I hadn't seen what I considered good official docs on it. 
Rick quoted the K3 Deployment guide which is definitely a good start. It 
indicates
 
RAID 1 - OS
RAID 1 - Logs
RAID 1 or 0+1 - SYSVOL/DIT
 
If you have less than 1000 users using the DC it says you 
can use one single RAID-1 for the whole thing. Though you have the same issue 
here as you have for anything, how are the 1000 users using it and what else is 
using it? Exchange? If so, I doubt I would do a single RAID-1 unless it was very 
few users. 
 
Otherwise you are looking at a minimum of 6 disks for all 
RAID-1s or 8 disks if 0+1 and RAID-1. 
 
When you actually look at it, the OS and the logs are using 
little IOPS on a dedicated DC and splitting them off o

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Rick Kingslan 
Add to that - SATA is not for the desktop only.  Check out some of the SAN
coming out from most vendors, EMC included.  Those drives and connections
look a lot like SATA to me. 

Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ASB
Sent: Tuesday, November 08, 2005 7:13 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions

~
I don't have a problem with SATA (an upgrade from PATA) if used as designed.
It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended for
desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.   
It's not too long ago that Windows and Intel processors were considered "not
designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> That's a desktop user? The apple desktop?
>
> I don't have a problem with SATA (an upgrade from PATA) if used as
designed.
> It's designed for desktop storage.  Not that it can't be adjusted to 
> server/enterprise, but it's price point and architecture are intended 
> for desktops (i.e. cheap but not as reliable as a shared resource).
>
> Used appropriately, I'm quite happy with it.  But it's intended to be 
> cheap and replaceable.
>
> Cheap, fast, reliable - pick two (or something like that ;)
>
> That shouldn't last if history is any indication, but for now I'll try 
> not to build too many centrally required applications on that 
> technology unless I can put a lot of abstraction in front of it (large 
> pools that aren't bothered by the loss of several components at a 
> time.)
>
>
>
>
>
>
>
> >From: "Rob MOIR" <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ,
> >Subject: RE: [ActiveDir] Hardware Suggestions
> >Date: Mon, 7 Nov 2005 18:36:10 -
> >
> >I've deployed SATA for storage of large files in Apple XRaid units in 
> >a Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
> >just as happy ;-) but it was the only way to give the user what they 
> >wanted inside the budget we had.
> >
> >One advantage of the XRaid is that it's fitted out from the get go to 
> >use SATA disks and the only reason you'd ever have to do anything to 
> >it is to replace a drive that you already know has gone bad.
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> >Sent: Mon 07/11/2005 17:34
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >
> >
> >SATA == Desktop drives.
> >
> >They weren't originally concepted to be enterprise class storage.  I 
> >see them as being back-engineered to be used this way, but most of 
> >what I've seen has been to deploy them as a JBOD in situations where 
> >you can absorb the continuous loss of hardware and not impact 
> >performance and availability.
> >   Typically in pools of disk and hsm solutions (what is it that hsm 
> >is called now? ILM? :)
> >
> >If you plan to deploy DAS solutions (internal or external), SATA is 
> >not likely the way to go right now.  You may want to wait a bit 
> >longer if the data is important.
> >
> >
> >For large pools of inexpensive disks, SATA might be worthwhile to 
> >investigate if you have a large loading bay, a good support 
> >agreement, and close access to the highway.
> >
> >-ajm
> >
> >
> >
> > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > ><[EMAIL PROTECTED]>
> > >Reply-To: ActiveDir@mail.activedir.org
> > >To: ActiveDir@mail.activedir.org
> > >Subject: Re: [ActiveDir] Hardware Suggestions
> > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > >
> > >
> > >
> > >I personally have SATA experience in the tower/desktop world but 
> > >none in the rack units.  Are the physical connections any stronger 
> > >in the rack world?
> > >
> > >I like SCSI and IDE not only for their proven track record [server 
> > >and desktop respectively] but because the dang cables don't get 
> > >knocked off each time I reach into the case.  Those cable 
> > >connections on the back of the SATA drives are a little worrying.  
> > >I've accidentally bumped the connection off my workstation at home 
> > >twice while adding the Happauge
> >card
> > >and what not.
> > >
> > >In SBSland early on we had issues with them getting loaded up, if 
> > >they
> >are
> > >underpowered, we're seeing a bit of bottlenecks, and as one of the 
> > >SBS support gang said out of Mothership Los Colinas, if your vendor 
> > >won't guarantee that equipment for 3 years, do you really want to 
> > >put that data on that device?
> > >
> > >So far the SATAs that we have running around in SBSland servers are

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread CHIANESE, DAVID 



My bad. 2003 not 2000.  Sorry for the 
confusion.
 
-Dave


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: Tuesday, November 08, 2005 8:53 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
Server to another machine
Thanks for the response. 
I have gone through some of the microsoft 
documents. The tool dhcpexim works for 2000 whereas my source and target servers 
are 2003. For 2003 the procedure mentioned in the link 
http://support.microsoft.com/kb/325473 says to use netsh import and export 
commands. They also have mentioned that its moves both the database as well as 
configuration. When i used this command, 
as per my understanding it perfectly moves the configuration of the DHCP on the 
target server and i am able to see all the scopes and the Addresses leases. 
However my dhcp.mdb database size on the target server remains default 1032 kb . 
Where as the the db size on the source server is bigger then this. 
May i know why is this happening? Or is 
there any other process also to be followed ? Thanks.. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. 
India - + 91 120 2582323 
Ext. 2649 Denmark 
- + 45 70100024 Ext. 2649   “You never 
win Silver, You lose Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

  
  

"CHIANESE, DAVID" 
  @phlyins.com> Sent by: ActiveDir-owner 
  11/08/2005 06:22 PM Please respond to ActiveDir 
                To:     
              cc:     
            
    Subject:        RE: [ActiveDir] moving DHCP 
  Server to another machinehttp://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp 
  Try the 
above link.  We just migrated 2 DHCP servers with this micosoft 
utility.     
Regards,   Dave Chianese 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: Tuesday, November 08, 2005 7:31 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
to another machine Hi, I 
need to move my DHCP Server ( 2003 ) to another machine ( 2003 ).  I did 
the configuration export by giving the netsh dhcp server export command and am 
able to import the DHCP configuration on the Target Server.  The concern is 
that Is this process completes the whole move. What about the DHCP Database ? 
how to move it or is there any tested process to  move the configuration 
and db to another server.?   Thanks in Advance. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences 
Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 
45 70100024 Ext. 2649  “You never win Silver, You lose Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
..well.. a drive in a member server dropped off the raid the other day 
and I had to open up a box and replace a SCSI drive.


And quite frankly those SATA connections 'on' the drive feel flimsy 
enought to snap off if I'm not careful, or not solid enough that a 
Calfornia earthquake would jolt them off.


Steve Rochford wrote:

I like SCSI and IDE not only for their proven track record 
[server and desktop respectively] but because the dang cables 
don't get knocked off each time I reach into the case.  Those 
cable connections on the back of the SATA drives are a little 
worrying.  I've accidentally bumped the connection off my 
workstation at home twice while adding the Happauge card and what not.
   



I can understand that with a home machine you're going to be taking the
top off at regular intervals to play with it (err; upgrade hardware etc)
but why on earth would you ever open a server unless it has a fault? We
have servers that go their entire life without being opened up. Is there
some major bit of server management that I'm missing by not taking it
apart on a regular basis??

Steve
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 

Windows 2003 r2 Enterprise  [not standard]  [and not a free upgrade]



Tomasz Onyszko wrote:


Smith, Brad wrote:
(...)



What other issues/considerations have list reader come across when
incorporating large amounts of external users?



If You are building this solution from the scratch or You can do some 
development on Your web app I will strongly encourae You to take a ook 
at ADFS services which will be shipped with Windows 2003 R2 in this year.


Some food for reading:
http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723998c5/ADFS_Overview.doc 

http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428-9bbd-a103b9f27654&DisplayLang=en 




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 

I've seen the SAN vendors these days include SATA drives.



Al Mulnick wrote:

Agreed. That bit of history is exactly what I was thinking as I wrote 
that.  Those things that today are not enterprise ready, may be 
tomorrow. Not sure if the thing has to change or if my perception of 
the "enterprise" does, but change is constant ;)


Like I said, I wouldn't want it today for an enterprise class machine 
(large centralized enterprise for clarification, where >1000 people 
concurrently rely on it for business critical service).


-ajm



From: ASB <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions
Date: Tue, 8 Nov 2005 08:13:22 -0500

~
I don't have a problem with SATA (an upgrade from PATA) if used as 
designed.

It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended 
for

desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.
It's not too long ago that Windows and Intel processors were
considered "not designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> That's a desktop user? The apple desktop?
>
> I don't have a problem with SATA (an upgrade from PATA) if used as 
designed.

> It's designed for desktop storage.  Not that it can't be adjusted to
> server/enterprise, but it's price point and architecture are 
intended for

> desktops (i.e. cheap but not as reliable as a shared resource).
>
> Used appropriately, I'm quite happy with it.  But it's intended to 
be cheap

> and replaceable.
>
> Cheap, fast, reliable - pick two (or something like that ;)
>
> That shouldn't last if history is any indication, but for now I'll 
try not
> to build too many centrally required applications on that 
technology unless

> I can put a lot of abstraction in front of it (large pools that aren't
> bothered by the loss of several components at a time.)
>
>
>
>
>
>
>
> >From: "Rob MOIR" <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ,
> >Subject: RE: [ActiveDir] Hardware Suggestions
> >Date: Mon, 7 Nov 2005 18:36:10 -
> >
> >I've deployed SATA for storage of large files in Apple XRaid units 
in a
> >Raid 5+1 config, and so far so good. Ask me in 3 years if I'm 
still just as
> >happy ;-) but it was the only way to give the user what they 
wanted inside

> >the budget we had.
> >
> >One advantage of the XRaid is that it's fitted out from the get go 
to use
> >SATA disks and the only reason you'd ever have to do anything to 
it is to

> >replace a drive that you already know has gone bad.
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> >Sent: Mon 07/11/2005 17:34
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >
> >
> >SATA == Desktop drives.
> >
> >They weren't originally concepted to be enterprise class storage.  
I see
> >them as being back-engineered to be used this way, but most of 
what I've
> >seen has been to deploy them as a JBOD in situations where you can 
absorb

> >the continuous loss of hardware and not impact performance and
> >availability.
> >   Typically in pools of disk and hsm solutions (what is it that 
hsm is

> >called now? ILM? :)
> >
> >If you plan to deploy DAS solutions (internal or external), SATA 
is not
> >likely the way to go right now.  You may want to wait a bit longer 
if the

> >data is important.
> >
> >
> >For large pools of inexpensive disks, SATA might be worthwhile to
> >investigate if you have a large loading bay, a good support 
agreement, and

> >close access to the highway.
> >
> >-ajm
> >
> >
> >
> > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > ><[EMAIL PROTECTED]>
> > >Reply-To: ActiveDir@mail.activedir.org
> > >To: ActiveDir@mail.activedir.org
> > >Subject: Re: [ActiveDir] Hardware Suggestions
> > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > >
> > >
> > >
> > >I personally have SATA experience in the tower/desktop world but 
none in
> > >the rack units.  Are the physical connections any stronger in 
the rack

> > >world?
> > >
> > >I like SCSI and IDE not only for their proven track record 
[server and
> > >desktop respectively] but because the dang cables don't get 
knocked off
> > >each time I reach into the case.  Those cable connections on the 
back of
> > >the SATA drives are a little worrying.  I've accidentally bumped 
the
> > >connection off my workstation at home twice while adding the 
Happauge

> >card
> > >and what not.
> > >
> > >In SBSland early on we had issues with them getting loaded up, 
if they

> >are
> > >underpowered, we're seeing a bit of bottlenecks, and as one of 
the SBS
> > >supp

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread iain.mccall 



Have you compressed dhcp.mdb file using the 
jetpack.exe utility somewhere along the line? I am not sure if the backup does 
this as part of it's process. If it does, it may explain why the target file 
size is smaller than the source.
 
Have you tested to ensure the restored dhcp 
server is working correctly? otherwise you could be worrying over 
nothing
 
 

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
  KaushalSent: 08 November 2005 14:35To: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
  Server to another machine
  Yes i took the fresh backup and restore on the target 
  server successfully. However the dhcp.mdb size remains same... :-( 
    Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. 
  India - + 91 120 
  2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649   “You never win Silver, You lose Gold”This 
  is a PRIVATE message. If you are not the intended recipient, please delete 
  without copying and kindly advise us by e-mail of the mistake in delivery. 
  NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any 
  order or other contract unless pursuant to explicit written agreement or 
  government initiative expressly permitting the use of e-mail for such 
  purpose.
  


  
  @hampshire.pnn.police.uk> 
Sent by: ActiveDir-owner 
11/08/2005 07:43 PM Please respond to ActiveDir 
                  To:     
            cc:     
        
    Subject:        RE: [ActiveDir] moving 
DHCP Server to another machine    Have you looked at.   http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3ee35f7b-6b5a-4942-b1cb-9f7462989039.mspx 
    
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
  KaushalSent: 08 November 2005 13:53To: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
  Server to another machineThanks for the response. I have gone through some of the microsoft documents. The 
  tool dhcpexim works for 2000 whereas my source and target servers are 2003. 
  For 2003 the procedure mentioned in the link 
  http://support.microsoft.com/kb/325473 says to use netsh import and export 
  commands. They also have mentioned that its moves both the database as well as 
  configuration. When 
  i used this command, as per my understanding it perfectly moves the 
  configuration of the DHCP on the target server and i am able to see all the 
  scopes and the Addresses leases. However my dhcp.mdb database size on the 
  target server remains default 1032 kb . Where as the the db size on the source 
  server is bigger then this. May i know why is this happening? Or is there any other process 
  also to be followed ? Thanks.. Regards, Sudhir 
  Kaushal Systems Engineer (GIS) 
  Computer Sciences 
  Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - 
  + 45 70100024 Ext. 2649  “You never win Silver, You lose Gold”This 
  is a PRIVATE message. If you are not the intended recipient, please delete 
  without copying and kindly advise us by e-mail of the mistake in delivery. 
  NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any 
  order or other contract unless pursuant to explicit written agreement or 
  government initiative expressly permitting the use of e-mail for such 
  purpose.
  


  
  "CHIANESE, DAVID" 
@phlyins.com> Sent by: ActiveDir-owner 

11/08/2005 06:22 PM 
Please respond to 
ActiveDir 
          
       To: 
      
  
       cc: 
               Subject:   
     RE: [ActiveDir] moving DHCP Server to another 
machinehttp://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp  Try the above 
  link.  We just migrated 2 DHCP servers with this micosoft 
  utility.   Regards,  Dave Chianese 
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
  KaushalSent: Tuesday, November 08, 2005 7:31 AMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
  to another machine Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 
  2003 ).  I did the configuration export by giving the netsh dhcp server 
  export command and am able to import the DHCP configuration on the Target 
  Server.  The concern is that Is this process completes the whole move. 
  What about the DHCP Database ? how to move it or is there any tested process 
  to  move the configuration and db to another server.?  

RE: [ActiveDir] OT: Legato Replistor

2005-11-08 Thread deji 
>>>Give it at least six months for the initial problems to ironed out
first...remember the pain of early Windows 2000 DFS?

If there ever is a great argument FOR using DFSR "now", this is it! Rather
than waiting for an arbitrary length of "cooling off" period, you ought to
get in there now and test it out and see what works and what does not work
for you - you have a better chance of effecting changes to the final product
at this point, and you get the benefit of actually knowing and understanding
the product better than you otherwise would.
 
Moreso, it gives you a true understanding of its capabilities well before the
Marketing spiel hits the airwaves and tart clouding your judgment. If you use
it now, you will get the technical angle, and you will be less susceptible to
some attractive jargons coined up by people like me whose very existence will
depend on getting you to implement - I will have all the ammo then and you
will have nothing but a whimpering "I just want to wait a while ." :).
You noticed how Guido shredded my "Quantum Leap" theory, didn't you?
 
