RE: [ActiveDir] Quick AD integrated DNS question :)
There seems to be a little confusion in this thread :) 1. Application Directory Partitions (ADP) are used to store AD data, which can then be replicated to a user defined subset of DCs - anywhere in the forest. They are not used for GC-less logons. (See point 2). DNS zones for example, can be stored in ADPs rather than the domain partitions themselves. 2. GC-less logons are possible if the DC at the site (with no GC) is configured to cache universal group membership info from another GC in another site. This does not mean however, that all GC traffic may be handled by the caching DC. Any GAL lookups etc must still be directed to a GC in the forest. The only advantage here, is that a GC is no longer required at logon WRT universal group membership (if caching is enabled for the site with no GC). HTH, Neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 16 July 2003 04:04 Subject: [ActiveDir Digest] - From: Rogers, Brian [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Date: Mon, 14 Jul 2003 23:00:08 -0400 Reply-To: [EMAIL PROTECTED] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_001_01C34A7D.3356F490 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Good info there...answered one of a number of questions I also had...although you did add a few more. :-) =20 -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) =20 Hey Deji, slap a smiley face on that post or a disclaimer about sarcasm = and email not mixing like beer and liquor or something that. :o) =20 I am confused by the app partition making it possible to do GC-less = remote sites... I could take that a couple of ways but app partitions wouldn't = have anything to do with either. A GC-less site is simply a site without a = GC, the machines that need a GC would still be able to find one, just = wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV = record, that will show you what GC(s) will be used for any given site. If a = site doesn't have a GC in it, auto site coverage will kick in and some other = DC based on link metrics and the phase of the moon (humor!!) will = determine what DC publishes to that record.=20 =20 The other way to take that would be the GC-less logon capability that = W2K3 has added. That also doesn't rely on app partitions. It adds an = attribute or two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have = universal groups you are using (especially to deny) and you aren't using UPN's. = On W2K we actually now only run about 30 GC's out of our 380 or so DC's and = have enabled the IgnoreGCFailures reg hack because we are lucky like that = and can get away with it.=20 =20 Finally app partitions aren't replicated to every DC in a domain. You = select where you want to replicate that info to, otherwise there would be no = point in it, might as well just throw the data into the config or domain partitions.=20 =20 joe =20 =20 -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf = Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with = no help. =20 Hint:=20 Application partition is the new partion in E2K3 which, in addtion to = The Domain, Configuration and Schema Partitions now make up the AD database = in E2K3. =20 It is this change that makes it possible now to deploy GC-less Remote = Sites. The Application Partition is SHARED(replicated) to ALL DCs in the = Domain, including designated DCs in the Forest. =20 =20 Sincerely, D=E8j=EC Ak=F3m=F6l=E1f=E9, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon =20 _ =20 From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? =20 Gotta link? Book? Paper? Smokesignal? Morse? :-) =20 -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) =20 This would be correct. But, remember that in the replication strategy = for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I would think that the connectivity enhancements for E2k3 would outweigh the AD enhancements in Win2k3 for Exchange server placement. IIRC, you said you're running multiple remote sites with 100 users each. Depending on the load those users put on Exchange, I could see that being either handled by a front end/back end pair, with only the front end in their site, or just leveraging the Outlook 2k3 caching mode and not bother with the front end. I agree though that fewer Exchange servers should be possible, but I'd let Exchange drive the GC placement more than I'd let GCs drive Exchange placement. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:54 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) One question on that. Dealing with the GC-Less sites. I know that Exchange2k relies heavily on GCs during their day to day processes. Would perhaps E2k3 be more suited to this environment than E2k? Or has this reliance on a local GC followed on to E2k3 Heh..I guess this kinda wandered off on an even broader tangent eh? Server consolidation is a hot topic as of late, if at all possible, NOT putting an Exchange site and GC and DC and DNS server at each location would be a large plus J -Original Message-From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:50 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dj Akmlf, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Clarification and obfuscation while you wait. Password lockout tracing takes a little longer... :o) What are the new questions? I'm always looking to learn new things or at least learn what things I should be asking about. :oP -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 11:00 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Good info there...answered one of a number of questions I also had...although you did add a few more. J -Original Message-From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:22 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Hey Deji, slap a smiley face on that postor a disclaimer about sarcasm and email not mixing likebeer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It addsan attributeor two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, July 14, 2003 4:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent
RE: [ActiveDir] Quick AD integrated DNS question :)
No problem Deji. Glad I could be of service. -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 12:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I profusely apologize for kicking off such a storm. My keyboard is now reprogrammed to detect and insert my smileys appropriately. So, Gil, it's MY BAD. Brian, I'm sorry. Thanks for the clarification and education, Joe. I know I can always count on you to get me out of a jam :). It made sense to call it a GC-Less config at the time of the posting, but now it does sound more like a (what does one call an admixture of Marketing and Engineering? Yeah, THAT!). Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Joe Sent: Mon 7/14/2003 6:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Hey Deji, slap a smiley face on that post or a disclaimer about sarcasm and email not mixing like beer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It adds an attribute or two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone
[ActiveDir] Quick AD integrated DNS question :)
Title: Message When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Wow really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Thats really what I am talking about - - same site too much chatter. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Monday, July 14, 2003 10:28 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message To date, the only issues which I am experiencing are related to the cache on my primary DNS server corrupting. Other than that, its been rock solid. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:23 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Monday, July 14, 2003 10:28 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Well say we are talking perhaps 20 remote offices of a hundred or so systems per office. Isnt the DNS information replicated anyway to all DCs within AD even if the DC isn't a DNS Server? Or am I missing something? -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) We backed up on the DNS issue. When first deployed, it was DNS with DC - always. We have since done exhaustive studies that show that the traffic on the ATMwas not worth the added headaches in a 30+ remote site (Branch office - with some office locations exceeding 1000 seats) of DNS everywhere at least, in our experience. In fact, our DNS has evolved to the point that our corporate DNS is BIND 9.x and our AD is on Win2k (soon to be Win2k3). We have less problems now with DNS (and AD as a whole) than we EVER did when it was spread out over three continents. My .02. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, July 14, 2003 10:28 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I see no reason to separate DNS from AD, except in extreme circumstances. AD and DNS are both core infrastructure, so there's no reason not to colocate them. It works well for both our 500 user company and the 4500 user company prior to that. My DC/DNS servers here are running on 800MHz boxes with half a gig of RAM, and we do quite heavy DNS traffic (lots of Unix systems in house) and never have load issues on the DC's. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message We only run 2 DC's per site, except for those sites where we have a root DC as well. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:11 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) That's really what I am talking about - - same site too much chatter. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:16 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Isnt the information replicated anyway via AD? I guess if they were all in the same site more than two would certainly be overkill. -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:09 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Wow - really - - I only hae one of my DCs as a DNS server - - all other DNS boxes are not DCs - - too much going on -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Nevermind..I found some MASSIVE nt4 - 2k3 document that seems to cover it. Man that's alotta reading :/ -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED]] Sent: Monday, July 14, 2003 2:54 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? winmail.dat
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I'd expect it to be minimal, although I don't have a lot of emperical data to prove it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Would think it would decrease traffic in the long run because of users at that end on the WAN pipe can retrieve locally cached lookups. Shawn -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:20 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I'd expect it to be minimal, although I don't have a lot of emperical data to prove it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 2:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) So what is the impact of placing DNS servers at each remote location? Significant? Or minimal? (given connections are all greater than 256k frame) -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:26 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? �
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message All the zone data is replicated with the domain (unless you're using application partitions in WS2K3), so there is nothing "extra". Traffic depends on if youstore client A and PTR records. If you do, the replication traffic can be substantial depending on lease times, scavenging periods and such. -gil -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:26 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I believe you are correct. Additionally, though, I don't think DNS replication traffic is all that considerable. The worst data hog in DNS is the resolver cache, which isn't replicated. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message-From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Nah..you didn't miss anything..he was just being a D1ck J Thanks for the info! -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:50 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way?
