subject:"RE\: \[ActiveDir\] Multihomed Domain Controllers"

I don’t deploy any servers which are connected to a monitoring
system that calls me at night or calls my manager without fault-tolerant NIC
teaming. Inevitably it will be my fault when the network team crashes a
supervisor in a 6509 or a line card dies. I have no second thoughts about using
a $250 switchport as a failover port. Some shops I’ve found the network guys
expect this from my part so it’s not their problem when a NIC dies or a cable
gets screwed up or whatever. Conversely I’ve dealt with network teams and
systems people who haven’t the faintest clue how teaming works and go ballistic
when they hear it. It won’t cause spanning tree issues (most popular network
team myth I’ve heard), it doesn’t require setting up an etherchannel (you can’t
have an etherchannel span switches), and it doesn’t require four IOS commands
and three TAC calls to make it work. It also doesn’t crash switches, create
broadcast loops, flood segments, etc. 

I’ve deployed thousands of network connections with HPQ,
Broadcom, and Intel teaming software and have not had issues yet. On clusters I
always team across the onboard and PCI NIC for the redundancy. DCs and other
stuff without a PCI NIC I just team the two ports for switch fault tolerance.
This is also an easy way to see if your network people didn’t follow directions
on the cross connects – if the team negotiates a 200mbps or 2gbps connection,
they’re on the same switch, and quite likely the same line card

Thanks,

Brian Desmond

[EMAIL PROTECTED]

c - 312.731.3132

From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick
Sent: Wednesday, July 12, 2006 8:29 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

I've not had good luck with teaming and I've yet to see much
benefit.  Saying that, I can see where teaming in a failover method might
have some benefits for other types of servers.  Due to the way AD is
deployed (fabric vs. cluster or single instance) I see no point in making
anything complex when it comes to a domain controller.  I view teaming as
one more piece of software to configure (and potentially mess up) and one more
thing in my troubleshooting list if something goes amiss. 

On 7/12/06, Freddy HARTONO
<[EMAIL PROTECTED]>
wrote: 

Don't mean to hijack this thread but on a similar note -
whats the
downside for installing DCs with Adapter Teaming? 

All I know is that when adapter teaming is enabled, setting up WINS
service will pops and error message (which can be ignored)...but
anything else? I've always been a firm believer of one nic and no
teaming... 

Any comments?

Thank you and have a splendid day!

Kind Regards,

Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785

-Original Message-
From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 PM
To: ActiveDir@mail.activedir.org 
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
> --
> -- 
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers 
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS. 
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
> 
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
> 
> [EMAIL PROTECTED]
[EMAIL PROTECTED]>
>
> *W: *
>
> 
>
> www.quostar.com <http://www.quostar.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