That's what I mean.
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Jensz, Travis
Sent: Tue 11/8/2005 3:00 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: Legato Replistor



We've recently used RepliStor for our 2000 to 2003 migration, and now we're
using it to maintain a hot spare at some of our larger sites.  Generally
speaking it's pretty good, and when everything's running well it transmits
data surprisingly quick - I haven't bothered yet trying to prove whether or
not it actually does replicate data on something more granular than a per
file basis, but it's pretty quick.  The main problem we had with it came
down to a conflict with the AV software on the target machine.  Since we're
only replicating one-way (and RepliStor is locking the target data for us)
we simply disabled AV on the target and we'll just enable it again if we
ever lose the live server.  However, it sounds like you plan to replicate
data around in a multi-master scenario, so disabling AV isn't really an
option... not sure how you'd get around it... maybe their support guys will
be able to help you out.  Also, all of our replication so far has been over
LAN connections, so our experience with the software has very much been a
best case scenario.  We'll be tackling WAN replication some time soon.

I'm sure the following applies to most data replication software, not just
RepliStor, but here are a few things which caused us pain:

- antivirus!!
- switches with QoS enabled
- files which had the offline attribute set
- buffer area filling up

As for DFSR, I wouldn't dream of using it the day it hits the shelf.  Give
it at least six months for the initial problems to ironed out first...
remember the pain of early Windows 2000 DFS?

Travis


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: 07 November 2005 21:33
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Legato Replistor

I've been doing various tests myself and while I wouldn't say a DFSR is a
quantum leap from Double-Take, I'd certainly agree that it is when compared
to FRS. Maybe even two leaps...  Certainly something that I consider one of
the main benefits of R2.

But besides all the talk on the file replication improvements, you should
also not loose focus on the various benefits of the updated core DFS itself.

Here are my favorite changes of DFS/DFSR (other than dramatically improving
repl. performance and efficiency):

· new object type "Folders" to create Link-Hierarchy within the same DFS
root
· powerful options to configure Target priority (handling of link target
referrals) outside of client's site (links within client's site will always
be listed first in referral list)
? Random Order
? Lowest Cost
? Exclude Targets outside client's site
? special Failback option: Client's can be configured to fail back
to preferred target (requires special hotfix - only available for XP SP2)
? availability of options depend on special OS and AD additions
(e.g. although mixing OS versions is possible, if domain controllers or root
servers are running Windows Server 2003 without the release candidate
version of SP1, they cannot provide referrals that support target priority
or client failback)

· Replication possible with standalone DFS root (not only domain based), but
clients must be member of an AD domain
· Replication allows to specify bandwidth to be used
· differentiates between Replication Group and Content Set
? Replication Group:
* set of servers/members that participate in replication of
content sets
? Conten

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Brian Desmond 
I know our Clariion has shelves with 14x320GB raw storage. It's great low
cost storage for things which you don't need the performance of a scsi/fc
disk from. We use it for stuff like archiving. 

Thanks,
Brian Desmond
[EMAIL PROTECTED]
 
c - 312.731.3132
 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, November 08, 2005 10:33 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions

I've seen the SAN vendors these days include SATA drives.



Al Mulnick wrote:

> Agreed. That bit of history is exactly what I was thinking as I wrote 
> that.  Those things that today are not enterprise ready, may be 
> tomorrow. Not sure if the thing has to change or if my perception of 
> the "enterprise" does, but change is constant ;)
>
> Like I said, I wouldn't want it today for an enterprise class machine 
> (large centralized enterprise for clarification, where >1000 people 
> concurrently rely on it for business critical service).
>
> -ajm
>
>
>> From: ASB <[EMAIL PROTECTED]>
>> Reply-To: ActiveDir@mail.activedir.org
>> To: ActiveDir@mail.activedir.org
>> Subject: Re: [ActiveDir] Hardware Suggestions
>> Date: Tue, 8 Nov 2005 08:13:22 -0500
>>
>> ~
>> I don't have a problem with SATA (an upgrade from PATA) if used as 
>> designed.
>> It's designed for desktop storage.  Not that it can't be adjusted to
>> server/enterprise, but it's price point and architecture are intended 
>> for
>> desktops (i.e. cheap but not as reliable as a shared resource).
>> ~
>>
>> Depends on the size of the "enterprise"
>>
>> SATA has its place in the server segments of smaller orgs for sure.
>> It's not too long ago that Windows and Intel processors were
>> considered "not designed for the enterprise"...
>>
>>
>> -ASB
>>  FAST, CHEAP, SECURE: Pick Any TWO
>>  http://www.ultratech-llc.com/KB/
>>
>>
>> On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
>> > That's a desktop user? The apple desktop?
>> >
>> > I don't have a problem with SATA (an upgrade from PATA) if used as 
>> designed.
>> > It's designed for desktop storage.  Not that it can't be adjusted to
>> > server/enterprise, but it's price point and architecture are 
>> intended for
>> > desktops (i.e. cheap but not as reliable as a shared resource).
>> >
>> > Used appropriately, I'm quite happy with it.  But it's intended to 
>> be cheap
>> > and replaceable.
>> >
>> > Cheap, fast, reliable - pick two (or something like that ;)
>> >
>> > That shouldn't last if history is any indication, but for now I'll 
>> try not
>> > to build too many centrally required applications on that 
>> technology unless
>> > I can put a lot of abstraction in front of it (large pools that aren't
>> > bothered by the loss of several components at a time.)
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > >From: "Rob MOIR" <[EMAIL PROTECTED]>
>> > >Reply-To: ActiveDir@mail.activedir.org
>> > >To: ,
>> > >Subject: RE: [ActiveDir] Hardware Suggestions
>> > >Date: Mon, 7 Nov 2005 18:36:10 -
>> > >
>> > >I've deployed SATA for storage of large files in Apple XRaid units 
>> in a
>> > >Raid 5+1 config, and so far so good. Ask me in 3 years if I'm 
>> still just as
>> > >happy ;-) but it was the only way to give the user what they 
>> wanted inside
>> > >the budget we had.
>> > >
>> > >One advantage of the XRaid is that it's fitted out from the get go 
>> to use
>> > >SATA disks and the only reason you'd ever have to do anything to 
>> it is to
>> > >replace a drive that you already know has gone bad.
>> > >
>> > >
>> > >-Original Message-
>> > >From: [EMAIL PROTECTED] on behalf of Al Mulnick
>> > >Sent: Mon 07/11/2005 17:34
>> > >To: ActiveDir@mail.activedir.org
>> > >Subject: Re: [ActiveDir] Hardware Suggestions
>> > >
>> > >
>> > >SATA == Desktop drives.
>> > >
>> > >They weren't originally concepted to be enterprise class storage.  
>> I see
>> > >them as being back-engineered to be used this way, but most of 
>> what I've
>> > >seen has been to deploy them as a JBOD in situations where you can 
>> absorb
>> > >the continuous loss of hardware and not impact performance and
>> > >availability.
>> > >   Typically in pools of disk and hsm solutions (what is it that 
>> hsm is
>> > >called now? ILM? :)
>> > >
>> > >If you plan to deploy DAS solutions (internal or external), SATA 
>> is not
>> > >likely the way to go right now.  You may want to wait a bit longer 
>> if the
>> > >data is important.
>> > >
>> > >
>> > >For large pools of inexpensive disks, SATA might be worthwhile to
>> > >investigate if you have a large loading bay, a good support 
>> agreement, and
>> > >close access to the highway.
>> > >
>> > >-ajm
>> > >
>> > >
>> > >
>> > > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
>> > > ><[EMAIL PROTECTED]>
>> > > >Reply-To: ActiveDir@mail.activedir.org
>> > > >To: ActiveDir@mail.activedir.org
>> > >

RE: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread Ed Crowley [MVP] 



We sell a lot of DL380s for domain controllers, and some of 
my colleagues like to configure the six drives into a single RAID-1+0 volume for 
domain controllers.  I haven't personally done any lab validation of that 
configuration, but the arguments for it make a lot of sense, partcularly the 
spreading out of the I/O across more drives.
Ed Crowley MCSE+Internet MVPFreelance E-Mail 
PhilosopherProtecting the world from PSTs and Bricked 
Backups!™
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Dan 
CoxSent: Saturday, November 05, 2005 11:31 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Raid suggestions for 
DC maybe OT

What would be the suggested RAID and partitioning 
scheme for a Domain controller.
 
Any suggestions are appreciated.
Thanks.
 
Dan Cox
 
 

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Ed Crowley [MVP] 
SATA cables look to scale a whole lot better.  They're a whole lot less
cumbersome than the IDE/ATA ribbon cables, and you can get a lot more plugs
into less space.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, November 08, 2005 6:50 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Hardware Suggestions

Add to that - SATA is not for the desktop only.  Check out some of the SAN
coming out from most vendors, EMC included.  Those drives and connections
look a lot like SATA to me. 

Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ASB
Sent: Tuesday, November 08, 2005 7:13 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions

~
I don't have a problem with SATA (an upgrade from PATA) if used as designed.
It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended for
desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.   
It's not too long ago that Windows and Intel processors were considered "not
designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> That's a desktop user? The apple desktop?
>
> I don't have a problem with SATA (an upgrade from PATA) if used as
designed.
> It's designed for desktop storage.  Not that it can't be adjusted to 
> server/enterprise, but it's price point and architecture are intended 
> for desktops (i.e. cheap but not as reliable as a shared resource).
>
> Used appropriately, I'm quite happy with it.  But it's intended to be 
> cheap and replaceable.
>
> Cheap, fast, reliable - pick two (or something like that ;)
>
> That shouldn't last if history is any indication, but for now I'll try 
> not to build too many centrally required applications on that 
> technology unless I can put a lot of abstraction in front of it (large 
> pools that aren't bothered by the loss of several components at a
> time.)
>
>
>
>
>
>
>
> >From: "Rob MOIR" <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ,
> >Subject: RE: [ActiveDir] Hardware Suggestions
> >Date: Mon, 7 Nov 2005 18:36:10 -
> >
> >I've deployed SATA for storage of large files in Apple XRaid units in 
> >a Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
> >just as happy ;-) but it was the only way to give the user what they 
> >wanted inside the budget we had.
> >
> >One advantage of the XRaid is that it's fitted out from the get go to 
> >use SATA disks and the only reason you'd ever have to do anything to 
> >it is to replace a drive that you already know has gone bad.
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> >Sent: Mon 07/11/2005 17:34
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >
> >
> >SATA == Desktop drives.
> >
> >They weren't originally concepted to be enterprise class storage.  I 
> >see them as being back-engineered to be used this way, but most of 
> >what I've seen has been to deploy them as a JBOD in situations where 
> >you can absorb the continuous loss of hardware and not impact 
> >performance and availability.
> >   Typically in pools of disk and hsm solutions (what is it that hsm 
> >is called now? ILM? :)
> >
> >If you plan to deploy DAS solutions (internal or external), SATA is 
> >not likely the way to go right now.  You may want to wait a bit 
> >longer if the data is important.
> >
> >
> >For large pools of inexpensive disks, SATA might be worthwhile to 
> >investigate if you have a large loading bay, a good support 
> >agreement, and close access to the highway.
> >
> >-ajm
> >
> >
> >
> > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > ><[EMAIL PROTECTED]>
> > >Reply-To: ActiveDir@mail.activedir.org
> > >To: ActiveDir@mail.activedir.org
> > >Subject: Re: [ActiveDir] Hardware Suggestions
> > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > >
> > >
> > >
> > >I personally have SATA experience in the tower/desktop world but 
> > >none in the rack units.  Are the physical connections any stronger 
> > >in the rack world?
> > >
> > >I like SCSI and IDE not only for their proven track record [server 
> > >and desktop respectively] but because the dang cables don't get 
> > >knocked off each time I reach into the case.  Those cable 
> > >connections on the back of the SATA drives are a little worrying.
> > >I've accidentally bumped the connection off my workstation a

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Al Lilianstrom 

Rick Kingslan wrote:

Add to that - SATA is not for the desktop only.  Check out some of the SAN
coming out from most vendors, EMC included.  Those drives and connections
look a lot like SATA to me. 


We have SATA bricks attached to our SAN. They have some issues that, in 
my opinion, make them not quite 'enterprise' ready. A different vendor 
just dropped off a rack full of disks (SATA and FC) for us to test as 
part of a NAS investigation. The SATA based arrays are slower than the 
FC based arrays. Not as much as they used to be but still significantly 
slower. That said - we haven't moved anything real important to the SATA 
volumes yet. Mainly archives and temp storage for data reprocessing 
right now.


al


Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ASB
Sent: Tuesday, November 08, 2005 7:13 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions

~
I don't have a problem with SATA (an upgrade from PATA) if used as designed.
It's designed for desktop storage.  Not that it can't be adjusted to
server/enterprise, but it's price point and architecture are intended for
desktops (i.e. cheap but not as reliable as a shared resource).
~

Depends on the size of the "enterprise"

SATA has its place in the server segments of smaller orgs for sure.   
It's not too long ago that Windows and Intel processors were considered "not

designed for the enterprise"...


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:

That's a desktop user? The apple desktop?

I don't have a problem with SATA (an upgrade from PATA) if used as

designed.
It's designed for desktop storage.  Not that it can't be adjusted to 
server/enterprise, but it's price point and architecture are intended 
for desktops (i.e. cheap but not as reliable as a shared resource).


Used appropriately, I'm quite happy with it.  But it's intended to be 
cheap and replaceable.


Cheap, fast, reliable - pick two (or something like that ;)

That shouldn't last if history is any indication, but for now I'll try 
not to build too many centrally required applications on that 
technology unless I can put a lot of abstraction in front of it (large 
pools that aren't bothered by the loss of several components at a 
time.)









From: "Rob MOIR" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: ,
Subject: RE: [ActiveDir] Hardware Suggestions
Date: Mon, 7 Nov 2005 18:36:10 -

I've deployed SATA for storage of large files in Apple XRaid units in 
a Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
just as happy ;-) but it was the only way to give the user what they 
wanted inside the budget we had.


One advantage of the XRaid is that it's fitted out from the get go to 
use SATA disks and the only reason you'd ever have to do anything to 
it is to replace a drive that you already know has gone bad.



-Original Message-
From: [EMAIL PROTECTED] on behalf of Al Mulnick
Sent: Mon 07/11/2005 17:34
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions


SATA == Desktop drives.

They weren't originally concepted to be enterprise class storage.  I 
see them as being back-engineered to be used this way, but most of 
what I've seen has been to deploy them as a JBOD in situations where 
you can absorb the continuous loss of hardware and not impact 
performance and availability.
  Typically in pools of disk and hsm solutions (what is it that hsm 
is called now? ILM? :)


If you plan to deploy DAS solutions (internal or external), SATA is 
not likely the way to go right now.  You may want to wait a bit 
longer if the data is important.



For large pools of inexpensive disks, SATA might be worthwhile to 
investigate if you have a large loading bay, a good support 
agreement, and close access to the highway.


-ajm




From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
<[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions
Date: Mon, 07 Nov 2005 09:13:19 -0800



I personally have SATA experience in the tower/desktop world but 
none in the rack units.  Are the physical connections any stronger 
in the rack world?


I like SCSI and IDE not only for their proven track record [server 
and desktop respectively] but because the dang cables don't get 
knocked off each time I reach into the case.  Those cable 
connections on the back of the SATA drives are a little worrying.  
I've accidentally bumped the connection off my workstation at home 
twice while adding the Happauge

card

and what not.

