RE: [ActiveDir] 2003 DC Deployment Question.
Title: SSL question As I know of the clients do not choose anything. It is the DNS server that makes the choices for the client and after that the client receives a list of servers in a certain order to consult. That is also a way to do it. Setting the weight of the W2K3 DCs to 5 and letting the W2K DCs stick to 100 means the W2K DCs will used for 20 times more than the W2K3 DCs. However you still cannot control which client uses the w2k3 DC. To see which client uses which DC you could "enhance" your loginscript and let the client write its %COMPUTERNAME% and %LOGONSERVER% to some central log file. If I remember correctly windows 95/98 don't know about the %LOGONSERVER% variable. Or you could turn on account logon events on the DC. For more info about DC selection see: http://www.windowsitpro.com/Articles/ArticleID/37935/37935.html (by Gil KirkPatrick) Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: Monday, September 26, 2005 16:41To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 DC Deployment Question. Jorge, Thanks for the links. I have already got my schema upgrades done, but your comments light up another possible option. What if I weighted the new DC with a really low SRV weight such as 5. Would this mean that a very small number of clients would authenticate against it, or would each client weigh up 100 Vs 5 and choose the 100? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: 26 September 2005 15:29To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 DC Deployment Question. Hi, You cannot tell which user authenticates to which DC. Clients determine their authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight factor and a priority factor. By default the weight is set to 100 and the priority is set to 0. SRV RRs with the same priority are treated as equal and are load balanced by DNS (round robin if enabled - which by default is in w2k/w2k3). SRV RRs with a lower priority value are used first before using SRV RRS with higher values SRV RRs with higher weight values are used more frequent than SRV RRs with lower values. If you have SRV RR with weight = 50 and another with weight = 100. The SRV RR with weight = 100 will be used twice as more as the SRV RR with weight = 50 The only way I can think of right now to designate a certain DC to users is to create a separate AD site, place that W2K3 DC in it and assign existing AD subnets to that site where the new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3 as a DC for authentication Don't forget that you must update the schema first before you introduce w2k3 DCs. Downlevel clients are not AD site aware. You can make them site aware by installing the DSClient. For more info on what you are asking see: MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To Windows 2003 MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from completing in Windows 2000 MS-KBQ555038_How to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: Monday, September 26, 2005 16:00To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 2003 DC Deployment Question. Hello All, I have a number of large sites all running W2K DC's. I want to migrate them to W2K3 and want to do it bit by bit. I want to deploy the first W2K3 DC to a site, and have only a handful of users authenticate to that DC as a pilot. I want to repeat this about 10 times over my largest sites (where different applications and downlevel client exist) to assess the changes in behaviour before taking the plunge with the remaining clients. Most subnets in this exercise cater for over 500 clients, and I want to find the easiest way to re-direct 5 clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP. TIA for your help. Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Tha
RE: [ActiveDir] 2003 DC Deployment Question.
Title: SSL question IIRC you can do this with a reg hack that forces the machine to a certain DC. Problem is the machine will not look elsewhere if that DC is not available AFAIK. Regards Peter Johnson From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: 26 September 2005 16:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 DC Deployment Question. Jorge, Thanks for the links. I have already got my schema upgrades done, but your comments light up another possible option. What if I weighted the new DC with a really low SRV weight such as 5. Would this mean that a very small number of clients would authenticate against it, or would each client weigh up 100 Vs 5 and choose the 100? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: 26 September 2005 15:29 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 DC Deployment Question. Hi, You cannot tell which user authenticates to which DC. Clients determine their authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight factor and a priority factor. By default the weight is set to 100 and the priority is set to 0. SRV RRs with the same priority are treated as equal and are load balanced by DNS (round robin if enabled - which by default is in w2k/w2k3). SRV RRs with a lower priority value are used first before using SRV RRS with higher values SRV RRs with higher weight values are used more frequent than SRV RRs with lower values. If you have SRV RR with weight = 50 and another with weight = 100. The SRV RR with weight = 100 will be used twice as more as the SRV RR with weight = 50 The only way I can think of right now to designate a certain DC to users is to create a separate AD site, place that W2K3 DC in it and assign existing AD subnets to that site where the new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3 as a DC for authentication Don't forget that you must update the schema first before you introduce w2k3 DCs. Downlevel clients are not AD site aware. You can make them site aware by installing the DSClient. For more info on what you are asking see: MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To Windows 2003 MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from completing in Windows 2000 MS-KBQ555038_How to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: Monday, September 26, 2005 16:00 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 DC Deployment Question. Hello All, I have a number of large sites all running W2K DC's. I want to migrate them to W2K3 and want to do it bit by bit. I want to deploy the first W2K3 DC to a site, and have only a handful of users authenticate to that DC as a pilot. I want to repeat this about 10 times over my largest sites (where different applications and downlevel client exist) to assess the changes in behaviour before taking the plunge with the remaining clients. Most subnets in this exercise cater for over 500 clients, and I want to find the easiest way to re-direct 5 clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP. TIA for your help. Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This message has been scanned for viruses by MailControl
RE: [ActiveDir] 2003 DC Deployment Question.
Title: SSL question You can use 32 bit subnets if you want to designate half a dozen IPs or something in that site. That said, why not just put one DC in general deployment at a couple of these sites and let it burn in for a bit? That’s the only way you’re going to get an accurate picture. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Monday, September 26, 2005 10:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 DC Deployment Question. Hi, You cannot tell which user authenticates to which DC. Clients determine their authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight factor and a priority factor. By default the weight is set to 100 and the priority is set to 0. SRV RRs with the same priority are treated as equal and are load balanced by DNS (round robin if enabled - which by default is in w2k/w2k3). SRV RRs with a lower priority value are used first before using SRV RRS with higher values SRV RRs with higher weight values are used more frequent than SRV RRs with lower values. If you have SRV RR with weight = 50 and another with weight = 100. The SRV RR with weight = 100 will be used twice as more as the SRV RR with weight = 50 The only way I can think of right now to designate a certain DC to users is to create a separate AD site, place that W2K3 DC in it and assign existing AD subnets to that site where the new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3 as a DC for authentication Don't forget that you must update the schema first before you introduce w2k3 DCs. Downlevel clients are not AD site aware. You can make them site aware by installing the DSClient. For more info on what you are asking see: MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To Windows 2003 MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from completing in Windows 2000 MS-KBQ555038_How to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: Monday, September 26, 2005 16:00 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 DC Deployment Question. Hello All, I have a number of large sites all running W2K DC's. I want to migrate them to W2K3 and want to do it bit by bit. I want to deploy the first W2K3 DC to a site, and have only a handful of users authenticate to that DC as a pilot. I want to repeat this about 10 times over my largest sites (where different applications and downlevel client exist) to assess the changes in behaviour before taking the plunge with the remaining clients. Most subnets in this exercise cater for over 500 clients, and I want to find the easiest way to re-direct 5 clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP. TIA for your help. Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] 2003 DC Deployment Question.
Title: SSL question Jorge, Thanks for the links. I have already got my schema upgrades done, but your comments light up another possible option. What if I weighted the new DC with a really low SRV weight such as 5. Would this mean that a very small number of clients would authenticate against it, or would each client weigh up 100 Vs 5 and choose the 100? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: 26 September 2005 15:29To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 DC Deployment Question. Hi, You cannot tell which user authenticates to which DC. Clients determine their authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight factor and a priority factor. By default the weight is set to 100 and the priority is set to 0. SRV RRs with the same priority are treated as equal and are load balanced by DNS (round robin if enabled - which by default is in w2k/w2k3). SRV RRs with a lower priority value are used first before using SRV RRS with higher values SRV RRs with higher weight values are used more frequent than SRV RRs with lower values. If you have SRV RR with weight = 50 and another with weight = 100. The SRV RR with weight = 100 will be used twice as more as the SRV RR with weight = 50 The only way I can think of right now to designate a certain DC to users is to create a separate AD site, place that W2K3 DC in it and assign existing AD subnets to that site where the new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3 as a DC for authentication Don't forget that you must update the schema first before you introduce w2k3 DCs. Downlevel clients are not AD site aware. You can make them site aware by installing the DSClient. For more info on what you are asking see: MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To Windows 2003 MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from completing in Windows 2000 MS-KBQ555038_How to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: Monday, September 26, 2005 16:00To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 2003 DC Deployment Question. Hello All, I have a number of large sites all running W2K DC's. I want to migrate them to W2K3 and want to do it bit by bit. I want to deploy the first W2K3 DC to a site, and have only a handful of users authenticate to that DC as a pilot. I want to repeat this about 10 times over my largest sites (where different applications and downlevel client exist) to assess the changes in behaviour before taking the plunge with the remaining clients. Most subnets in this exercise cater for over 500 clients, and I want to find the easiest way to re-direct 5 clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP. TIA for your help. Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This message has been scanned for viruses by MailControl
RE: [ActiveDir] 2003 DC Deployment Question.
Title: SSL question Hi, You cannot tell which user authenticates to which DC. Clients determine their authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight factor and a priority factor. By default the weight is set to 100 and the priority is set to 0. SRV RRs with the same priority are treated as equal and are load balanced by DNS (round robin if enabled - which by default is in w2k/w2k3). SRV RRs with a lower priority value are used first before using SRV RRS with higher values SRV RRs with higher weight values are used more frequent than SRV RRs with lower values. If you have SRV RR with weight = 50 and another with weight = 100. The SRV RR with weight = 100 will be used twice as more as the SRV RR with weight = 50 The only way I can think of right now to designate a certain DC to users is to create a separate AD site, place that W2K3 DC in it and assign existing AD subnets to that site where the new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3 as a DC for authentication Don't forget that you must update the schema first before you introduce w2k3 DCs. Downlevel clients are not AD site aware. You can make them site aware by installing the DSClient. For more info on what you are asking see: MS-KBQ314649_W2K3 ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K Servers MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To Windows 2003 MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from completing in Windows 2000 MS-KBQ555038_How to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains Cheers, Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, BradSent: Monday, September 26, 2005 16:00To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 2003 DC Deployment Question. Hello All, I have a number of large sites all running W2K DC's. I want to migrate them to W2K3 and want to do it bit by bit. I want to deploy the first W2K3 DC to a site, and have only a handful of users authenticate to that DC as a pilot. I want to repeat this about 10 times over my largest sites (where different applications and downlevel client exist) to assess the changes in behaviour before taking the plunge with the remaining clients. Most subnets in this exercise cater for over 500 clients, and I want to find the easiest way to re-direct 5 clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP. TIA for your help. Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