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message One question on that. Dealing with the GC-Less sites. I know that Exchange2k relies heavily on GCs during their day to day processes. Would perhaps E2k3 be more suited to this environment than E2k? Or has this reliance on a local GC followed on to E2k3 Heh..I guess this kinda wandered off on an even broader tangent eh? Server consolidation is a hot topic as of late, if at all possible, NOT putting an Exchange site and GC and DC and DNS server at each location would be a large plus J -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:50 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either
RE: [ActiveDir] Quick AD integrated DNS question :)
I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in "holy crap" or "Damn where did that come from" or "Wow...I completely missed that" Incredulous? Lolyou need to lay off the coffee J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [
RE: [ActiveDir] Quick AD integrated DNS question :)
Coffee? How did you know? My reputation preceded me again :) In any case, I went back and read my original post. Flippant? maybe. Snotty, definitely not. As to Gil taking umbrage at it... I still don't get it. Make that double espresso, please. No milk. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 4:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in holy crap or Damn where did that come from or Wow...I completely missed that Incredulous? Lolyou need to lay off the coffee :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message
Deji,
I took
the comment: "Yes, you did indeed
miss it. So, go find it. Yourself, this time with no help. " as being snotty,
and it seems that wasn't intended.
Mea culpa (Latin for "my bad").
My comment re: DC-less sites was to distinguish
between "GC-less sites", which we've had since RC3 and "GC-less logon", which is
new in WS2k3. They are diffeent, which was my point.
-g
-Original Message-From: deji Agba
[mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:36
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Quick AD integrated DNS question :)
I guess it's my time to say
"Woah"
Gil, my response was
not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not
snottiness. So, where did the slam come from?
I'd think that if anything is snotty, it
would be Brian's increduluos "Woah", not
mine. Don't you think?
As for "Site coverage"
in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are
apple and orange. They are both fruits, but not the
same.
Sincerely,Dèjì Akómöláfé,
MCSE MCSA
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you
now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: [EMAIL PROTECTED] on
behalf of Gil KirkpatrickSent: Mon 7/14/2003 2:49 PMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
I
may have missed something,but the snotty tone seems
inappropriate...
In
any case, to reduce the apparent confusion:
GC-less sites have always been possible with AD since W2K.The
facility iscalled site coverage.
GC-less logon is new in WS2K3 and occurs because DCs can cache group
memberships. This allows the DC to assemble a complete token even if a GC
isn't available. This functionality has nothing to do with application
partitions.
Application partitions area mechanism where you can host replicas
of specific subtrees in the domain on any set of DCs in the forest. The
subtrees may not contain security principals such as users, groups, and
computers, When you create a zone in WS2K3, you can elect to configure it as
an application partition and replicate the data to specific DCs in the
forest.
-gil
-Original
Message-From: deji Agba [mailto:[EMAIL PROTECTED]
Sent: Monday, July 14, 2003 1:19 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
Yes, you did indeed miss
it. So, go find it. Yourself, this time with no help.
Hint:
Application partition is
the new partion in E2K3 which, in addtion to The Domain,
Configuration and SchemaPartitions now make up the AD database in
E2K3.
It is this change that makes it
possible now to deploy GC-less Remote Sites. The Application Partition is
SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the
Forest.
Sincerely,Dèjì
Akómöláfé, MCSE MCSA
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you
now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on
behalf of Rogers, BrianSent: Mon 7/14/2003 11:53 AMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
WoahI musta
missed that document. AD integrated DNS can now be separated from
regular replication?
Gotta link? Book?
Paper? Smokesignal? Morse? J
-Original
Message-From: Rick
Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28
PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
This
would be correct. But, remember that in the replication strategy for
Win2k - data goes to every DC regardless if it's a DNS server or not -
because once it's DNS-integrated, it's now a part of the AD data. This
trend is broken in Win2k3, where application partitions can handle DNS - and
do. The DomainDNS and ForestDNS are just that, for all intents and
purposes. They are AD Application parts handling DNS for just DNS
servers - and no DNS data need be on the DCs, unless it too, is a DNS server
once the full DNS app partition is configured.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP
- Active DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rogers, BrianSent: Monday, July 14, 2003 10:10
AMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
I was
looking more along the lines of
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message
I
didn't take it as snotty towards myself, but towards another list member (Brian
in this case). As I said before, my bad.