In SBSland early on we had issues with them getting loaded up, if 
they

are
underpowered, we're seeing a bit of bottlenecks, and as on

RE: [ActiveDir] moving DHCP Server to another machine

2005-11-08 Thread McNicholas, Joe 



What happens when you look at the DHCP tool on the Target 
server - are Address Leases empty?  Are there any errors?  As you say, 
the MS article at http://support.microsoft.com/?id=325473 clearly 
says that the "netsh dhcp server export C:\dhcp.txt all" command should export 
the database too.
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: 08 November 2005 14:35To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
Server to another machine
Yes i took the fresh backup and 
restore on the target server successfully. However the dhcp.mdb size remains 
same... :-(   Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 
2649 Denmark - + 
45 70100024 Ext. 2649   “You never 
win Silver, You lose Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

  
  

@hampshire.pnn.police.uk> 
  Sent by: ActiveDir-owner 
  11/08/2005 07:43 PM Please respond to ActiveDir 
                To:     
              cc:     
            
    Subject:        RE: [ActiveDir] moving DHCP 
  Server to another machine    Have you looked at.   
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3ee35f7b-6b5a-4942-b1cb-9f7462989039.mspx 
  

From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: 08 November 2005 13:53To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] moving DHCP 
Server to another machineThanks for the response. I have gone through some of the microsoft documents. The 
tool dhcpexim works for 2000 whereas my source and target servers are 2003. For 
2003 the procedure mentioned in the link http://support.microsoft.com/kb/325473 
says to use netsh import and export commands. They also have mentioned that its 
moves both the database as well as configuration. When i used this command, as per 
my understanding it perfectly moves the configuration of the DHCP on the target 
server and i am able to see all the scopes and the Addresses leases. However my 
dhcp.mdb database size on the target server remains default 1032 kb . Where as 
the the db size on the source server is bigger then this. May i know why is this happening? 
Or is there any other process also to be followed ? Thanks.. 
Regards, Sudhir Kaushal Systems Engineer (GIS) 
Computer Sciences 
Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 
45 70100024 Ext. 2649  “You never win Silver, You lose Gold”This 
is a PRIVATE message. If you are not the intended recipient, please delete 
without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: 
Regardless of content, this e-mail shall not operate to bind CSC to any order or 
other contract unless pursuant to explicit written agreement or government 
initiative expressly permitting the use of e-mail for such 
purpose.

  
  

"CHIANESE, DAVID" 
  @phlyins.com> Sent by: ActiveDir-owner 
  
  11/08/2005 06:22 PM 
  Please respond to 
  ActiveDir 
        
         To: 
        
    
         cc: 
                 Subject:   
       RE: [ActiveDir] moving DHCP Server to another 
  machinehttp://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp  Try the above 
link.  We just migrated 2 DHCP servers with this micosoft 
utility.   Regards,  Dave Chianese 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Sudhir 
KaushalSent: Tuesday, November 08, 2005 7:31 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] moving DHCP Server 
to another machine Hi, I need to move my DHCP Server ( 2003 ) to another machine ( 2003 
).  I did the configuration export by giving the netsh dhcp server export 
command and am able to import the DHCP configuration on the Target Server. 
 The concern is that Is this process completes the whole move. What about 
the DHCP Database ? how to move it or is there any tested process to  move 
the configuration and db to another server.?   
Thanks in Advance. Regards, Sudhir Kaushal Systems Engineer 
(GIS) Computer Sciences Corporation. 
India - + 91 120 
2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win 
Silver, You lose Gold”---

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Al Lilianstrom 

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
..well.. a drive in a member server dropped off the raid the other day 
and I had to open up a box and replace a SCSI drive.


And quite frankly those SATA connections 'on' the drive feel flimsy 
enought to snap off if I'm not careful, or not solid enough that a 
Calfornia earthquake would jolt them off.


I think that a latch similar to a CAT5 cable is part of the SATA2 spec.

I have 3 racks full of servers with SATA drives in them. I haven't had a 
loose cable yet. I don't think our SAN bricks with SATA drives have had 
one either.


al


Steve Rochford wrote:

I like SCSI and IDE not only for their proven track record [server 
and desktop respectively] but because the dang cables don't get 
knocked off each time I reach into the case.  Those cable connections 
on the back of the SATA drives are a little worrying.  I've 
accidentally bumped the connection off my workstation at home twice 
while adding the Happauge card and what not.
  


I can understand that with a home machine you're going to be taking the
top off at regular intervals to play with it (err; upgrade hardware etc)
but why on earth would you ever open a server unless it has a fault? We
have servers that go their entire life without being opened up. Is there
some major bit of server management that I'm missing by not taking it
apart on a regular basis??

Steve
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


--

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Al Mulnick 
Right.  They do include them.  What's the failure rate and why don't you use 
them for things like day to day file and print? Is it because EMC lives on 
site and is constantly doing the replacement shuffle or is there another 
reason, perhaps non-technical?


What I'm getting at is that SATA drives have a place in the world.  They 
were intended to be a desktop solution (presumably where failures are more 
tolerated because they only take out one or two productivity hours to 
replace in case of failure.)  They are migrating to other applications that 
SAN vendors are pushing to drive down the costs of raw storage.  Does that 
make it ready for enterprise class storage?  I think it does if you change 
the meaning?  I define it as supporting storage for a centrally located 
resource that supports greater than 1000 concurrent users.  I don't consider 
it performance issue directly, but rather a problem with reliability.  I 
don't think the reliability is there yet.  It will be I'm sure.


Does it work well for backup/archive solutions? I think it's well suited for 
that purpose because it's AT LEAST as reliable as tape but much faster and 
likely cheaper over time per MB. That's a familiar path that SCSI based 
systems took as well and I'm sure it'll have similar results long term.


FWIW, I'm not convinced it's the transport but the media being used in those 
devices.  I don't think anyone bothered to care as much about quality as 
they did price/space.  When that changes so will my thinking about the 
capabilities of SATA in a centrally deployed, user dense environment.  Until 
then, it's cheap and disposable and can be utilized to support cheap and 
disposable (read that as reliability is not important to the task) usage 
scenarios.  I'll use something a little more reliable until then at a higher 
cost.


Risk/Benefit - different for everyone but just because EMC puts it into 
their solutions doesn't make it right.  Heck, EMC doesn't always do what I 
consider to be in my best interest anyway.  I can only count any vendor to 
do what brings them revenue; after that it's on a case by case basis.


Al




From: "Brian Desmond" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
To: 
Subject: RE: [ActiveDir] Hardware Suggestions
Date: Tue, 8 Nov 2005 10:55:32 -0500

I know our Clariion has shelves with 14x320GB raw storage. It's great low
cost storage for things which you don't need the performance of a scsi/fc
disk from. We use it for stuff like archiving.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, November 08, 2005 10:33 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions

I've seen the SAN vendors these days include SATA drives.



Al Mulnick wrote:

> Agreed. That bit of history is exactly what I was thinking as I wrote
> that.  Those things that today are not enterprise ready, may be
> tomorrow. Not sure if the thing has to change or if my perception of
> the "enterprise" does, but change is constant ;)
>
> Like I said, I wouldn't want it today for an enterprise class machine
> (large centralized enterprise for clarification, where >1000 people
> concurrently rely on it for business critical service).
>
> -ajm
>
>
>> From: ASB <[EMAIL PROTECTED]>
>> Reply-To: ActiveDir@mail.activedir.org
>> To: ActiveDir@mail.activedir.org
>> Subject: Re: [ActiveDir] Hardware Suggestions
>> Date: Tue, 8 Nov 2005 08:13:22 -0500
>>
>> ~
>> I don't have a problem with SATA (an upgrade from PATA) if used as
>> designed.
>> It's designed for desktop storage.  Not that it can't be adjusted to
>> server/enterprise, but it's price point and architecture are intended
>> for
>> desktops (i.e. cheap but not as reliable as a shared resource).
>> ~
>>
>> Depends on the size of the "enterprise"
>>
>> SATA has its place in the server segments of smaller orgs for sure.
>> It's not too long ago that Windows and Intel processors were
>> considered "not designed for the enterprise"...
>>
>>
>> -ASB
>>  FAST, CHEAP, SECURE: Pick Any TWO
>>  http://www.ultratech-llc.com/KB/
>>
>>
>> On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
>> > That's a desktop user? The apple desktop?
>> >
>> > I don't have a problem with SATA (an upgrade from PATA) if used as
>> designed.
>> > It's designed for desktop storage.  Not that it can't be adjusted to
>> > server/enterprise, but it's price point and architecture are
>> intended for
>> > desktops (i.e. cheap but not as reliable as a shared resource).
>> >
>> > Used appropriately, I'm quite happy with it.  But it's intended to
>> be cheap
>> > and replaceable.
>> >
>> > Cheap, fast, reliable - pick two (or something like that ;)
>> >
>> > That shouldn't last if history is any indication, but for now I'll
>> try not
>> > to build too many

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread Medeiros, Jose 
In the division I work in we use HP Proliant DL-360's and run only RAID 1 ( 
Mirrored ) we only use RAID 0+1 ( 10 ) when we require very fast I/O such as on 
a heavily used Exchange server or SQL server. Personally I think it is a waste 
of resources to run AD on RAID  0+1 ( 10 ), it would  not hurt to have faster 
disk I/O, but unnecessary.


Sincerely, 
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Al Lilianstrom
Sent: Tuesday, November 08, 2005 8:16 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions


Rick Kingslan wrote:
> Add to that - SATA is not for the desktop only.  Check out some of the SAN
> coming out from most vendors, EMC included.  Those drives and connections
> look a lot like SATA to me. 

We have SATA bricks attached to our SAN. They have some issues that, in 
my opinion, make them not quite 'enterprise' ready. A different vendor 
just dropped off a rack full of disks (SATA and FC) for us to test as 
part of a NAS investigation. The SATA based arrays are slower than the 
FC based arrays. Not as much as they used to be but still significantly 
slower. That said - we haven't moved anything real important to the SATA 
volumes yet. Mainly archives and temp storage for data reprocessing 
right now.

al

> Rick [msft]
> --
> Posting is provided "AS IS", and confers no rights or warranties ...
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of ASB
> Sent: Tuesday, November 08, 2005 7:13 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Hardware Suggestions
> 
> ~
> I don't have a problem with SATA (an upgrade from PATA) if used as designed.
> It's designed for desktop storage.  Not that it can't be adjusted to
> server/enterprise, but it's price point and architecture are intended for
> desktops (i.e. cheap but not as reliable as a shared resource).
> ~
> 
> Depends on the size of the "enterprise"
> 
> SATA has its place in the server segments of smaller orgs for sure.   
> It's not too long ago that Windows and Intel processors were considered "not
> designed for the enterprise"...
> 
> 
> -ASB
>  FAST, CHEAP, SECURE: Pick Any TWO
>  http://www.ultratech-llc.com/KB/
> 
> 
> On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
>> That's a desktop user? The apple desktop?
>>
>> I don't have a problem with SATA (an upgrade from PATA) if used as
> designed.
>> It's designed for desktop storage.  Not that it can't be adjusted to 
>> server/enterprise, but it's price point and architecture are intended 
>> for desktops (i.e. cheap but not as reliable as a shared resource).
>>
>> Used appropriately, I'm quite happy with it.  But it's intended to be 
>> cheap and replaceable.
>>
>> Cheap, fast, reliable - pick two (or something like that ;)
>>
>> That shouldn't last if history is any indication, but for now I'll try 
>> not to build too many centrally required applications on that 
>> technology unless I can put a lot of abstraction in front of it (large 
>> pools that aren't bothered by the loss of several components at a 
>> time.)
>>
>>
>>
>>
>>
>>
>>
>>> From: "Rob MOIR" <[EMAIL PROTECTED]>
>>> Reply-To: ActiveDir@mail.activedir.org
>>> To: ,
>>> Subject: RE: [ActiveDir] Hardware Suggestions
>>> Date: Mon, 7 Nov 2005 18:36:10 -
>>>
>>> I've deployed SATA for storage of large files in Apple XRaid units in 
>>> a Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
>>> just as happy ;-) but it was the only way to give the user what they 
>>> wanted inside the budget we had.
>>>
>>> One advantage of the XRaid is that it's fitted out from the get go to 
>>> use SATA disks and the only reason you'd ever have to do anything to 
>>> it is to replace a drive that you already know has gone bad.
>>>
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] on behalf of Al Mulnick
>>> Sent: Mon 07/11/2005 17:34
>>> To: ActiveDir@mail.activedir.org
>>> Subject: Re: [ActiveDir] Hardware Suggestions
>>>
>>> 
>>> SATA == Desktop drives.
>>>
>>> They weren't originally concepted to be enterprise class storage.  I 
>>> see them as being back-engineered to be used this way, but most of 
>>> what I've seen has been to deploy them as a JBOD in situations where 
>>> you can absorb the continuous loss of hardware and not impact 
>>> performance and availability.
>>>   Typically in pools of disk and hsm solutions (what is it that hsm 
>>> is called now? ILM? :)
>>>
>>> If you plan to deploy DAS solutions (internal or external), SATA is 
>>> not likely the way to go right now.  You may want to wait a bit 
>>> longer if the data is important.
>>>
>>>
>>> For large pools of inexpensive disks, SATA might be worthwhile to 
>>> investigate if you have a large loading bay, a

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Tomasz Onyszko 

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

Windows 2003 r2 Enterprise  [not standard]  [and not a free upgrade]


Yes, that is a pain. The good thing is that if you want to use ADFS You 
don't have to upgrade all of your servers in organization. It can be 
deployed in Windows 2000 networks as well - of course it will require 
ADSF Server on WIndows 2030 R2 and Windows 2003 R2 for IIS boxes.



ADFS Web SSO Agent will be shipped (AFAIK) in Standard version as well 
so deploying ADFS will require at least (in simple scenario):

- Windows 2003 R2 Ent for ADFS Server
- Windows 2003 R2 Std for each IIS box hosting .NET claim aware application



--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
That I'm not sure of I do know the R2 grid indicates ADFS only in 
Enterprise.


Tomasz Onyszko wrote:

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

Windows 2003 r2 Enterprise  [not standard]  [and not a free upgrade]


Yes, that is a pain. The good thing is that if you want to use ADFS 
You don't have to upgrade all of your servers in organization. It can 
be deployed in Windows 2000 networks as well - of course it will 
require ADSF Server on WIndows 2030 R2 and Windows 2003 R2 for IIS boxes.



ADFS Web SSO Agent will be shipped (AFAIK) in Standard version as well 
so deploying ADFS will require at least (in simple scenario):

- Windows 2003 R2 Ent for ADFS Server
- Windows 2003 R2 Std for each IIS box hosting .NET claim aware 
application






--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Tomasz Onyszko 

Tomasz Onyszko wrote:

Just as an update ADFS reuqirements from Technet web page:
http://technet2.microsoft.com/WindowsServer/en/Library/1c2f6235-833a-421e-8529-3e9cd97da6771033.mspx



--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Change Auditor tools

2005-11-08 Thread Tim Vander Kooi 
I use Active Administrator and love it, almost as much as our auditors
do. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olegario, Alan
Sent: Tuesday, November 08, 2005 8:21 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Change Auditor tools

Another product that I've looked at to do this (but never purchased due
to limited funding) was Active Administrator.

http://www.scriptlogic.com/products/activeadmin/ 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gilbert
Sent: Tuesday, November 08, 2005 8:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Change Auditor tools

Check out a product called Change Auditor for Active Directory (CAAD)
from NetPro (www.netpro.com).

*Not plugging the product just answering the e-mail*

Dan

>  Original Message 
> Subject: [ActiveDir] Change Auditor tools
> From: "Rascher, Raymond" <[EMAIL PROTECTED]>
> Date: Tue, November 08, 2005 6:52 am
> To: "'ActiveDir@mail.activedir.org'" 
> 
> Hello, I am looking for a software product which can monitor, log and 
> alert when changes are made to Active Directory. If the product could 
> also archive security logs that would be a nice addition as well. If 
> you can suggest some products along with you experiences that would be
great.
> 
> Thanks,
> Ray
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Exchange server 2003

2005-11-08 Thread Abdul 








Hi,

I have setup exchange 2003 servers on ms and dc. Both connected to
internet by cable. I can send and receive e.mail locally/internally. I can also
send e.mail to external address. But I can not receive e.mail from external
address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of
the report.

Thanks

Ranga

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Brian Desmond 



Have you opened tcp25 inbound 
on your firewall to the Exchange server? You need this for other SMTP servers to 
communicate with you. If this is a consumer class of cable, it's also possible 
they shutdown inbound smtp globally in which case you'll have to give them a 
ring to see if they'll open it for you. 
 
Thanks,Brian Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
AbdulSent: Tuesday, November 08, 2005 12:30 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange server 
2003


Hi,
I have setup exchange 2003 servers on ms and dc. Both 
connected to internet by cable. I can send and receive e.mail 
locally/internally. I can also send e.mail to external address. But I can not 
receive e.mail from external address. Any 
suggestion
Check from dnsreport is as 
under
http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com
 I am not sure how to correct the problem mentioned 
at the end of the report.
Thanks
Ranga

Re: [ActiveDir] Exchange server 2003

2005-11-08 Thread Phil Renouf 
Based on your DNS information it looks like you have MX record entries for NW1 and NW2.eitlink.com 
eitlink.com preference = 10, mail exchanger = nw2.eitlink.comeitlink.com preference = 10, mail exchanger = 
nw1.eitlink.com 
Do you have Exchange (or an SMTP host) running on those two servers?
 