RE: [ActiveDir] Multihomed Domain Controllers

Hmm, this whole no surfing the web on DCs is potentially problematic if
you're Defending Security Infrastructures in your datacenter. You would
need to order the pizza whilst in the presence of your security
infrastructures which might be collocated with the domain controllers.
If you were to abandon your security infrastructures to order pizza, you
would no longer be defending security infrastructures in your
datacenter.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Kevin Brunson
> Sent: Wednesday, July 12, 2006 1:35 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Multihomed Domain Controllers
> 
> I only surf on the big ones.  The small ones just don't catch the
waves
> right.
> 
> I don't even let them go to Windows Update.  WSUS connections
> configured through Group Policy are about as far as I want them to go
> to the internet.  The problem is users, and in many cases admins.  I
> get a server just right, go back to my office, and by the time I get
> back they've already installed 15 programs ending in "zilla".
> 
> And of course no self-respecting admin can get a $15 Citrix
> infrastructure without immediately giving every STINKING user a
> desktop.
> Forget published apps.  Forget everything that made it worth investing
> any money whatsoever, let's just give them a STINKING desktop.  Sorry,
> I guess I must have let all of my thinking about Defending Security
> Infrastructure get to my head.
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Susan
Bradley,
> CPA aka Ebitz - SBS Rocks [MVP]
> Sent: Wednesday, July 12, 2006 12:45 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Multihomed Domain Controllers
> 
> You surf on your servers?
> 
> My servers go to WU/MU...and maybe to Joe's blog for information on
> Defending Security Infrastructure..iin fact they regularly hang out on
> Joe's blog for all the information I need to know on Defending
Security
> Infrastructure.. in fact http://blog.joeware.net/2006/07/11/445/ that
> link is the home page so that I'm constantly reminded about Defending
> Security Infrastructur ..but other than that... they don't have
> antispyware because they don't go anywhere to get spyware and the
> Enhanced IE is still on there.
> 
> 
> 
> 
> Kevin Brunson wrote:
> 
> >I have definitely found the hosts file to be useful on servers to
keep
> >them from EVER getting to spyware sites.  This guy has a great list :
>
>http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=ho
> s
> t
> >s
> >
> >Just cut and paste into the hosts file and you are good to go.  I
> >scripted it for all of the servers I deal with.  But I guess this is
> >getting pretty far OT: :) Kevin
> >
> >-Original Message-
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of Susan
> Bradley,
> >CPA aka Ebitz - SBS Rocks [MVP]
> >Sent: Wednesday, July 12, 2006 10:41 AM
> >To: ActiveDir@mail.activedir.org
> >Subject: Re: [ActiveDir] Multihomed Domain Controllers
> >
> >In the year 2006.. I hope we are still not making host file entries
on
> >servers and workstations  :-)
> >
> >Peter Johnson wrote:
> >
> >
> >
> >>You might want to then create entries in the host file on the backup
> >>server so that you guarantee that the backup server always uses the
> >>right network connection.
> >>
> >>
> >>
> >>
> >>
> >>
>
>--
> -
> -
> >
> >
> >>*From:* [EMAIL PROTECTED]
> >>[mailto:[EMAIL PROTECTED] *On Behalf Of *Robert
> >>Rutherford
> >>*Sent:* 12 July 2006 12:57
> >>*To:* ActiveDir@mail.activedir.org
> >>*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
> >>
> >>
> >>
> >>No issues, if you...
> >>
> >>
> >>
> >>Go to the TCP/IP settings of the backup network card, click
advanced,
> >>goto the DNS tab and untick register the connection in DNS.
> >>
> >>
> >>
> >>Cheers,
> >>
> >>
> >>
> >>Rob
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>*Robert Rutherford*
> >>*QuoStar Solutions Limited*
> >>
> >>
> >

RE: [ActiveDir] Multihomed Domain Controllers

I had a production environment which required hosts files to deal with
the confusing mechanism behind Cisco's Layer 4 load balancer blades
(CSMs). That was one of those if you didn't know about it (it being the
CSM and the hosts file solution we came up with) you'd probably never
figure it out type things.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of joe
> Sent: Wednesday, July 12, 2006 11:12 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Multihomed Domain Controllers
> 
> But I hope we still have the option of doing so...  I use the hosts
> file on a regular basis to redirect the localhost name to the
machine's
> IP instead of to 127.blah and then stick in route statements so all
> locally directed traffic bounces out to a router and back so I can
look
> at the network traces of the traffic.
> 
>   joe
> 
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
> 
> Do not read this worthless blog entry on Defending Security
> Infrastructures
> - http://blog.joeware.net/2006/07/11/445/ ---  I'm serious, you will
> learn absolutely nothing about Defending Security Infrastructures.
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Susan
Bradley,
> CPA aka Ebitz - SBS Rocks [MVP]
> Sent: Wednesday, July 12, 2006 11:41 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Multihomed Domain Controllers
> 
> In the year 2006.. I hope we are still not making host file entries on
> servers and workstations  :-)
> 
> Peter Johnson wrote:
> 
> > You might want to then create entries in the host file on the backup
> > server so that you guarantee that the backup server always uses the
> > right network connection.
> >
> >
> >
> >
-
> -
> > --
> >
> > *From:* [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert
> > Rutherford
> > *Sent:* 12 July 2006 12:57
> > *To:* ActiveDir@mail.activedir.org
> > *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
> >
> >
> >
> > No issues, if you...
> >
> >
> >
> > Go to the TCP/IP settings of the backup network card, click
advanced,
> > goto the DNS tab and untick register the connection in DNS.
> >
> >
> >
> > Cheers,
> >
> >
> >
> > Rob
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *Robert Rutherford*
> > *QuoStar Solutions Limited*
> >
> >
> > The Enterprise Pavilion
> > Fern Barrow
> > Wallisdown
> > Poole
> > Dorset
> > BH12 5HH
> >
> >
> >
> >
> >
> >
> >
> >
> > *T:*
> >
> >
> >
> > +44 (0) 8456 440 331
> >
> > *F:*
> >
> >
> >
> > +44 (0) 8456 440 332
> >
> > *M:*
> >
> >
> >
> > +44 (0) 7974 249 494
> >
> > *E: *
> >
> >
> >
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> >
> > *W: *
> >
> >
> >
> > www.quostar.com <http://www.quostar.com>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
-
> -
> > --
> >
> >
> >
> >
> >
> > **From:** [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff
Green
> > *Sent:* 12 July 2006 11:43
> > *To:* ActiveDir@mail.activedir.org
> > *Subject:* [ActiveDir] Multihomed Domain Controllers
> >
> > Hi,
> >
> >  First posting to this list but I've lurked quite a while and
> I've
> > been very impressed by the quality of replies by the gurus.
> >
> > My question is regarding the advisability of having multihomed DCs.
> > Basically I want
> > to run backups over a separate GbE and as my servers have dual
> inbuilt
> > NICs this seems an obvious route to take. I know there are some
> issues
> > with DNS (I have a DNS integrated AD).
> >
> > Would this cause replication problems, etc ?
> >
> > Any other "gotchas" ?
> >
> >
> >
> > Many Thanks,
>