And I
think we've used up enough bits on this topic. Agreed?
-g
-Original Message-From: deji Agba
[mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:01
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Quick AD integrated DNS question :)
Coffee? How did you know?
My reputation preceded me again :)
In any case, I went back and read my
original post. Flippant? maybe. Snotty, definitely not. As to Gil taking
umbrage at it... I still don't get it.
Make that double espresso, please. No milk.
Sincerely,Dèjì Akómöláfé,
MCSE MCSA
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you
now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: [EMAIL PROTECTED] on
behalf of Rogers, BrianSent: Mon 7/14/2003 4:34 PMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
Woa was my
comment about my completely missing something obviously very pertinent to my
discussion here.
As in "holy
crap" or "Damn where did that come from" or "Wow...I completely missed
that"
Incredulous?
Lolyou need to lay off the coffee J
-Original
Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14,
2003 7:36
PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
I guess
it's my time to say "Woah"
Gil, my
response was not in any way directed at you. It was directed
atBrian and, if
anything, it was an attempt at levity, not snottiness. So, where did the slam
come from?
I'd think that if anything is
snotty, it would be Brian's increduluos "Woah", not mine. Don't you
think?
As for
"Site coverage" in
Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple
and orange. They are both fruits, but not the same.
Sincerely,Dèjì Akómöláfé,
MCSE MCSA
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is
the Tomorrow you were worried about Yesterday?
-anon
From:
[EMAIL PROTECTED] on behalf of Gil KirkpatrickSent: Mon 7/14/2003 2:49 PMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
I may
have missed something,but the snotty tone seems
inappropriate...
In any
case, to reduce the apparent confusion:
GC-less
sites have always been possible with AD since W2K.The facility
iscalled site coverage.
GC-less
logon is new in WS2K3 and occurs because DCs can cache group memberships. This
allows the DC to assemble a complete token even if a GC isn't available. This
functionality has nothing to do with application
partitions.
Application
partitions area mechanism where you can host replicas of specific
subtrees in the domain on any set of DCs in the forest. The subtrees may not
contain security principals such as users, groups, and computers, When you
create a zone in WS2K3, you can elect to configure it as an application
partition and replicate the data to specific DCs in the
forest.
-gil
-Original
Message-From: deji Agba
[mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19
PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
Yes,
you did indeed miss it. So, go find it. Yourself, this time with no
help.
Hint:
Application
partition is the new partion in E2K3 which, in addtion to
The Domain,
Configuration and SchemaPartitions now make up the
AD database in E2K3.
It
is this change that makes it possible now to deploy GC-less Remote Sites.
The Application Partition is SHARED(replicated) to ALL DCs in the Domain,
including designated DCs in the Forest.
Sincerely,Dèjì Akómöláfé,
MCSE MCSA
MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is
the Tomorrow you were worried about Yesterday?
-anon
From:
[EMAIL PROTECTED] on behalf of Rogers, BrianSent: Mon 7/14/2003 11:53
AMTo:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Quick AD
integrated DNS question :)
WoahI musta
missed that document. AD integrated DNS can now be separated from
regular replication?