Phil 
On 11/8/05, Abdul <[EMAIL PROTECTED]> wrote:


Hi,
I have setup exchange 2003 servers on ms and dc. Both connected to internet by cable. I can send and receive e.mail locally/internally. I can also send 
e.mail to external address. But I can not receive e.mail from external address. Any suggestion
Check from dnsreport is as under
http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of the report.
Thanks
Ranga

Re: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread Phil Renouf 
That is also something that comes up in big Exchange installs (using only part of each spindle), especially in SAN configs.
 
Phil 
On 11/7/05, joe <[EMAIL PROTECTED]> wrote:

How about just not partitioning the whole disk of the larger disks? Note I didn't come up with that idea, that came from a young whippersnapper I know out of Redmond whom I was discussing the fastest AD disk configs with a few weeks ago. I haven't tried it but it makes sense to me. Just allocate maybe 10-12GB of each of the 36GB drives across an array or so.

 
Course you could always say screw the fault tolerant RAIDs, this isn't Exchange, and run commando with a stripe set. If you have enough extra DC capacity in the site you could have them all running really fast and then when one blows it just goes away. Most applications that are written properly for AD handle that just fine except apps that hard sync to a single DC. 

 
If I have 7-8 disks, I wouldn't hesitate to put them in a single RAID-10/0+1 type config. OS and Logs are snoring on most DCs. All of the action is around the DIT unless you get that baby into memory which was the first I think 20 responses I got from the whippersnapper. Use 64 bit. I know but... use 64 bit... I know but use 64 bit I know but are you still here, use 64 bit

 
 
  joe


From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Carr, Jonathan (OFT)Sent: Monday, November 07, 2005 6:54 AM 
To: ActiveDir@mail.activedir.orgSubject:
 RE: [ActiveDir] Raid suggestions for DC maybe OT 




We have allot of users coming back to our central site and we use the following config.
 
 
adapter #1 > raid 1 ( 2 disk)    O/S
 
adapter #2 >raid 1 ( 2 disk)   AD LOGS
 
adapter #3 ===>  raid 5 (3 disk)   with global hot spare AD Data
 
 
the key to this using this is that all the equipment (SCSI disk,SCSI controller) is Ultra 320 spec with low latency and low seek times  (15 K rpm usually).   The other thing that has been noticed is that use as small a disk as you can get.  (8 GB)   Some of the manufacturers are saying they only can supply 36GB drives on new equipment.   These drive are ok but the seek time goes up because of the size of the drive

 
 
 
this config works good also
 

adapter #1 > raid 1 ( 2 disk)    O/S
 
adapter #2 >raid 1 ( 2 disk)   AD LOGS   and  raid 5 (3 disk)   with global hot spare (total of 6 on this channel)

 
 
 
hope this helps
 
 
 
 
 





This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments.  Please notify the sender immediately by reply e-mail and delete the e-mail from your system.
 




From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of joeSent: Sunday, November 06, 2005 11:12 AM
To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions for DC maybe OT




LOL. I actually pinged Rick on the "official" guidelines previously for an Enterprise class DC with 4 disks, he was actually one of 4 people I queried since I hadn't seen what I considered good official docs on it. Rick quoted the K3 Deployment guide which is definitely a good start. It indicates

 
RAID 1 - OS
RAID 1 - Logs
RAID 1 or 0+1 - SYSVOL/DIT
 
If you have less than 1000 users using the DC it says you can use one single RAID-1 for the whole thing. Though you have the same issue here as you have for anything, how are the 1000 users using it and what else is using it? Exchange? If so, I doubt I would do a single RAID-1 unless it was very few users. 

 
Otherwise you are looking at a minimum of 6 disks for all RAID-1s or 8 disks if 0+1 and RAID-1. 
 
When you actually look at it, the OS and the logs are using little IOPS on a dedicated DC and splitting them off onto their own "disk" is probably unneccessary. The DIT assuming it isn't all cached and is being heavily hit (like say by Exchange) is raping the disk subsystem. When you have an app that wants lots of IOPS what do you? You increase the number of spindles... So for 
throughput, the fastest four disk configuration is going to be a RAID-5 or a 0+1 or 10. In tests I did several years ago with one hardware vendor RAID-10 and 5 were very close (within a few IOPS) with RAID-5 eeking out the lead. They both blew RAID-1 away. In more recent tests I heard of from someone using another hardware vendor, RAID 0+1 eeked out over RAID-5 by a few IOPS and again blew RAID-1 out of the water. Obviously the tests were different so I recommend folks do their own testing with their own hardware. The fastest disk configs I am aware of are 6 and 8 disk RAID-10/0+1 setups with 8 disks supposedly being rock star fast if you have the room internally. To put it another way, if I had 8 disks, I certainly wouldn't be following the deployment guide config for tho

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Abdul 








On both exchange server is running

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Tuesday, November 08, 2005
12:59 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Exchange
server 2003



 



Based on your DNS information it looks like you have MX record entries
for NW1 and NW2.eitlink.com
 





eitlink.com
preference = 10, mail exchanger = nw2.eitlink.com
eitlink.com preference
= 10, mail exchanger = nw1.eitlink.com
 





Do you have Exchange (or an SMTP host) running on those two servers?





 





Phil

 





On 11/8/05, Abdul
<[EMAIL PROTECTED]> wrote:




Hi,

I have
setup exchange 2003 servers on ms and dc. Both connected to internet by cable.
I can send and receive e.mail locally/internally. I can also send e.mail to
external address. But I can not receive e.mail from external address. Any
suggestion

Check
from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com 

 I
am not sure how to correct the problem mentioned at the end of the report.

Thanks

Ranga





 

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Abdul 








Thanks

My server is directly connected to
internet through consumer cable No firewall.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, November 08, 2005
12:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange
server 2003



 

Have you
opened tcp25 inbound on your firewall to the Exchange server? You need this for
other SMTP servers to communicate with you. If this is a consumer class of
cable, it's also possible they shutdown inbound smtp globally in which case
you'll have to give them a ring to see if they'll open it for you. 



 



Thanks,
Brian
Desmond

[EMAIL PROTECTED]

 

c -
312.731.3132

 

 



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005
12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange
server 2003

Hi,

I have setup exchange 2003 servers on ms and dc. Both connected to internet
by cable. I can send and receive e.mail locally/internally. I can also send
e.mail to external address. But I can not receive e.mail from external address.
Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of
the report.

Thanks

Ranga

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Salandra, Justin A. 








Is nw10 and nw20 your mailservers?

 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005
12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange
server 2003

 

Hi,

I have setup exchange 2003 servers on ms and dc. Both
connected to internet by cable. I can send and receive e.mail
locally/internally. I can also send e.mail to external address. But I can not
receive e.mail from external address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem
mentioned at the end of the report.

Thanks

Ranga

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Salandra, Justin A. 








Are you sure that is how you want it
configured?  You are putting yourself at a greater risk.

 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005
1:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange
server 2003

 

Thanks

My server is directly
connected to internet through consumer cable No firewall.

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, November 08, 2005
12:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange
server 2003



 

Have you opened tcp25 inbound on your firewall to the Exchange
server? You need this for other SMTP servers to communicate with you. If this
is a consumer class of cable, it's also possible they shutdown inbound smtp
globally in which case you'll have to give them a ring to see if they'll open
it for you. 



 



Thanks,
Brian
Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 



 



 







From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Abdul
Sent: Tuesday, November 08, 2005
12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange
server 2003

Hi,

I have setup exchange 2003 servers on ms and dc. Both
connected to internet by cable. I can send and receive e.mail
locally/internally. I can also send e.mail to external address. But I can not
receive e.mail from external address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem
mentioned at the end of the report.

Thanks

Ranga

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Derek Harris 



!!??Que??!!


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
AbdulSent: Tuesday, November 08, 2005 11:07 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange server 
2003


Thanks
My server is directly 
connected to internet through consumer cable No 
firewall.
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Brian 
DesmondSent: Tuesday, November 
08, 2005 12:53 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange server 
2003
 
Have you 
opened tcp25 inbound on your firewall to the Exchange server? You need this for 
other SMTP servers to communicate with you. If this is a consumer class of 
cable, it's also possible they shutdown inbound smtp globally in which case 
you'll have to give them a ring to see if they'll open it for you. 


 
Thanks,Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of AbdulSent: Tuesday, November 08, 2005 12:30 
PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Exchange server 
2003
Hi,
I have setup exchange 2003 servers on ms and dc. Both 
connected to internet by cable. I can send and receive e.mail 
locally/internally. I can also send e.mail to external address. But I can not 
receive e.mail from external address. Any 
suggestion
Check from dnsreport is as 
under
http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com
 I am not sure how to correct the problem mentioned 
at the end of the report.
Thanks
Ranga

Re: [ActiveDir] Exchange server 2003

2005-11-08 Thread Phil Renouf 
I think Brian was on the right track. I am unable to connect to either server over port 25; although you might not have a firewall in place your cable providor may be blocking port 25 inbound to your servers. That is fairly common in cable/dsl providors.

 
Phil 
On 11/8/05, Abdul <[EMAIL PROTECTED]> wrote:


Thanks
My server is directly connected to internet through consumer cable No firewall.
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Brian DesmondSent: Tuesday, November 08, 2005 12:53 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange server 2003

 
Have you opened tcp25 inbound on your firewall to the Exchange server? You need this for other SMTP servers to communicate with you. If this is a consumer class of cable, it's also possible they shutdown inbound smtp globally in which case you'll have to give them a ring to see if they'll open it for you. 


 
Thanks,
Brian Desmond

[EMAIL PROTECTED]
 
c - 312.731.3132
 
 

 
 



From:
 [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of AbdulSent: Tuesday, November 08, 2005 12:30 PM
To: ActiveDir@mail.activedir.orgSubject:
 [ActiveDir] Exchange server 2003
Hi,
I have setup exchange 2003 servers on ms and dc. Both connected to internet by cable. I can send and receive e.mail locally/internally. I can also send 
e.mail to external address. But I can not receive e.mail from external address. Any suggestion
Check from dnsreport is as under
http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of the report.
Thanks
Ranga

Re: [ActiveDir] Exchange server 2003

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
Man I'm hoping there's IPsec running on that server because sir, you 
need a firewall in front of that box, and you need it fast.



Derek Harris wrote:

!!??Que??!!


*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Abdul

*Sent:* Tuesday, November 08, 2005 11:07 AM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Exchange server 2003

Thanks

My server is directly connected to internet through consumer cable No 
firewall.


 




*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Brian Desmond

*Sent:* Tuesday, November 08, 2005 12:53 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Exchange server 2003

 

**Have you opened tcp25 inbound on your firewall to the Exchange 
server? You need this for other SMTP servers to communicate with you. 
If this is a consumer class of cable, it's also possible they shutdown 
inbound smtp globally in which case you'll have to give them a ring to 
see if they'll open it for you. **


 


**Thanks,***
**Brian Desmond***

[EMAIL PROTECTED] 

 


**c - 312.731.3132**

 

 

 

 




*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Abdul

*Sent:* Tuesday, November 08, 2005 12:30 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] Exchange server 2003

Hi,

I have setup exchange 2003 servers on ms and dc. Both connected to 
internet by cable. I can send and receive e.mail locally/internally. I 
can also send e.mail to external address. But I can not receive e.mail 
from external address. Any suggestion


Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of the 
report.


Thanks

Ranga



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Brian Desmond 



I can't telnet 
nw1.eitlink.com (or nw2) on port 25, which means I can't connect to the SMTP 
server. This works out to either a) you have connection security turned on on 
the SMTP virtual server (look in the properties in start>run>inetmgr), or 
there's a firewall in between you and me, either yours or the cable company's. 

 
Thanks,Brian Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
AbdulSent: Tuesday, November 08, 2005 1:08 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Exchange server 
2003


On both exchange server 
is running
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Phil 
RenoufSent: Tuesday, November 
08, 2005 12:59 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Exchange server 
2003
 

Based on your DNS information it looks like you have MX 
record entries for NW1 and NW2.eitlink.com 

eitlink.com preference = 
10, mail exchanger = nw2.eitlink.comeitlink.com preference = 
10, mail exchanger = nw1.eitlink.com 

Do you have Exchange (or an SMTP host) running on those 
two servers?

 

Phil 

On 11/8/05, Abdul <[EMAIL PROTECTED]> 
wrote: 

Hi,
I have 
setup exchange 2003 servers on ms and dc. Both connected to internet by cable. I 
can send and receive e.mail locally/internally. I can also send e.mail to 
external address. But I can not receive e.mail from external address. Any 
suggestion
Check from 
dnsreport is as under
http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com 

 I am 
not sure how to correct the problem mentioned at the end of the 
report.
Thanks
Ranga
 

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Abdul 








Servers are nw1 and nw2.eitlink.com

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, November 08, 2005
1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange
server 2003



 

Is nw10 and nw20 your mailservers?

 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005
12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange
server 2003

 

Hi,

I have setup exchange 2003 servers on ms and dc. Both
connected to internet by cable. I can send and receive e.mail
locally/internally. I can also send e.mail to external address. But I can not
receive e.mail from external address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem
mentioned at the end of the report.

Thanks

Ranga

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Rob MOIR 
Is this some kind of experiment to see how quickly hackers find your machine?

Anyway, many consumer cable companies limit the ports that their customers can 
open to the internet. Check your AUP and if it mentions that you can't run 
servers of this kind on your service then you will probably find they're 
blocking it.

-Original Message-
From: [EMAIL PROTECTED] on behalf of Abdul
Sent: Tue 08/11/2005 18:07
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange server 2003
 
Thanks

My server is directly connected to internet through consumer cable No
firewall.

 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Tuesday, November 08, 2005 12:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange server 2003

 

Have you opened tcp25 inbound on your firewall to the Exchange server? You
need this for other SMTP servers to communicate with you. If this is a
consumer class of cable, it's also possible they shutdown inbound smtp
globally in which case you'll have to give them a ring to see if they'll
open it for you. 

 

Thanks,
Brian Desmond

  [EMAIL PROTECTED]

 

c - 312.731.3132

 

 

 

 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005 12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange server 2003

Hi,

I have setup exchange 2003 servers on ms and dc. Both connected to internet
by cable. I can send and receive e.mail locally/internally. I can also send
e.mail to external address. But I can not receive e.mail from external
address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of the
report.

Thanks

Ranga


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread deji 

COGECO does not support LAN connection service, telecommuting and VPN service
on High Speed Residential Internet Services. The connection of Internet
servers at Customer residential premises to the COGECO Network is prohibited.
The residential Customer may not run programs or servers which provide
network service to others. Examples of prohibited programs include, but are
not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive
forums.

http://www.cogeco.ca/en/high_speed_internet_service_agreement_o.html
 
Looks like it's time to switch providers.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Abdul
Sent: Tue 11/8/2005 10:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange server 2003



Servers are nw1 and nw2.eitlink.com

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, November 08, 2005 1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Exchange server 2003

 

Is nw10 and nw20 your mailservers?

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abdul
Sent: Tuesday, November 08, 2005 12:30 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Exchange server 2003

 

Hi,

I have setup exchange 2003 servers on ms and dc. Both connected to internet
by cable. I can send and receive e.mail locally/internally. I can also send
e.mail to external address. But I can not receive e.mail from external
address. Any suggestion

Check from dnsreport is as under

http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com

 I am not sure how to correct the problem mentioned at the end of the report.

Thanks

Ranga

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: Legato Replistor

2005-11-08 Thread Noah Eiger 
Thanks to all for the information and debate. I plan to start working with
it in a testing environment shortly. Fortunately, this would not really get
implemented for roughly five months. My concern at this point was really if
I should be spending time investigating and purchasing Replistor. From the
discussion here (including Travis's warning), I am inclined to throw the
proverbial hat in with DFSR. 

I am sure that EMC will have a marketing juggernaught aimed at explaining
why DFSR is junk and Replistor turns water into wine. From the talk here,
DFSR will make these other products fairly superfluous, no?

Thanks again.

-- nme

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 08, 2005 7:47 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Legato Replistor

>>>Give it at least six months for the initial problems to ironed out
first...remember the pain of early Windows 2000 DFS?

If there ever is a great argument FOR using DFSR "now", this is it! Rather
than waiting for an arbitrary length of "cooling off" period, you ought to
get in there now and test it out and see what works and what does not work
for you - you have a better chance of effecting changes to the final product
at this point, and you get the benefit of actually knowing and understanding
the product better than you otherwise would.
 
Moreso, it gives you a true understanding of its capabilities well before
the
Marketing spiel hits the airwaves and tart clouding your judgment. If you
use
it now, you will get the technical angle, and you will be less susceptible
to
some attractive jargons coined up by people like me whose very existence
will
depend on getting you to implement - I will have all the ammo then and you
will have nothing but a whimpering "I just want to wait a while ." :).
You noticed how Guido shredded my "Quantum Leap" theory, didn't you?
 
That's what I mean.
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Jensz, Travis
Sent: Tue 11/8/2005 3:00 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: Legato Replistor



We've recently used RepliStor for our 2000 to 2003 migration, and now we're
using it to maintain a hot spare at some of our larger sites.  Generally
speaking it's pretty good, and when everything's running well it transmits
data surprisingly quick - I haven't bothered yet trying to prove whether or
not it actually does replicate data on something more granular than a per
file basis, but it's pretty quick.  The main problem we had with it came
down to a conflict with the AV software on the target machine.  Since we're
only replicating one-way (and RepliStor is locking the target data for us)
we simply disabled AV on the target and we'll just enable it again if we
ever lose the live server.  However, it sounds like you plan to replicate
data around in a multi-master scenario, so disabling AV isn't really an
option... not sure how you'd get around it... maybe their support guys will
be able to help you out.  Also, all of our replication so far has been over
LAN connections, so our experience with the software has very much been a
best case scenario.  We'll be tackling WAN replication some time soon.

I'm sure the following applies to most data replication software, not just
RepliStor, but here are a few things which caused us pain:

- antivirus!!
- switches with QoS enabled
- files which had the offline attribute set
- buffer area filling up

As for DFSR, I wouldn't dream of using it the day it hits the shelf.  Give
it at least six months for the initial problems to ironed out first...
remember the pain of early Windows 2000 DFS?

Travis


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: 07 November 2005 21:33
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Legato Replistor

I've been doing various tests myself and while I wouldn't say a DFSR is a
quantum leap from Double-Take, I'd certainly agree that it is when compared
to FRS. Maybe even two leaps...  Certainly something that I consider one of
the main benefits of R2.

But besides all the talk on the file replication improvements, you should
also not loose focus on the various benefits of the updated core DFS itself.

Here are my favorite changes of DFS/DFSR (other than dramatically improving
repl. performance and efficiency):

· new object type "Folders" to create Link-Hierarchy within the same DFS
root
· powerful options to configure Target priority (handling of link target
referrals) outside of client's site (links within client's site will always
be listed first in referral list)
? Random Order
? Lowest Cost
? Exclude Targets outside cli

RE: [ActiveDir] Raid suggestions for DC maybe OT

2005-11-08 Thread Carr, Jonathan \(OFT\) 



it is a 2 hub (4 dc's each) with spokes design.  Not 
just one dc but each dc has a link to all the sites


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rick 
KingslanSent: Tuesday, November 08, 2005 9:47 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

Jonathan -
 
275 replication links seems, at least to my tired eyes this 
AM, to be a lot.  Are you running a branch office environment, or is this a 
number of remote sites that link back to a single hub?
 
I'm interested as to why there are so many repl links to 
your DCs, only if it's one DC.  In my experience, that's not optimal, and 
we can provide some prescriptive guidance to help optimize the topology with no 
addition of hardware, just some tuning of site/subnet 
configurations.
 
Rick [msft]

--Posting is provided "AS IS", and confers no rights or 
warranties ...  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Tuesday, November 08, 2005 6:00 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

I don't know about you but rebuilding DC's is not fun 
stuff.   Especially if it has 275 replication links to it from remote 
DC's..   believe me spend the money on the fault 
tolerance..


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Monday, November 07, 2005 10:09 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT

How about just not partitioning the whole disk of the 
larger disks? Note I didn't come up with that idea, that came from a young 
whippersnapper I know out of Redmond whom I was discussing the fastest AD disk 
configs with a few weeks ago. I haven't tried it but it makes sense to me. Just 
allocate maybe 10-12GB of each of the 36GB drives across an array or 
so.
 
Course you could always say screw the fault tolerant RAIDs, 
this isn't Exchange, and run commando with a stripe set. If you have enough 
extra DC capacity in the site you could have them all running really fast and 
then when one blows it just goes away. Most applications that are written 
properly for AD handle that just fine except apps that hard sync to a single DC. 

 
If I have 7-8 disks, I wouldn't hesitate to put them in a 
single RAID-10/0+1 type config. OS and Logs are snoring on most DCs. All of the 
action is around the DIT unless you get that baby into memory which was the 
first I think 20 responses I got from the whippersnapper. Use 64 bit. I know 
but... use 64 bit... I know but use 64 bit I know but are you still 
here, use 64 bit
 
 
  joe


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan 
(OFT)Sent: Monday, November 07, 2005 6:54 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid suggestions 
for DC maybe OT



We have allot of users coming back to our central site and 
we use the following config.
 
 
adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS
 
adapter #3 ===>  raid 5 (3 disk)   with 
global hot spare AD Data
 
 
the key to this using this is that all the equipment (SCSI 
disk,SCSI controller) is Ultra 320 spec with low latency and low seek 
times  (15 K rpm usually).   The other thing that has been 
noticed is that use as small a disk as you can get.  (8 GB)   
Some of the manufacturers are saying they only can supply 36GB drives on new 
equipment.   These drive are ok but the seek time goes up because of 
the size of the drive
 
 
 
this config works good also
 

adapter #1 > raid 1 ( 2 disk)    
O/S
 
adapter #2 >raid 1 ( 2 disk)   AD 
LOGS   and  raid 5 (3 disk)   with global hot 
spare (total of 6 on this channel)
 
 
 
hope this 
helps
 
 
 
 
 





This e-mail, including 
any attachments, may be confidential, privileged or otherwise legally protected. 
It is intended only for the addressee. If you received this e-mail in error or 
from someone who was not authorized to send it to you, do not disseminate, copy 
or otherwise use this e-mail or its attachments.  Please notify the sender 
immediately by reply e-mail and delete the e-mail from your system. 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Sunday, November 06, 2005 11:12 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Raid suggestions for DC maybe OT

LOL. I actually pinged Rick on the "official" guidelines 
previously for an Enterprise class DC with 4 disks, he was actually one of 4 
people I queried since I hadn't seen what I considered good official docs on it. 
Rick quoted the K3 Deployment guide which is definitely a good start. It 
indicates
 
RAID 1 - OS
RAID 1 - Logs
RAID 1 or 0+1 - SYSVOL/DIT
 
If you have less than 1000 users using the DC it says you 
can use one single RAID-1 for the whole thing. Though you have the same issue 
here as you have for anything, how are the 1000 users using it and what e

RE: [ActiveDir] Hardware Suggestions

2005-11-08 Thread joe 
Either you haven't noticed the perf hit or have a small DIT that is all
cached or you haven't used your AD as hard as some others then. I have seen
in several companies RAID-1 configs crumble under AD with no idle time and
disk queues going through the ceiling. Exchange can easily peg a DC that has
to go to disk for DIT often and that disk is a mirror.

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Tuesday, November 08, 2005 11:43 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Hardware Suggestions

In the division I work in we use HP Proliant DL-360's and run only RAID 1 (
Mirrored ) we only use RAID 0+1 ( 10 ) when we require very fast I/O such as
on a heavily used Exchange server or SQL server. Personally I think it is a
waste of resources to run AD on RAID  0+1 ( 10 ), it would  not hurt to have
faster disk I/O, but unnecessary.


Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Al Lilianstrom
Sent: Tuesday, November 08, 2005 8:16 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Hardware Suggestions


Rick Kingslan wrote:
> Add to that - SATA is not for the desktop only.  Check out some of the SAN
> coming out from most vendors, EMC included.  Those drives and connections
> look a lot like SATA to me. 

We have SATA bricks attached to our SAN. They have some issues that, in 
my opinion, make them not quite 'enterprise' ready. A different vendor 
just dropped off a rack full of disks (SATA and FC) for us to test as 
part of a NAS investigation. The SATA based arrays are slower than the 
FC based arrays. Not as much as they used to be but still significantly 
slower. That said - we haven't moved anything real important to the SATA 
volumes yet. Mainly archives and temp storage for data reprocessing 
right now.

al

> Rick [msft]
> --
> Posting is provided "AS IS", and confers no rights or warranties ...
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of ASB
> Sent: Tuesday, November 08, 2005 7:13 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Hardware Suggestions
> 
> ~
> I don't have a problem with SATA (an upgrade from PATA) if used as
designed.
> It's designed for desktop storage.  Not that it can't be adjusted to
> server/enterprise, but it's price point and architecture are intended for
> desktops (i.e. cheap but not as reliable as a shared resource).
> ~
> 
> Depends on the size of the "enterprise"
> 
> SATA has its place in the server segments of smaller orgs for sure.   
> It's not too long ago that Windows and Intel processors were considered
"not
> designed for the enterprise"...
> 
> 
> -ASB
>  FAST, CHEAP, SECURE: Pick Any TWO
>  http://www.ultratech-llc.com/KB/
> 
> 
> On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
>> That's a desktop user? The apple desktop?
>>
>> I don't have a problem with SATA (an upgrade from PATA) if used as
> designed.
>> It's designed for desktop storage.  Not that it can't be adjusted to 
>> server/enterprise, but it's price point and architecture are intended 
>> for desktops (i.e. cheap but not as reliable as a shared resource).
>>
>> Used appropriately, I'm quite happy with it.  But it's intended to be 
>> cheap and replaceable.
>>
>> Cheap, fast, reliable - pick two (or something like that ;)
>>
>> That shouldn't last if history is any indication, but for now I'll try 
>> not to build too many centrally required applications on that 
>> technology unless I can put a lot of abstraction in front of it (large 
>> pools that aren't bothered by the loss of several components at a 
>> time.)
>>
>>
>>
>>
>>
>>
>>
>>> From: "Rob MOIR" <[EMAIL PROTECTED]>
>>> Reply-To: ActiveDir@mail.activedir.org
>>> To: ,
>>> Subject: RE: [ActiveDir] Hardware Suggestions
>>> Date: Mon, 7 Nov 2005 18:36:10 -
>>>
>>> I've deployed SATA for storage of large files in Apple XRaid units in 
>>> a Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still 
>>> just as happy ;-) but it was the only way to give the user what they 
>>> wanted inside the budget we had.
>>>
>>> One advantage of the XRaid is that it's fitted out from the get go to 
>>> use SATA disks and the only reason you'd ever have to do anything to 
>>> it is to replace a drive that you already know has gone bad.
>>>
>>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED] on behalf of Al Mulnick
>>> Sent: Mon 07/11/2005 17:34
>>> To: ActiveDir@mail.activedir.org
>>> Subject: Re: [ActiveDir] Hardware Suggestions
>>>
>>> 
>>> SATA == Desktop drives.
>>>
>>> They weren't originally concepted to be enterprise class storage.  I 
>>> see them as being back-engineered to be used this way, but most of 
>>> wh

[ActiveDir] enterprise admin issues

2005-11-08 Thread Tom Kern 
I have a strange issue where when i add someone to the enterpirse admin UG, that membership is reflected in the root domain but not in the child domain when i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites. 
no errors in Directory service log.
netdiag and dcdiag show no errors.
 
repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows nothing being more than a few minutes behind.
dns is ad-intergrated.
 
site links are set to 15mins.
any place else i should look?
thanks

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread Grillenmeier, Guido 



that's not strange - that's by nature of ADUC's new 
filtering mechanism, ensuring that you only see membership groups of your own 
domain. This shall "reduce" the confusion when looking at the membeships on a 
normal DC vs. a GC => they're now show the same...
 
Check the memberOf attribute of the respective account on a 
GC of the child domain via ADSIedit, ldp or other LDAP tools and you'll find his 
membership fully intact.
 
You can also fix this behaviour (so that you'll see the 
users's membership in the UG on a child-dom GC) - see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;833883 

http://support.microsoft.com/default.aspx?scid=kb;en-us;842632
 
/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tom 
KernSent: Dienstag, 8. November 2005 21:11To: 
activedirectorySubject: [ActiveDir] enterprise admin 
issues

I have a strange issue where when i add someone to the enterpirse admin UG, 
that membership is reflected in the root domain but not in the child domain when 
i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites. 
no errors in Directory service log.
netdiag and dcdiag show no errors.
 
repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows 
nothing being more than a few minutes behind.
dns is ad-intergrated.
 
site links are set to 15mins.
any place else i should look?
thanks

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread deji 
Normal behavior. It's not something you are doing (or not doing). The
"MemberOf" attrib of a user in one domain does not include the group from
another domain when you are enumerating from a user domain that is foreign to
the group.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Tue 11/8/2005 12:11 PM
To: activedirectory
Subject: [ActiveDir] enterprise admin issues


I have a strange issue where when i add someone to the enterpirse admin UG,
that membership is reflected in the root domain but not in the child domain
when i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites. 
no errors in Directory service log.
netdiag and dcdiag show no errors.
 
repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows nothing
being more than a few minutes behind.
dns is ad-intergrated.
 
site links are set to 15mins.
any place else i should look?
thanks
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread Grillenmeier, Guido 
hey Déji - I actually thought you had used AD before 2003 hit the market ;-) 
see my post on the same topic...

/Guido

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Dienstag, 8. November 2005 21:25
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] enterprise admin issues

Normal behavior. It's not something you are doing (or not doing). The
"MemberOf" attrib of a user in one domain does not include the group from
another domain when you are enumerating from a user domain that is foreign to
the group.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Tue 11/8/2005 12:11 PM
To: activedirectory
Subject: [ActiveDir] enterprise admin issues


I have a strange issue where when i add someone to the enterpirse admin UG,
that membership is reflected in the root domain but not in the child domain
when i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites. 
no errors in Directory service log.
netdiag and dcdiag show no errors.
 
repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows nothing
being more than a few minutes behind.
dns is ad-intergrated.
 
site links are set to 15mins.
any place else i should look?
thanks
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] enterprise admin issues

2005-11-08 Thread Tom Kern 
Thanks!!
 
I don't remeber, were you able to see cross domain UG membership in win2k?
 
also, do you really think this is a good "feature" in your opinion?
i think its led to more confusion for me than the other way
 
thanks again 
On 11/8/05, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote:

that's not strange - that's by nature of ADUC's new filtering mechanism, ensuring that you only see membership groups of your own domain. This shall "reduce" the confusion when looking at the membeships on a normal DC vs. a GC => they're now show the same...

 
Check the memberOf attribute of the respective account on a GC of the child domain via ADSIedit, ldp or other LDAP tools and you'll find his membership fully intact.

 
You can also fix this behaviour (so that you'll see the users's membership in the UG on a child-dom GC) - 
see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;833883
 
http://support.microsoft.com/default.aspx?scid=kb;en-us;842632

 
/Guido


From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Dienstag, 8. November 2005 21:11To: activedirectorySubject: [ActiveDir] enterprise admin issues 



I have a strange issue where when i add someone to the enterpirse admin UG, that membership is reflected in the root domain but not in the child domain when i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites. 
no errors in Directory service log.
netdiag and dcdiag show no errors.
 
repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows nothing being more than a few minutes behind.
dns is ad-intergrated.
 
site links are set to 15mins.
any place else i should look?
thanks

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread deji 
Wrong choice of verb :). "include" is not the right word I meant to say
 
Who are YOU anyway? :)
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Grillenmeier, Guido
Sent: Tue 11/8/2005 12:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] enterprise admin issues



hey Déji - I actually thought you had used AD before 2003 hit the market ;-)
see my post on the same topic...

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Dienstag, 8. November 2005 21:25
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] enterprise admin issues

Normal behavior. It's not something you are doing (or not doing). The
"MemberOf" attrib of a user in one domain does not include the group from
another domain when you are enumerating from a user domain that is foreign to
the group.