RE: [ActiveDir] Multihomed Domain Controllers









I’ve got hundreds of sites/forests with multihomed DCs. It works
fine save for the browsing situation, but who uses that anyway? 

 

Thanks,

Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Al Mulnick
Sent: Wednesday, July 12, 2006 8:36 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers





 



Personally, I've never used that configuration for a
DC.  Since being bit in the nt4.0 days (before that really, but hate to
show the age :) I've had architectural reasons to not do that.  Since AD
is made up of a multi-master fabric, I have had no reason at all to require an
isolated network dedicated to backups.  I get the feeling in your case
it's just a nice to have vs. a requirement since you have the hardware and
figure why not put it to use.  You'd be a rare exception if the size of
the dit is large enough to require such a configuration.  Saying that, is
it possible? Most likley.  Will it be difficult when/if you call for
support for some other issue to explain to the engineer that you have a
mutli-homed DC? Most likely.  Does it break the "keep it as simple as
possible while meeting the requirements?" rule? Most likley.  





 





When you test this, as the others have mentioned, be sure to
test the recoverability and the gotchas that come along with bringing up a
recovered DC on a multi-homed machine.  You'll want to have that
documented and thouroughly tested so as not to have to deal with that when
under pressure.  You may also want to consider an alternative backup
method that doesn't require a dedicated network to the DC's.  





 





Just some random thoughts and my $.04 (USD) worth. 





 





Al

 





On 7/12/06, Jeff Green <[EMAIL PROTECTED]> wrote:






Hi Guys,

 

 

   
Many
thanks to all that have responded (and so quickly !)

 

Points / clarifications / additional Qs

 

    a)    DNS multihomed issues

 

   
Yes,
found that in the MS KB about not "registering this connection in
DNS" on the second NIC.

 

   
Also
leave the gateway / DNS TCP/IP settings blank on the second NIC.

 

    b)    Browser Issues

 

   
Several
things in MS KB about this and fixes (including hacking a registry if I
remember correctly)

    

   
But
would Browser issues affect AD operations - I'm talking about replication
issues here ?

 

    c)    Currently running W2K SP4
+ rollups on all DCs - but moving to W2K3.

 

   Sorry
should have stated this.

 

 

    d)    Backup

 

   Using
BackupExec, which allows binding of remote agents to specific NICs

 

 

Have I got everything covered - I can't believe this is an unusual
configuration ?

 

 

    

   
Many
Thanks

   


   

 









From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On Behalf Of Jeff Green
Sent: 12 July 2006 11:43





To: ActiveDir@mail.activedir.org





Subject: [ActiveDir] Multihomed Domain
Controllers






 







Hi, 


First posting to this list but I've lurked quite a while and I've been very
impressed by 
the quality of
replies by the gurus. 

My question
is regarding the advisability of having multihomed DCs. Basically I want

to run backups
over a separate GbE and as my servers have dual inbuilt NICs this 
seems an
obvious route to take. I know there are some issues with DNS (I have 
a DNS integrated
AD). 