Gotta
link? Book? Paper? Smokesignal? Morse? J
-Original
Message-From: Rick
Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28
PMTo:
[EMAIL PRO
RE: [ActiveDir] Quick AD integrated DNS question :)
Deji, I might suggest that the attempt at levity include liberal smiley faces in the future. Gil got the jump before I did, because, given your posts in the past - this one seemed quite out of character. I really wasn't sure if you were having a bad day or if Brian had just really 'hit the wrong nerve'. And, he was asking ME to Woa, so if anyone should be offended, it should be me (and, I wasn't). Personally, I think that this is about enough of this thread. Not constructive. Let's move on. 'Nuff said. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 6:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed at Brian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something, but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K. The facility is called site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions are a mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS
RE: [ActiveDir] Quick AD integrated DNS question :)
Hey Deji, slap a smiley face on that post or a disclaimer about sarcasm and email not mixing like beer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It adds an attribute or two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and Schema Partitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon _ From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? :-) -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rogers, Brian [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:39 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Quick AD integrated DNS question :) 1. When configuring an AD Integrated DNS zone, at least one DC in each site should be running DNS? Or all DCs should be running DNS? Would it matter either way? attachment: winmail.dat
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message No sweatI apologize for my comments as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 8:01 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Coffee? How did you know? My reputation preceded me again :) In any case, I went back and read my original post. Flippant? maybe. Snotty, definitely not. As to Gil taking umbrage at it... I still don't get it. Make that double espresso, please. No milk. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 4:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woa was my comment about my completely missing something obviously very pertinent to my discussion here. As in holy crap or Damn where did that come from or Wow...I completely missed that Incredulous? Lolyou need to lay off the coffee J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I guess it's my time to say Woah Gil, my response was not in any way directed at you. It was directed atBrian and, if anything, it was an attempt at levity, not snottiness. So, where did the slam come from? I'd think that if anything is snotty, it would be Brian's increduluos Woah, not mine. Don't you think? As for Site coverage in Win2K being equal to GC-Less config in Win2K3, I firmly believe they are apple and orange. They are both fruits, but not the same. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Mon 7/14/2003 2:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I may have missed something,but the snotty tone seems inappropriate... In any case, to reduce the apparent confusion: GC-less sites have always been possible with AD since W2K.The facility iscalled site coverage. GC-less logon is new in WS2K3 and occurs because DCs can cache group memberships. This allows the DC to assemble a complete token even if a GC isn't available. This functionality has nothing to do with application partitions. Application partitions area mechanism where you can host replicas of specific subtrees in the domain on any set of DCs in the forest. The subtrees may not contain security principals such as users, groups, and computers, When you create a zone in WS2K3, you can elect to configure it as an application partition and replicate the data to specific DCs in the forest. -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers
RE: [ActiveDir] Quick AD integrated DNS question :)
Title: Message Good info there...answered one of a number of questions I also had...although you did add a few more. J -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Hey Deji, slap a smiley face on that postor a disclaimer about sarcasm and email not mixing likebeer and liquor or something that. :o) I am confused by the app partition making it possible to do GC-less remote sites... I could take that a couple of ways but app partitions wouldn't have anything to do with either. A GC-less site is simply a site without a GC, the machines that need a GC would still be able to find one, just wouldn't be local. Check out your _gc._tcp.SITE._sites.rootdomain.com SRV record, that will show you what GC(s) will be used for any given site. If a site doesn't have a GC in it, auto site coverage will kick in and some other DC based on link metrics and the phase of the moon (humor!!) will determine what DC publishes to that record. The other way to take that would be the GC-less logon capability that W2K3 has added. That also doesn't rely on app partitions. It addsan attributeor two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have universal groups you are using (especially to deny) and you aren't using UPN's. On W2K we actually now only run about 30 GC's out of our 380 or so DC's and have enabled the IgnoreGCFailures reg hack because we are lucky like that and can get away with it. Finally app partitions aren't replicated to every DC in a domain. You select where you want to replicate that info to, otherwise there would be no point in it, might as well just throw the data into the config or domain partitions. joe -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with no help. Hint: Application partition is the new partion in E2K3 which, in addtion to The Domain, Configuration and SchemaPartitions now make up the AD database in E2K3. It is this change that makes it possible now to deploy GC-less Remote Sites. The Application Partition is SHARED(replicated) to ALL DCs in the Domain, including designated DCs in the Forest. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) WoahI musta missed that document. AD integrated DNS can now be separated from regular replication? Gotta link? Book? Paper? Smokesignal? Morse? J -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) This would be correct. But, remember that in the replication strategy for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS servers - and no DNS data need be on the DCs, unless it too, is a DNS server once the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However since the zone is replicated within ADthere shouldn't be any additional (or if so very minimal) replication traffic between the DNS servers other than the normal AD replication traffic correct? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I always configure every DC as a DNS server. I consider that if a location requires a DC, it also requires local DNS. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc