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Tue 11/8/2005 12:11 PM
To: activedirectory
Subject: [ActiveDir] enterprise admin issues


I have a strange issue where when i add someone to the enterpirse admin UG,
that membership is reflected in the root domain but not in the child domain
when i click the user's member of tab.
I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
The root is a resource domain.
All dc's are gc's except the infra masters.
there is no UG caching enabled.
there are 3 sites.
no errors in Directory service log.
netdiag and dcdiag show no errors.

repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows nothing
being more than a few minutes behind.
dns is ad-intergrated.

site links are set to 15mins.
any place else i should look?
thanks
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Methods to verify GC promotion

2005-11-08 Thread Danny 
Could you please let me know all the ways to verify a DC has been
successfully promoted to a GC?  For example, will a dcdiag 100% verify
this?

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread Grillenmeier, Guido 



yes, cross-domain UG visisbility worked (or should I say 
"works") fine in Win2k - but apparently some customer had 
issues with ADUC showing different group-memberships in ADUC depending which DC 
you were connected to (DC vs GC), which is why this "new feature" was added in 
Win2003. 
 
I didn't like this feature either - especially in an 
environment with Exchange and users being in various DLs from other domains, 
which you could now no longer see either :-(  I complained early on (but 
too late for the RTM version)...
 
So now the confusion is the other way... - thus the 
fix.  
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tom 
KernSent: Dienstag, 8. November 2005 21:30To: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] enterprise admin 
issues

Thanks!!
 
I don't remeber, were you able to see cross domain UG membership in 
win2k?
 
also, do you really think this is a good "feature" in your opinion?
i think its led to more confusion for me than the other way
 
thanks again 
On 11/8/05, Grillenmeier, 
Guido <[EMAIL PROTECTED]> 
wrote: 

  that's 
  not strange - that's by nature of ADUC's new filtering mechanism, ensuring 
  that you only see membership groups of your own domain. This shall "reduce" 
  the confusion when looking at the membeships on a normal DC vs. a GC => 
  they're now show the same... 
   
  Check 
  the memberOf attribute of the respective account on a GC of the child domain 
  via ADSIedit, ldp or other LDAP tools and you'll find his membership fully 
  intact. 
   
  You can 
  also fix this behaviour (so that you'll see the users's membership in the UG 
  on a child-dom GC) - see:
  
  http://support.microsoft.com/default.aspx?scid=kb;en-us;833883 
  
  http://support.microsoft.com/default.aspx?scid=kb;en-us;842632 
  
   
  /Guido
  
  
  From: [EMAIL PROTECTED] [mailto: 
  [EMAIL PROTECTED]] On Behalf Of Tom 
  KernSent: Dienstag, 8. November 2005 21:11To: 
  activedirectorySubject: [ActiveDir] enterprise admin 
  issues 
  
  
  I have a strange issue where when i add someone to the enterpirse admin 
  UG, that membership is reflected in the root domain but not in the child 
  domain when i click the user's member of tab.
  I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
  The root is a resource domain.
  All dc's are gc's except the infra masters.
  there is no UG caching enabled.
  there are 3 sites. 
  no errors in Directory service log.
  netdiag and dcdiag show no errors.
   
  repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows 
  nothing being more than a few minutes behind.
  dns is ad-intergrated.
   
  site links are set to 15mins.
  any place else i should look?
  thanks

RE: [ActiveDir] enterprise admin issues

2005-11-08 Thread joe 



Using 2K ADUC and assuming you were looking at a GC yes. 

 
This is a filtering mechanism in K3's ADUC. It isn't 
implemented any lower. LDAP requests will still show info but it can be 
confusing to people when certain things are shown or not 
shown.
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tom 
KernSent: Tuesday, November 08, 2005 3:30 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] enterprise admin 
issues

Thanks!!
 
I don't remeber, were you able to see cross domain UG membership in 
win2k?
 
also, do you really think this is a good "feature" in your opinion?
i think its led to more confusion for me than the other way
 
thanks again 
On 11/8/05, Grillenmeier, 
Guido <[EMAIL PROTECTED]> 
wrote: 

  that's 
  not strange - that's by nature of ADUC's new filtering mechanism, ensuring 
  that you only see membership groups of your own domain. This shall "reduce" 
  the confusion when looking at the membeships on a normal DC vs. a GC => 
  they're now show the same... 
   
  Check 
  the memberOf attribute of the respective account on a GC of the child domain 
  via ADSIedit, ldp or other LDAP tools and you'll find his membership fully 
  intact. 
   
  You can 
  also fix this behaviour (so that you'll see the users's membership in the UG 
  on a child-dom GC) - see:
  
  http://support.microsoft.com/default.aspx?scid=kb;en-us;833883 
  
  http://support.microsoft.com/default.aspx?scid=kb;en-us;842632 
  
   
  /Guido
  
  
  From: [EMAIL PROTECTED] [mailto: 
  [EMAIL PROTECTED]] On Behalf Of Tom 
  KernSent: Dienstag, 8. November 2005 21:11To: 
  activedirectorySubject: [ActiveDir] enterprise admin 
  issues 
  
  
  I have a strange issue where when i add someone to the enterpirse admin 
  UG, that membership is reflected in the root domain but not in the child 
  domain when i click the user's member of tab.
  I'm running a 2 domain wink2k3sp1 forest in FFL/DFL win2k3.
  The root is a resource domain.
  All dc's are gc's except the infra masters.
  there is no UG caching enabled.
  there are 3 sites. 
  no errors in Directory service log.
  netdiag and dcdiag show no errors.
   
  repadmin /showvector /latency /dc=childdomain,dc=root,dc=local shows 
  nothing being more than a few minutes behind.
  dns is ad-intergrated.
   
  site links are set to 15mins.
  any place else i should look?
  thanks

RE: [ActiveDir] Methods to verify GC promotion

2005-11-08 Thread Almeida Pinto, Jorge de 
(1) LDP - when connecting see the attribute isGlobalCatalogReady: TRUE;
(2) event id 1119
(3) reg key 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" "Global 
Catalog Promotion Complete = 1"
(4) replmon
 
Cheers
Jorge



From: [EMAIL PROTECTED] on behalf of Danny
Sent: Tue 11/8/2005 9:37 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Methods to verify GC promotion



Could you please let me know all the ways to verify a DC has been
successfully promoted to a GC?  For example, will a dcdiag 100% verify
this?

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
<>

RE: [ActiveDir] Methods to verify GC promotion

2005-11-08 Thread Grillenmeier, Guido 
better to check for "isGlobalCatalogReady" attribute in RootDSE - will
be set to true when promotion is done.  You'll see the contents of
RootDSE or a DC for example when binding to it via LDP.EXE.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Dienstag, 8. November 2005 21:38
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Methods to verify GC promotion

Could you please let me know all the ways to verify a DC has been
successfully promoted to a GC?  For example, will a dcdiag 100% verify
this?

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Methods to verify GC promotion

2005-11-08 Thread Free, Bob 
 Look for an Event log entry saying that the GC promotion has completed
Source NTDS Event 1119

Look for a Registry entry called HKLM -> System -> CurrentControlSet ->
Services -> NTDS -> Parameters -> Global Catalog Promotion Complete 

Dump the RootDSE contents using the LDAP Browser (LDP)  and look for the
isGlobalCatalogReady attribute set to TRUE.

Use the Nltest utility that comes in the Windows Server 2003 Support
Tools- nltest /dsgetdc:domainname & look for the GC flag

There are probably others but those come to mind

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Tuesday, November 08, 2005 12:38 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Methods to verify GC promotion

Could you please let me know all the ways to verify a DC has been
successfully promoted to a GC?  For example, will a dcdiag 100% verify
this?

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Methods to verify GC promotion

2005-11-08 Thread Dean Wells 
All the posts I've seen do indeed validate that the GC deems itself 'ready',
the definition of 'ready', however, warrants a mention.  Since I'm unaware
of what motivated you to ask, I'd suggest you take a look at the definition
of "occupancy level" as it pertains to a GC -

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechR
ef/0d34c3b9-499b-41d3-a55f-527ce61e7858.mspx


--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Tuesday, November 08, 2005 12:38 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Methods to verify GC promotion

Could you please let me know all the ways to verify a DC has been
successfully promoted to a GC?  For example, will a dcdiag 100% verify this?

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Incorporating external users.......

2005-11-08 Thread Ulf B. Simon-Weidner 
> [mailto:[EMAIL PROTECTED] On Behalf Of Susan 
> Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> 
> Windows 2003 r2 Enterprise  [not standard]  [and not a free upgrade]
> 

Excepting for customers with Software Assurance, and you only need the
enterprise version on the Federation Servers and Federation Server Proxies.

Ulf



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Netlogon.dns (2)

2005-11-08 Thread Ulf B. Simon-Weidner 




Instead of hijacking another thread I'm going to start my own ;)

What I've seen recently and was pretty surprised: A customer of mine had 
incomplete netlogon.dns-files, they had some of the records which were supposed 
to be there but not all. On some DCs about 50% of the netlogon.dns was 
missing.

Really bad about this is that the tools like dcdiag only test the content of 
the netlogon.dns against the DNS-Service, and that the netlogon-process does not 
check the content of the netlogon.dns without any changes unless the file is 
missing. So the customer had missing DNS-Informations for ages and never noticed 
it - not everyone is digging around in DNS and knows what's supposed to be there 
;)

DCs were W2k SP4.

Anyone seen this before? OK - I've already fixed it by renaming netlogon.dns 
and restarting netlogon, but I'm curious if anyone has ideas where this might 
come from and if anyone has seen it before.
Gruesse - Sincerely, 
Ulf B. Simon-Weidner 
  MVP-Book "Windows XP - Die Expertentipps": 
http://tinyurl.com/44zcz  Weblog: 
http://msmvps.org/UlfBSimonWeidner  
Website: http://www.windowsserverfaq.org 
 

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread Gil Kirkpatrick 



Were the entries dropped off the end of the file, or were 
they missing from the middle? Any pattern to the entries that were 
missing?
 
-gil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. 
Simon-WeidnerSent: Tuesday, November 08, 2005 3:36 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Netlogon.dns 
(2)


Instead of hijacking another thread I'm going to start my own ;)

What I've seen recently and was pretty surprised: A customer of mine had 
incomplete netlogon.dns-files, they had some of the records which were supposed 
to be there but not all. On some DCs about 50% of the netlogon.dns was 
missing.

Really bad about this is that the tools like dcdiag only test the content of 
the netlogon.dns against the DNS-Service, and that the netlogon-process does not 
check the content of the netlogon.dns without any changes unless the file is 
missing. So the customer had missing DNS-Informations for ages and never noticed 
it - not everyone is digging around in DNS and knows what's supposed to be there 
;)

DCs were W2k SP4.

Anyone seen this before? OK - I've already fixed it by renaming netlogon.dns 
and restarting netlogon, but I'm curious if anyone has ideas where this might 
come from and if anyone has seen it before.
Gruesse - Sincerely, 
Ulf B. Simon-Weidner 
  MVP-Book "Windows XP - Die Expertentipps": 
http://tinyurl.com/44zcz  Weblog: 
http://msmvps.org/UlfBSimonWeidner  
Website: http://www.windowsserverfaq.org 
 

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread David Adner 



May want to check this out to verify this isn't the 
issue:
 
The Domain Controller does not register _GC, _KERBEROS, and 
_KPASSWD DNS entries when a Windows 2000 server starts
http://support.microsoft.com/kb/841395/

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. 
  Simon-WeidnerSent: Tuesday, November 08, 2005 4:36 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Netlogon.dns 
  (2)
  
  
  Instead of hijacking another thread I'm going to start my own ;)
  
  What I've seen recently and was pretty surprised: A customer of mine had 
  incomplete netlogon.dns-files, they had some of the records which were 
  supposed to be there but not all. On some DCs about 50% of the netlogon.dns 
  was missing.
  
  Really bad about this is that the tools like dcdiag only test the content 
  of the netlogon.dns against the DNS-Service, and that the netlogon-process 
  does not check the content of the netlogon.dns without any changes unless the 
  file is missing. So the customer had missing DNS-Informations for ages and 
  never noticed it - not everyone is digging around in DNS and knows what's 
  supposed to be there ;)
  
  DCs were W2k SP4.
  
  Anyone seen this before? OK - I've already fixed it by renaming 
  netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas 
  where this might come from and if anyone has seen it before.
  Gruesse - Sincerely, 
  
  Ulf B. Simon-Weidner 
    MVP-Book "Windows XP - Die 
  Expertentipps": http://tinyurl.com/44zcz  Weblog: 
  http://msmvps.org/UlfBSimonWeidner  
  Website: http://www.windowsserverfaq.org 
   

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread Ulf B. Simon-Weidner 



No pattern at all, sometimes kerberos SRVs, sometimes GC SRVs, sometimes 
SRVs which were missing in the site dns-domain but were existing in the 
"all-in-the-domain"-dns-domain, totally weired. Was more looking like after 
promotion performance issues which were preventing to write all records to the 
netlogon.dns, but that's a very wild guess. I would have been interested to see 
it after it got promoted initially, but our company wasn't involved at this 
point, two other companies did the migration (both of them here on the list - so 
I won't mention them). They were running like that for years propably - they 
didn't have dns aging and scavening activated so I don't think they disappeared 
recently.

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Gil 
  KirkpatrickSent: Tuesday, November 08, 2005 11:43 PMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Netlogon.dns 
  (2)
  
  Were the entries dropped off the end of the file, or were 
  they missing from the middle? Any pattern to the entries that were 
  missing?
   
  -gil
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. 
  Simon-WeidnerSent: Tuesday, November 08, 2005 3:36 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Netlogon.dns 
  (2)
  
  
  Instead of hijacking another thread I'm going to start my own ;)
  
  What I've seen recently and was pretty surprised: A customer of mine had 
  incomplete netlogon.dns-files, they had some of the records which were 
  supposed to be there but not all. On some DCs about 50% of the netlogon.dns 
  was missing.
  
  Really bad about this is that the tools like dcdiag only test the content 
  of the netlogon.dns against the DNS-Service, and that the netlogon-process 
  does not check the content of the netlogon.dns without any changes unless the 
  file is missing. So the customer had missing DNS-Informations for ages and 
  never noticed it - not everyone is digging around in DNS and knows what's 
  supposed to be there ;)
  
  DCs were W2k SP4.
  
  Anyone seen this before? OK - I've already fixed it by renaming 
  netlogon.dns and restarting netlogon, but I'm curious if anyone has ideas 
  where this might come from and if anyone has seen it before.
  Gruesse - Sincerely, 
  
  Ulf B. Simon-Weidner 
    MVP-Book "Windows XP - Die 
  Expertentipps": http://tinyurl.com/44zcz  Weblog: 
  http://msmvps.org/UlfBSimonWeidner  
  Website: http://www.windowsserverfaq.org 
   

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread Eric Fleischman 








I would have SWORN there was an issue in
this code path, but the details escaped me.

So I pinged Steve offline who remembered
the details…..basically, it’s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395

 

So that could be what you’re
hitting.

 

With some more details, we might be able
to diagnose it if it is something else. But we might need to debug it to know
for sure.

 

~Eric

 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005
2:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Netlogon.dns (2)



 

Were the entries dropped off the end of
the file, or were they missing from the middle? Any pattern to the entries that
were missing?

 

-gil

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005
3:36 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Netlogon.dns
(2)



Instead
of hijacking another thread I'm going to start my own ;)

What I've
seen recently and was pretty surprised: A customer of mine had incomplete
netlogon.dns-files, they had some of the records which were supposed to be
there but not all. On some DCs about 50% of the netlogon.dns was missing.

Really
bad about this is that the tools like dcdiag only test the content of the
netlogon.dns against the DNS-Service, and that the netlogon-process does not
check the content of the netlogon.dns without any changes unless the file is
missing. So the customer had missing DNS-Informations for ages and never
noticed it - not everyone is digging around in DNS and knows what's supposed to
be there ;)

DCs were
W2k SP4.

Anyone
seen this before? OK - I've already fixed it by renaming netlogon.dns and
restarting netlogon, but I'm curious if anyone has ideas where this might come
from and if anyone has seen it before.



Gruesse
- Sincerely, 

Ulf
B. Simon-Weidner 

 
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
  Weblog: http://msmvps.org/UlfBSimonWeidner
  Website: http://www.windowsserverfaq.org




 

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread Ulf B. Simon-Weidner 



Thanks ~eric and David,
 
It wasn't as consistent as I would assume the behaviour of that 
hotfix.
 