Would this
cause replication problems, etc ? 

Any other
"gotchas" ? 

 

   
   
    Many Thanks, 

--- 
Jeff Green

Network Support
Manager 
SAPIENS (UK)
Ltd 
t: +44 (0)1895
464228 f: +44 (0)1895 463098 

"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows" 




Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way. 

Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at [EMAIL PROTECTED] , if you have received this
email in error.

Disclaimer: The views, opinions and guidelines contained in this
confi

RE: [ActiveDir] Multihomed Domain Controllers

Title: Multihomed Domain Controllers








That’s fine. You need to do two things:

 

This needs to be a backup subnet (so no gateway)

In the Network Connections explorer window under
tools>advanced settings, prioritize your connections with this one being
last (this is only necessary if you need a gateway for the backup subnet for whatever
reason). 

 



Thanks,

Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132



 







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Jeff Green
Sent: Wednesday, July 12, 2006 5:43 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Multihomed Domain Controllers





 

Hi, 


First posting to this list but I've lurked quite a while and I've been very
impressed by 
the quality of
replies by the gurus. 

My question
is regarding the advisability of having multihomed DCs. Basically I want

to run backups
over a separate GbE and as my servers have dual inbuilt NICs this 
seems an
obvious route to take. I know there are some issues with DNS (I have 
a DNS
integrated AD). 

Would this
cause replication problems, etc ? 

Any other
"gotchas" ? 

 

   
   
    Many Thanks, 

--- 
Jeff Green

Network Support
Manager 
SAPIENS (UK)
Ltd 
t: +44 (0)1895
464228 f: +44 (0)1895 463098 

"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows" 



Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.

Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at [EMAIL PROTECTED],
if you have received this email in error.

Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.

Re: [ActiveDir] Multihomed Domain Controllers

I've not had good luck with teaming and I've yet to see much benefit.  Saying that, I can see where teaming in a failover method might have some benefits for other types of servers.  Due to the way AD is deployed (fabric vs. cluster or single instance) I see no point in making anything complex when it comes to a domain controller.  I view teaming as one more piece of software to configure (and potentially mess up) and one more thing in my troubleshooting list if something goes amiss. 

 
 
On 7/12/06, Freddy HARTONO <[EMAIL PROTECTED]> wrote:
Don't mean to hijack this thread but on a similar note - whats thedownside for installing DCs with Adapter Teaming?
All I know is that when adapter teaming is enabled, setting up WINSservice will pops and error message (which can be ignored)...butanything else? I've always been a firm believer of one nic and noteaming...
Any comments?Thank you and have a splendid day!Kind Regards,Freddy HartonoGroup Support EngineerInternationalSOS Pte Ltdmail: 
[EMAIL PROTECTED]phone: (+65) 6330-9785-Original Message-From: [EMAIL PROTECTED][mailto:
[EMAIL PROTECTED]] On Behalf Of Susan Bradley,CPA aka Ebitz - SBS Rocks [MVP]Sent: Wednesday, July 12, 2006 11:41 PMTo: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain ControllersIn the year 2006.. I hope we are still not making host file entries onservers and workstations  :-)Peter Johnson wrote:> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the> right network connection.>>>> --> --
>> *From:* [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]
] *On Behalf Of *Robert> Rutherford> *Sent:* 12 July 2006 12:57> *To:* ActiveDir@mail.activedir.org> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>>>> No issues, if you...>>>> Go to the TCP/IP settings of the backup network card, click advanced,> goto the DNS tab and untick register the connection in DNS.
>>>> Cheers,>>>> Rob>>>>>>>>>> *Robert Rutherford*> *QuoStar Solutions Limited*>
>> The Enterprise Pavilion> Fern Barrow> Wallisdown> Poole> Dorset> BH12 5HH>>>>>>>>> *T:*>>>
> +44 (0) 8456 440 331>> *F:*>>>> +44 (0) 8456 440 332>> *M:*>>>> +44 (0) 7974 249 494>> *E: *>>>
> [EMAIL PROTECTED] [EMAIL PROTECTED]>>> *W: *>>
>> www.quostar.com <http://www.quostar.com>>>>>>>>>>>
>>>>>>>>>>>>>> --> -->>>>
>> **From:** [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]
] *On Behalf Of *Jeff Green> *Sent:* 12 July 2006 11:43> *To:* ActiveDir@mail.activedir.org> *Subject:* [ActiveDir] Multihomed Domain Controllers>
> Hi,>>  First posting to this list but I've lurked quite a while and I've> been very impressed by the quality of replies by the gurus.>> My question is regarding the advisability of having multihomed DCs.
> Basically I want> to run backups over a separate GbE and as my servers have dual inbuilt> NICs this seems an obvious route to take. I know there are some issues> with DNS (I have a DNS integrated AD).
>> Would this cause replication problems, etc ?>> Any other "gotchas" ?>>>> Many Thanks,>> ---> Jeff Green
> Network Support Manager> SAPIENS (UK) Ltd> t: +44 (0)1895 464228 f: +44 (0)1895 463098>> "I dream of hover cars and old transistor radios ... She dreams of> flowers in a field of sunny bungalows"
>>> --> -- Confidentiality Note: The information contained in this email and> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.> If the recipient of this email is not the addressee, such recipient is> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.>> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail> immediately at [EMAIL PROTECTED]
, if you have received this> email in error.>> Disclaimer: The views, opinions and guidelines contained in this> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.> --> -->--Letting your vendors set your risk analysis these days?
http://www.threatcode.comIf you are a SBSer and you don't subscribe to the SBS Blog... man ... Iwill hunt you down...http://blogs.technet.com/sbsList info   : 
http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspxList info   : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Multihomed Domain Controllers

Hijack this thread?  I didn't know it could be hijacked any more than I
already had.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO
Sent: Wednesday, July 12, 2006 8:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Multihomed Domain Controllers

Don't mean to hijack this thread but on a similar note - whats the
downside for installing DCs with Adapter Teaming?

All I know is that when adapter teaming is enabled, setting up WINS
service will pops and error message (which can be ignored)...but
anything else? I've always been a firm believer of one nic and no
teaming...

Any comments? 


Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
> --
> --
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
>   
>
>  
>
>   
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
>   
>
>  
>
>   
>
> *T:*
>
>   
>
> +44 (0) 8456 440 331
>
> *F:*
>
>   
>
> +44 (0) 8456 440 332
>
> *M:*
>
>   
>
> +44 (0) 7974 249 494
>
> *E: *
>
>   
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> *W: *
>
>   
>
> www.quostar.com <http://www.quostar.com>
>
>   
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> --
> --
>
>  
>
>  
>
> **From:** [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've

> been very impressed by the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt

> NICs this seems an obvious route to take. I know there are some issues

> with DNS (I have a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
> --
> -- Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is

> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTECTED], if you have received this

> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this 
> confidential e-mail are those of the originating author and may not be

> representative of Sapiens (UK) Ltd.
> --
> -

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Freddy HARTONO

Don't mean to hijack this thread but on a similar note - whats the
downside for installing DCs with Adapter Teaming?

All I know is that when adapter teaming is enabled, setting up WINS
service will pops and error message (which can be ignored)...but
anything else? I've always been a firm believer of one nic and no
teaming...

Any comments? 


Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9785
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
> --
> --
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
>   
>
>  
>
>   
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
>   
>
>  
>
>   
>
> *T:*
>
>   
>
> +44 (0) 8456 440 331
>
> *F:*
>
>   
>
> +44 (0) 8456 440 332
>
> *M:*
>
>   
>
> +44 (0) 7974 249 494
>
> *E: *
>
>   
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> *W: *
>
>   
>
> www.quostar.com <http://www.quostar.com>
>
>   
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> --
> --
>
>  
>
>  
>
> **From:** [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've

> been very impressed by the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt

> NICs this seems an obvious route to take. I know there are some issues

> with DNS (I have a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
> --
> -- Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is

> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTECTED], if you have received this

> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this 
> confidential e-mail are those of the originating author and may not be

> representative of Sapiens (UK) Ltd.
> --
> --
>

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [OT]Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Matt Hargraves

Fortunately, unless you know who has the data that you want to steal, the chances of any actual confidential data being stolen to the thieve's benefit is pretty slim.  Even if you do find data that a competitor would want, most companies today are pretty hesitant about taking confidential information.  Didn't you hear about Pepsi turning in that guy who was going to sell them confidential information from Coca Cola?
The information that people are really worried about is controlled by the people who are usually more paranoid than we are the accountants ;)On 7/12/06, 
Al Mulnick <[EMAIL PROTECTED]> wrote:
Confidential data?  Can you, in three minutes or less recite your companies confidential data policies if you were asked? Can you explain them to the users in your company (fair enough, I know you're a tech company; I've heard of you)? Or are your company classified docs going home on usb sticks and cd's or dvd's or in email and web uploads? 