Additionally the KB has an error - the Workaround won't work since 
netlogon.dns is not being rebuild if it exists when you restart netlogon. The 
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart the 
netlogon-service.
 
Debugging may be possible, however I fixed the issue couple weeks ago 
since they are going to consolidate a domain into the one with the issues, and 
they had major performance issues and some kindergarden-errors in the design. I 
had to fix it asap to increase performance and to enable them to carry on with 
the domain consolidation.
 
It's not that they need to get it fixed now - I'm mainly curious why it 
happened.
 
Ulf

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Eric 
  FleischmanSent: Wednesday, November 09, 2005 12:03 AMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Netlogon.dns 
  (2)
  
  
  I would have SWORN 
  there was an issue in this code path, but the details escaped 
  me.
  So I pinged Steve 
  offline who remembered the details…..basically, it’s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
   
  So that could be what 
  you’re hitting.
   
  With some more 
  details, we might be able to diagnose it if it is something else. But we might 
  need to debug it to know for sure.
   
  ~Eric
   
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Gil 
  KirkpatrickSent: Tuesday, 
  November 08, 2005 2:43 PMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Netlogon.dns 
  (2)
   
  Were the entries 
  dropped off the end of the file, or were they missing from the middle? Any 
  pattern to the entries that were missing?
   
  -gil
   
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Ulf B. 
  Simon-WeidnerSent: Tuesday, 
  November 08, 2005 3:36 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Netlogon.dns 
  (2)
  
  Instead 
  of hijacking another thread I'm going to start my own 
  ;)
  What I've 
  seen recently and was pretty surprised: A customer of mine had incomplete 
  netlogon.dns-files, they had some of the records which were supposed to be 
  there but not all. On some DCs about 50% of the netlogon.dns was 
  missing.
  Really 
  bad about this is that the tools like dcdiag only test the content of the 
  netlogon.dns against the DNS-Service, and that the netlogon-process does not 
  check the content of the netlogon.dns without any changes unless the file is 
  missing. So the customer had missing DNS-Informations for ages and never 
  noticed it - not everyone is digging around in DNS and knows what's supposed 
  to be there ;)
  DCs were 
  W2k SP4.
  Anyone 
  seen this before? OK - I've already fixed it by renaming netlogon.dns and 
  restarting netlogon, but I'm curious if anyone has ideas where this might come 
  from and if anyone has seen it before.
  Gruesse - 
  Sincerely, 
  Ulf B. Simon-Weidner 
  
    MVP-Book "Windows XP - Die Expertentipps": 
  http://tinyurl.com/44zcz  Weblog: 
  http://msmvps.org/UlfBSimonWeidner  
  Website: http://www.windowsserverfaq.org 
  
  
   

RE: [ActiveDir] Exchange server 2003

2005-11-08 Thread Derek Harris 
... unless, of course, you intend to use it as a honeypot.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, November 08, 2005 11:35 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Exchange server 2003

Man I'm hoping there's IPsec running on that server because sir, you
need a firewall in front of that box, and you need it fast.


Derek Harris wrote:
> !!??Que??!!
>
>

> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Abdul
> *Sent:* Tuesday, November 08, 2005 11:07 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Exchange server 2003
>
> Thanks
>
> My server is directly connected to internet through consumer cable No 
> firewall.
>
>  
>
>

>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Brian
Desmond
> *Sent:* Tuesday, November 08, 2005 12:53 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Exchange server 2003
>
>  
>
> **Have you opened tcp25 inbound on your firewall to the Exchange 
> server? You need this for other SMTP servers to communicate with you. 
> If this is a consumer class of cable, it's also possible they shutdown

> inbound smtp globally in which case you'll have to give them a ring to

> see if they'll open it for you. **
>
>  
>
> **Thanks,***
> **Brian Desmond***
>
> [EMAIL PROTECTED] 
>
>  
>
> **c - 312.731.3132**
>
>  
>
>  
>
>  
>
>  
>
>

>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Abdul
> *Sent:* Tuesday, November 08, 2005 12:30 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Exchange server 2003
>
> Hi,
>
> I have setup exchange 2003 servers on ms and dc. Both connected to 
> internet by cable. I can send and receive e.mail locally/internally. I

> can also send e.mail to external address. But I can not receive e.mail

> from external address. Any suggestion
>
> Check from dnsreport is as under
>
> http://dnsreport.com/tools/dnsreport.ch?domain=eitlink.com
>
>  I am not sure how to correct the problem mentioned at the end of the 
> report.
>
> Thanks
>
> Ranga
>

-- 

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Improving your AD's fault tolerance with old hardware?

2005-11-08 Thread Danny 
Correct me if I am wrong, but assuming the more DC's you have in your
forest, the more fault tolerant your Active Directory will become, is
it therefore worth it to use retired, possibly out of (hardware)
warranty servers or workstations for this purpose if you are
budget-less (to purchase new servers)? In this case, I am referring to
orgs with 20-200 AD users.

How about GC's and other related AD roles and critical software based
services?  Same deal?

Thank you,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread David Adner 



In my experience the behavior noted in the KB was fairly 
inconsistent.  Some DC's would be fine, but then miss records on the next 
reboot.  The records in question would also vary.
 
As for the workaround, it's probably less than ideal since 
you're right, simply restarting the Netlogon service doesn't always rebuild the 
netlogon.dns/dnb files.  However, it does sometimes, so it's not completely 
wrong, either.
 
I would at least rule out the known issue if you 
can by installing the hotfix on a test system(s) that's experiencing the 
issue.  Or, depending on the files in question, it's possible your DC's 
already have the updated files via other hotfixes.

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. 
  Simon-WeidnerSent: Tuesday, November 08, 2005 5:35 PM To: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Netlogon.dns 
  (2)
  
  Thanks ~eric and David,
   
  It wasn't as consistent as I would assume the behaviour of that 
  hotfix.
   
  Additionally the KB has an error - the Workaround won't work since 
  netlogon.dns is not being rebuild if it exists when you restart netlogon. The 
  Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart 
  the netlogon-service.
   
  Debugging may be possible, however I fixed the issue couple weeks ago 
  since they are going to consolidate a domain into the one with the issues, and 
  they had major performance issues and some kindergarden-errors in the design. 
  I had to fix it asap to increase performance and to enable them to carry on 
  with the domain consolidation.
   
  It's not that they need to get it fixed now - I'm mainly curious why it 
  happened.
   
  Ulf
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Eric 
FleischmanSent: Wednesday, November 09, 2005 12:03 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: 
[ActiveDir] Netlogon.dns (2)


I would have SWORN 
there was an issue in this code path, but the details escaped 
me.
So I pinged Steve 
offline who remembered the details…..basically, it’s this: http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395
 
So that could be 
what you’re hitting.
 
With some more 
details, we might be able to diagnose it if it is something else. But we 
might need to debug it to know for sure.
 
~Eric
 
 




From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Tuesday, 
November 08, 2005 2:43 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Netlogon.dns 
(2)
 
Were the entries 
dropped off the end of the file, or were they missing from the middle? Any 
pattern to the entries that were missing?
 
-gil
 



From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. 
Simon-WeidnerSent: 
Tuesday, November 08, 2005 3:36 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Netlogon.dns 
(2)

Instead 
of hijacking another thread I'm going to start my own 
;)
What 
I've seen recently and was pretty surprised: A customer of mine had 
incomplete netlogon.dns-files, they had some of the records which were 
supposed to be there but not all. On some DCs about 50% of the netlogon.dns 
was missing.
Really 
bad about this is that the tools like dcdiag only test the content of the 
netlogon.dns against the DNS-Service, and that the netlogon-process does not 
check the content of the netlogon.dns without any changes unless the file is 
missing. So the customer had missing DNS-Informations for ages and never 
noticed it - not everyone is digging around in DNS and knows what's supposed 
to be there ;)
DCs 
were W2k SP4.
Anyone 
seen this before? OK - I've already fixed it by renaming netlogon.dns and 
restarting netlogon, but I'm curious if anyone has ideas where this might 
come from and if anyone has seen it 
before.
Gruesse - 
Sincerely, 
Ulf B. Simon-Weidner 

  MVP-Book "Windows XP - Die Expertentipps": 
http://tinyurl.com/44zcz  Weblog: 
http://msmvps.org/UlfBSimonWeidner  
Website: http://www.windowsserverfaq.org 


 

RE: [ActiveDir] Unreadable Netlogon.dns file

2005-11-08 Thread Rachui, Scott 
I apologize for being away for so long.  I think we figured out the
problem.  We were accidentally running the 32-bit version of NETDIAG
instead of the 64-bit version (talk about egg on my face!).  When we put
the newest version of NETDIAG in place and the error went away.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Monday, November 07, 2005 4:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unreadable Netlogon.dns file

Since you are saying the file is there but netdiag can't see it.
If I were a betting man, I would say for some reason the context under
which netdiag is running does not have perms to read the file. The code
in question does an fopen() on it with parameters "rt". I suspect,
though don't know, that permissions is the likely problem. :) It usually
is with other calls such as this one.

If you want, let's take this offline. We can report back to the list
with the result.
I can debug this for you if you're willing?

~Eric



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott
Sent: Monday, November 07, 2005 1:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unreadable Netlogon.dns file

I have just verified that I have the latest version of Netdiag
(5.2.3790.0).  As for the netlogon.dns file, I have verified it.  In
fact, I renamed it, restarted netlogon service and it recreated it
correctly.

I'm running this from a terminal server session on the box itself.  I
haven't tried running it remotely.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, November 07, 2005 2:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unreadable Netlogon.dns file

I *think* there was an updated version of netdiag that came out.  It
might 
be useful to ensure you have the latest.

Also, have you verified that the file exists?

If neither of those relates, can you give some more information?  Are
you 
running this remotely from your desktop?  From the console? Same results

regardless?

Al



>From: "Rachui, Scott" <[EMAIL PROTECTED]>
>Reply-To: ActiveDir@mail.activedir.org
>To: ActiveDir@mail.activedir.org
>Subject: [ActiveDir] Unreadable Netlogon.dns file
>Date: Mon, 07 Nov 2005 14:20:14 -0600
>
>I have a very odd problem.  I am testing Windows 2003 Active Directory
>(running in W2K Native Mode) and on the W2K3 DCs, I get the following
>message when running NETDIAG:
>
>DNS test . . . . . . . . . . . . . : Failed
> [FATAL] Could not open file C:\WINNT\system32\config\netlogon.dns
>for reading.
> [FATAL] Could not open file C:\WINNT\system32\config\netlogon.dns
>for reading.
> [FATAL] Could not open file C:\WINNT\system32\config\netlogon.dns
>for reading.
> [FATAL] No DNS servers have the DNS records for this DC
registered.
>
>I have checked security on the 2 W2K3 DCs (which are in different
>domains, but are both experiencing this), but can't find any permission
>that they're missing.
>
>Any help with this would be much appreciated.
>
>Thanks!
>
>Scott
>
>List info   : http://www.activedir.org/List.aspx
>List FAQ: http://www.activedir.org/ListFAQ.aspx
>List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Directory Experts Conference 2006 call for presentations

2005-11-08 Thread Gil Kirkpatrick 
Title: Directory Experts Conference 2006 call for presentations






Greetings list-members…


DEC 2006 is coming up in March, and I'd like to extend this invitation to you to submit a proposal for a presentation.


For those who have not attended DEC before, it is a technology conference focused on MSFT Identity and Access technologies, including AD, ADFS, MIIS, InfoCard, and AZMAN. The typical attendee is an AD or MIIS architect or engineer, usually from a large enterprise deployment, with at least a couple of years of AD experience under their belt.

We will also be hosting a "Masters Track" for AD, targeting the true AD gear-heads (think joe, Dean, and Guido, and you get the idea).

The conference is in Vegas March 26-29, and promises to be a lot of fun, with great sessions and speakers, and loads of networking opportunities.

Feel free to send your proposals to me, or submit them through the DEC web site, www.dec2006.com/callforpapers.cfm.


And remember, be excellent to each other, and party on, dudes.


-gil


Gil Kirkpatrick

CTO, NetPro


Don''t miss the Directory Experts Conference 2006. More information at www.dec2006.com.

RE: [ActiveDir] Directory Experts Conference 2006 call for presentations

2005-11-08 Thread Brian Desmond 
Title: Directory Experts Conference 2006 call for presentations



The first two times, I read 
"DEC 2006 is coming up in March..." and I'm thinking WTF is this dude telling me 
December 2006 is coming up in March?? 
 
Thanks,Brian Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Tuesday, November 08, 2005 7:02 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Directory Experts 
Conference 2006 call for presentations

Greetings list-members… 
DEC 2006 is coming up in March, and I'd like to 
extend this invitation to you to submit a proposal for a presentation. 

For those who have not attended DEC before, it is a 
technology conference focused on MSFT Identity and Access technologies, 
including AD, ADFS, MIIS, InfoCard, and AZMAN. The typical attendee is an AD or 
MIIS architect or engineer, usually from a large enterprise deployment, with at 
least a couple of years of AD experience under their belt.
We will also be hosting a "Masters Track" for AD, 
targeting the true AD gear-heads (think joe, Dean, and Guido, and you get the 
idea).
The conference is in Vegas March 26-29, and promises 
to be a lot of fun, with great sessions and speakers, and loads of networking 
opportunities.
Feel free to send your proposals to me, or submit 
them through the DEC web site, www.dec2006.com/callforpapers.cfm. 
And remember, be excellent to each other, and party 
on, dudes. 
-gil 
Gil Kirkpatrick CTO, NetPro 
Don''t miss the Directory Experts Conference 2006. 
More information at www.dec2006.com.

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread deji 
IIRC, Guido had his fingers in that KB. I think we discussed the issue
shortly before the KB came out and we agreed [1] to disagree (as usual) that
making netlogon dependent on DNS is an effective solution to this problem.
 
[1] I can swear to the veracity of the "agreed" part, but I tried ;-p

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of David Adner
Sent: Tue 11/8/2005 3:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)


In my experience the behavior noted in the KB was fairly inconsistent.  Some
DC's would be fine, but then miss records on the next reboot.  The records in
question would also vary.
 
As for the workaround, it's probably less than ideal since you're right,
simply restarting the Netlogon service doesn't always rebuild the
netlogon.dns/dnb files.  However, it does sometimes, so it's not completely
wrong, either.
 
I would at least rule out the known issue if you can by installing the hotfix
on a test system(s) that's experiencing the issue.  Or, depending on the
files in question, it's possible your DC's already have the updated files via
other hotfixes.




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 5:35 PM 
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)


Thanks ~eric and David,
 
It wasn't as consistent as I would assume the behaviour of that
hotfix.
 
Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart
the netlogon-service.
 
Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues,
and they had major performance issues and some kindergarden-errors in the
design. I had to fix it asap to increase performance and to enable them to
carry on with the domain consolidation.
 
It's not that they need to get it fixed now - I'm mainly curious why
it happened.
 
Ulf




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Wednesday, November 09, 2005 12:03 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)



I would have SWORN there was an issue in this code path, but
the details escaped me.

So I pinged Steve offline who remembered the
details.basically, it's this:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395

 

So that could be what you're hitting.

 

With some more details, we might be able to diagnose it if it
is something else. But we might need to debug it to know for sure.

 

~Eric

 

 





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005 2:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)

 

Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were missing?

 

-gil

 





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 3:36 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Netlogon.dns (2)

Instead of hijacking another thread I'm going to start my own
;)

What I've seen recently and was pretty surprised: A customer
of mine had incomplete netlogon.dns-files, they had some of the records which
were supposed to be there but not all. On some DCs about 50% of the
netlogon.dns was missing.

Really bad about this is that the tools like dcdiag only test
the content of the netlogon.dns against the DNS-Service, and that the
netlogon-process does not check the content of the netlogon.dns without any
changes unless the file is missing. So the customer had missing
DNS-Informations for ages and never noticed it - not everyone is digging
around in DNS and knows what's

RE: [ActiveDir] Netlogon.dns (2)

2005-11-08 Thread deji 
OK, that should read:
 
[1] I can'T swear to the veracity...blah.blah
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Deji Akomolafe
Sent: Tue 11/8/2005 4:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)



IIRC, Guido had his fingers in that KB. I think we discussed the issue
shortly before the KB came out and we agreed [1] to disagree (as usual) that
making netlogon dependent on DNS is an effective solution to this problem.

[1] I can swear to the veracity of the "agreed" part, but I tried ;-p

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of David Adner
Sent: Tue 11/8/2005 3:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)


In my experience the behavior noted in the KB was fairly inconsistent.  Some
DC's would be fine, but then miss records on the next reboot.  The records in
question would also vary.

As for the workaround, it's probably less than ideal since you're right,
simply restarting the Netlogon service doesn't always rebuild the
netlogon.dns/dnb files.  However, it does sometimes, so it's not completely
wrong, either.

I would at least rule out the known issue if you can by installing the hotfix
on a test system(s) that's experiencing the issue.  Or, depending on the
files in question, it's possible your DC's already have the updated files via
other hotfixes.




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 5:35 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)
   
   
Thanks ~eric and David,

It wasn't as consistent as I would assume the behaviour of that
hotfix.

Additionally the KB has an error - the Workaround won't work since
netlogon.dns is not being rebuild if it exists when you restart netlogon. The
Workaround should read as 1. rename netlogon.dns to netlogon.bak, 2. restart
the netlogon-service.

Debugging may be possible, however I fixed the issue couple weeks ago
since they are going to consolidate a domain into the one with the issues,
and they had major performance issues and some kindergarden-errors in the
design. I had to fix it asap to increase performance and to enable them to
carry on with the domain consolidation.

It's not that they need to get it fixed now - I'm mainly curious why
it happened.

Ulf




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Wednesday, November 09, 2005 12:03 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)
   
   

I would have SWORN there was an issue in this code path, but
the details escaped me.

So I pinged Steve offline who remembered the
details.basically, it's this:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;841395



So that could be what you're hitting.



With some more details, we might be able to diagnose it if it
is something else. But we might need to debug it to know for sure.



~Eric





   



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Tuesday, November 08, 2005 2:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Netlogon.dns (2)



Were the entries dropped off the end of the file, or were
they missing from the middle? Any pattern to the entries that were missing?



-gil



   



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner
Sent: Tuesday, November 08, 2005 3:36 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Netlogon.dns (2)

Instead of hijacking another thread I'm going to start my own
;)

What I've seen recently and was pretty surprised: A customer
of mine had incomplete netlogon.dns-files, they had some of the records which
were supposed to be

RE: [ActiveDir] Directory Experts Conference 2006 call for presentations

2005-11-08 Thread Gil Kirkpatrick 
Title: Directory Experts Conference 2006 call for presentations








J

 

-gil

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Tuesday, November 08, 2005
5:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Directory
Experts Conference 2006 call for presentations



 

The first two
times, I read "DEC 2006 is coming up in March..." and I'm thinking
WTF is this dude telling me December 2006 is coming up in March?? 



 



Thanks,
Brian
Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 



 



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil
 Kirkpatrick
Sent: Tuesday, November 08, 2005
7:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Directory
Experts Conference 2006 call for presentations

Greetings
list-members… 

DEC
2006 is coming up in March, and I'd like to extend this invitation to you to
submit a proposal for a presentation. 

For
those who have not attended DEC before, it is a technology conference focused
on MSFT Identity and Access technologies, including AD, ADFS, MIIS, InfoCard,
and AZMAN. The typical attendee is an AD or MIIS architect or engineer, usually
from a large enterprise deployment, with at least a couple of years of AD
experience under their belt.

We
will also be hosting a "Masters Track" for AD, targeting the true AD
gear-heads (think joe, Dean, and Guido, and you get the idea).

The
conference is in Vegas March 26-29, and promises to be a lot of fun, with great
sessions and speakers, and loads of networking opportunities.

Feel
free to send your proposals to me, or submit them through the DEC web site, www.dec2006.com/callforpapers.cfm.


And
remember, be excellent to each other, and party on, dudes. 

-gil


Gil Kirkpatrick 
CTO,
NetPro 

Don''t miss the Directory Experts Conference 2006. More
information at www.dec2006.com.

RE: [ActiveDir] Improving your AD's fault tolerance with old hardware?

2005-11-08 Thread Ed Crowley [MVP] 
I remember back in the days of our old 3500-user NT 4.0 domain, back when I
ran an administration group.  We had a nice ProLiant server that was a 486.
We only had one of those.  But because it was manageable through Insight
Agents, we decided to keep it and made it our PDC, since it wasn't terribly
useful for anything else.  We figured that if it were to die, we'd just junk
it and promote another server.  It never did die while I was there, and it
performed fine.

So, although the hardware sales guys at my current employer would crucify me
for saying this, I can't disagree with your approach.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Tuesday, November 08, 2005 3:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Improving your AD's fault tolerance with old hardware?

Correct me if I am wrong, but assuming the more DC's you have in your
forest, the more fault tolerant your Active Directory will become, is it
therefore worth it to use retired, possibly out of (hardware) warranty
servers or workstations for this purpose if you are budget-less (to purchase
new servers)? In this case, I am referring to orgs with 20-200 AD users.

How about GC's and other related AD roles and critical software based
services?  Same deal?

Thank you,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Hardware Suggestions

2005-11-08 Thread ASB 
> Like I said, I wouldn't want it today for an enterprise class machine (large
> centralized enterprise for clarification, where >1000 people concurrently
> rely on it for business critical service).

Fair enough...  :)


-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/


On 11/8/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> Agreed. That bit of history is exactly what I was thinking as I wrote that.
> Those things that today are not enterprise ready, may be tomorrow. Not sure
> if the thing has to change or if my perception of the "enterprise" does, but
> change is constant ;)
>
> Like I said, I wouldn't want it today for an enterprise class machine (large
> centralized enterprise for clarification, where >1000 people concurrently
> rely on it for business critical service).
>
> -ajm
>
>
> >From: ASB <[EMAIL PROTECTED]>
> >Reply-To: ActiveDir@mail.activedir.org
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Hardware Suggestions
> >Date: Tue, 8 Nov 2005 08:13:22 -0500
> >
> >~
> >I don't have a problem with SATA (an upgrade from PATA) if used as
> >designed.
> >It's designed for desktop storage.  Not that it can't be adjusted to
> >server/enterprise, but it's price point and architecture are intended for
> >desktops (i.e. cheap but not as reliable as a shared resource).
> >~
> >
> >Depends on the size of the "enterprise"
> >
> >SATA has its place in the server segments of smaller orgs for sure.
> >It's not too long ago that Windows and Intel processors were
> >considered "not designed for the enterprise"...
> >
> >
> >-ASB
> >  FAST, CHEAP, SECURE: Pick Any TWO
> >  http://www.ultratech-llc.com/KB/
> >
> >
> >On 11/7/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
> > > That's a desktop user? The apple desktop?
> > >
> > > I don't have a problem with SATA (an upgrade from PATA) if used as
> >designed.
> > > It's designed for desktop storage.  Not that it can't be adjusted to
> > > server/enterprise, but it's price point and architecture are intended
> >for
> > > desktops (i.e. cheap but not as reliable as a shared resource).
> > >
> > > Used appropriately, I'm quite happy with it.  But it's intended to be
> >cheap
> > > and replaceable.
> > >
> > > Cheap, fast, reliable - pick two (or something like that ;)
> > >
> > > That shouldn't last if history is any indication, but for now I'll try
> >not
> > > to build too many centrally required applications on that technology
> >unless
> > > I can put a lot of abstraction in front of it (large pools that aren't
> > > bothered by the loss of several components at a time.)
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > >From: "Rob MOIR" <[EMAIL PROTECTED]>
> > > >Reply-To: ActiveDir@mail.activedir.org
> > > >To: ,
> > > >Subject: RE: [ActiveDir] Hardware Suggestions
> > > >Date: Mon, 7 Nov 2005 18:36:10 -
> > > >
> > > >I've deployed SATA for storage of large files in Apple XRaid units in a
> > > >Raid 5+1 config, and so far so good. Ask me in 3 years if I'm still
> >just as
> > > >happy ;-) but it was the only way to give the user what they wanted
> >inside
> > > >the budget we had.
> > > >
> > > >One advantage of the XRaid is that it's fitted out from the get go to
> >use
> > > >SATA disks and the only reason you'd ever have to do anything to it is
> >to
> > > >replace a drive that you already know has gone bad.
> > > >
> > > >
> > > >-Original Message-
> > > >From: [EMAIL PROTECTED] on behalf of Al Mulnick
> > > >Sent: Mon 07/11/2005 17:34
> > > >To: ActiveDir@mail.activedir.org
> > > >Subject: Re: [ActiveDir] Hardware Suggestions
> > > >
> > > >
> > > >SATA == Desktop drives.
> > > >
> > > >They weren't originally concepted to be enterprise class storage.  I
> >see
> > > >them as being back-engineered to be used this way, but most of what
> >I've
> > > >seen has been to deploy them as a JBOD in situations where you can
> >absorb
> > > >the continuous loss of hardware and not impact performance and
> > > >availability.
> > > >   Typically in pools of disk and hsm solutions (what is it that hsm is
> > > >called now? ILM? :)
> > > >
> > > >If you plan to deploy DAS solutions (internal or external), SATA is not
> > > >likely the way to go right now.  You may want to wait a bit longer if
> >the
> > > >data is important.
> > > >
> > > >
> > > >For large pools of inexpensive disks, SATA might be worthwhile to
> > > >investigate if you have a large loading bay, a good support agreement,
> >and
> > > >close access to the highway.
> > > >
> > > >-ajm
> > > >
> > > >
> > > >
> > > > >From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
> > > > ><[EMAIL PROTECTED]>
> > > > >Reply-To: ActiveDir@mail.activedir.org
> > > > >To: ActiveDir@mail.activedir.org
> > > > >Subject: Re: [ActiveDir] Hardware Suggestions
> > > > >Date: Mon, 07 Nov 2005 09:13:19 -0800
> > > > >
> > > > >
> > > > >
> > > > >I personally have SATA experience in the tower/desktop world but none
>

RE: [ActiveDir] Improving your AD's fault tolerance with old hardware?

2005-11-08 Thread Tony Murray 
I'd go along with Ed here.  I can't see too much risk with this approach.  I
wouldn't assign any of the FSMO roles to the old hardware DC, simply because
of the hassle in seizing the roles elsewhere in the event of a severe
hardware failure.   No problem with making the DC as GC though.

Another option to consider is setting up a lag site with the old hardware
DC.  This can be useful for some recovery scenarios as well as the safe
introduction of schema changes.  Search the list archive for recent posts on
the lag site concept.

It is important to ensure that whatever hardware you use is sufficient for
the task.  There are published minimum requirements for Windows Server 2003,
but you should also determine what is the minimum required for your own
environment.  A scenario I have in mind is if you have Exchange 2003 running
in your environment you perhaps don't want it to be using an old DC/GC
that's running like a dog. :-)

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Wednesday, 9 November 2005 2:59 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Improving your AD's fault tolerance with old
hardware?

I remember back in the days of our old 3500-user NT 4.0 domain, back when I
ran an administration group.  We had a nice ProLiant server that was a 486.
We only had one of those.  But because it was manageable through Insight
Agents, we decided to keep it and made it our PDC, since it wasn't terribly
useful for anything else.  We figured that if it were to die, we'd just junk
it and promote another server.  It never did die while I was there, and it
performed fine.

So, although the hardware sales guys at my current employer would crucify me
for saying this, I can't disagree with your approach.

Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: Tuesday, November 08, 2005 3:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Improving your AD's fault tolerance with old hardware?

Correct me if I am wrong, but assuming the more DC's you have in your
forest, the more fault tolerant your Active Directory will become, is it
therefore worth it to use retired, possibly out of (hardware) warranty
servers or workstations for this purpose if you are budget-less (to purchase
new servers)? In this case, I am referring to orgs with 20-200 AD users.

How about GC's and other related AD roles and critical software based
services?  Same deal?

Thank you,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Improving your AD's fault tolerance with old hardware?

2005-11-08 Thread Ulf B. Simon-Weidner 
Hi Danny,

I also agree that using not state-of-the-art hardware is better than missing 
redundancy.

I've done multiple lag-site dcs virtualized on one physical hardware, used 
clients or virtual machines for domain migrations as the update server, and 
would also recommend to use better older hardware for an additional DC than 
just using a single DC.

It's always the game of defining how much money to spend to get what level of 
redundancy. Is it likely that you have a AD failure _and_ the old hardware 
decides to pay the dept of nature?

What I'd make sure:
- primarily keep the users on the better hardware using the SRV-Record 
priorities
- define how long it'll take you to fix the better DC in case of an failure
- evaluate how many users need to be supported working in the office 
(-holidays, mobile users,...)
- make sure that the old hardware is able to support those users for the time 
defined above, if not look if you are able to get more DC or upgrade something 
e.g. RAM until the hardware would be able to support your business

Bottom point - you don't want the old hardware failing b/c of being badly 
scaled and that it'll only fail if the primary DC is going down.

My 0,02€

Ulf

|-Original Message-
|From: [EMAIL PROTECTED] 
|[mailto:[EMAIL PROTECTED] On Behalf Of Danny
|Sent: Wednesday, November 09, 2005 12:50 AM
|To: ActiveDir@mail.activedir.org
|Subject: [ActiveDir] Improving your AD's fault tolerance with 
|old hardware?
|
|Correct me if I am wrong, but assuming the more DC's you have 
|in your forest, the more fault tolerant your Active Directory 
|will become, is it therefore worth it to use retired, possibly 
|out of (hardware) warranty servers or workstations for this 
|purpose if you are budget-less (to purchase new servers)? In 
|this case, I am referring to orgs with 20-200 AD users.
|
|How about GC's and other related AD roles and critical 
|software based services?  Same deal?
|
|Thank you,
|
|...D
|List info   : http://www.activedir.org/List.aspx
|List FAQ: http://www.activedir.org/ListFAQ.aspx
|List archive: 
|http://www.mail-archive.com/activedir%40mail.activedir.org/
|


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Improving your AD's fault tolerance with old hardware?

2005-11-08 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
As the terrible lurker that I am and representing the around 20ish AD 
crowd the SBS support crew in Los Colinas actually report that in their 
setups they throw a Virtual Server on a beefy workstation, load up a 
server OS and have the additional domain controller there in a virtual 
setting to set up redundancy.


Now just given that I finally migrated over to my 'hacked to join a 
domain, I don't need no Xbox Extenders thank you very much MCE" that has 
2 gig of RAM I might try it out here at home.


Ulf B. Simon-Weidner wrote:


Hi Danny,

I also agree that using not state-of-the-art hardware is better than missing 
redundancy.

I've done multiple lag-site dcs virtualized on one physical hardware, used 
clients or virtual machines for domain migrations as the update server, and 
would also recommend to use better older hardware for an additional DC than 
just using a single DC.

It's always the game of defining how much money to spend to get what level of 
redundancy. Is it likely that you have a AD failure _and_ the old hardware 
decides to pay the dept of nature?

What I'd make sure:
- primarily keep the users on the better hardware using the SRV-Record 
priorities
- define how long it'll take you to fix the better DC in case of an failure
- evaluate how many users need to be supported working in the office 
(-holidays, mobile users,...)
- make sure that the old hardware is able to support those users for the time 
defined above, if not look if you are able to get more DC or upgrade something 
e.g. RAM until the hardware would be able to support your business

Bottom point - you don't want the old hardware failing b/c of being badly 
scaled and that it'll only fail if the primary DC is going down.

My 0,02€

Ulf

|-Original Message-
|From: [EMAIL PROTECTED] 
|[mailto:[EMAIL PROTECTED] On Behalf Of Danny

|Sent: Wednesday, November 09, 2005 12:50 AM
|To: ActiveDir@mail.activedir.org
|Subject: [ActiveDir] Improving your AD's fault tolerance with 
|old hardware?

|
|Correct me if I am wrong, but assuming the more DC's you have 
|in your forest, the more fault tolerant your Active Directory 
|will become, is it therefore worth it to use retired, possibly 
|out of (hardware) warranty servers or workstations for this 
|purpose if you are budget-less (to purchase new servers)? In 
|this case, I am referring to orgs with 20-200 AD users.

|
|How about GC's and other related AD roles and critical 
|software based services?  Same deal?

|
|Thank you,
|
|...D
|List info   : http://www.activedir.org/List.aspx
|List FAQ: http://www.activedir.org/ListFAQ.aspx
|List archive: 
|http://www.mail-archive.com/activedir%40mail.activedir.org/

|


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/