 
I wonder though, desktop machines guarded by the cleaning crew are better?  
What about smart phones?  Those keep you up late at night as well? :)
 
We're easily years away from widespread use and adoption of things like bit-locker.  With cross-platform usage, not sure the value outside of the sphere of windows desktops that have been upgraded (that's a what? 5 year cycle at many companies?) either but leave that for another time

 
My preference is to embrace the new technology and find ways to mitigate the risks. Laptops are here to stay and although they go missing, that to me is not enough of a reason to not want to use them.  I've seen instances of desktops that grow legs and go missing as well.  Some might argue that VPN usage to non-company assets (those not owned AND managed by the company) are enough to give you the heebie jeebies.  

 
I don't see bit-locker solving those issues. Know something different? 
 
 
On 7/12/06, Kurt Falde <[EMAIL PROTECTED]
> wrote:




Great so we can have even more people taking confidential data home with them and getting their laptops stolen from their cars 
J

  Until we get Vista BitLocker and laptops that utilize it across the board I would be extremely paranoid about laptops all over.
 

Kurt Falde




From: 

[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 

On Behalf Of Al MulnickSent: Wednesday, July 12, 2006 5:06 PM
To: ActiveDir@mail.activedir.org

Subject: [OT]Re: [ActiveDir] Multihomed Domain Controllers 


 

I know we're drifting off-topic, but I read this and started thinking: laptops.  Why bother with desktops? 

 

On 7/12/06, Matt Hargraves <

[EMAIL PROTECTED]> wrote: 

Not so sure I agree with that.  Thin clients work just fine, require less maintenance and can be replaced in 5 minutes, vs. the 3 hour argument that you'll get if you try replacing someone's desktop because they saved 19 items that have nothing to do with their job on the local hard drive. 
Then again, desktops are about as expensive nowadays as thin clients, so the justification for thin clients isn't what it used to be.

Re: [OT]Re: [ActiveDir] Multihomed Domain Controllers

Confidential data?  Can you, in three minutes or less recite your companies confidential data policies if you were asked? Can you explain them to the users in your company (fair enough, I know you're a tech company; I've heard of you)? Or are your company classified docs going home on usb sticks and cd's or dvd's or in email and web uploads? 

 
I wonder though, desktop machines guarded by the cleaning crew are better?  
What about smart phones?  Those keep you up late at night as well? :)
 
We're easily years away from widespread use and adoption of things like bit-locker.  With cross-platform usage, not sure the value outside of the sphere of windows desktops that have been upgraded (that's a what? 5 year cycle at many companies?) either but leave that for another time

 
My preference is to embrace the new technology and find ways to mitigate the risks. Laptops are here to stay and although they go missing, that to me is not enough of a reason to not want to use them.  I've seen instances of desktops that grow legs and go missing as well.  Some might argue that VPN usage to non-company assets (those not owned AND managed by the company) are enough to give you the heebie jeebies.  

 
I don't see bit-locker solving those issues. Know something different? 
 
 
On 7/12/06, Kurt Falde <[EMAIL PROTECTED]> wrote:




Great so we can have even more people taking confidential data home with them and getting their laptops stolen from their cars 
J
  Until we get Vista BitLocker and laptops that utilize it across the board I would be extremely paranoid about laptops all over.
 

Kurt Falde




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Al MulnickSent: Wednesday, July 12, 2006 5:06 PM
To: ActiveDir@mail.activedir.org

Subject: [OT]Re: [ActiveDir] Multihomed Domain Controllers 


 

I know we're drifting off-topic, but I read this and started thinking: laptops.  Why bother with desktops? 

 

On 7/12/06, Matt Hargraves <
[EMAIL PROTECTED]> wrote: 

Not so sure I agree with that.  Thin clients work just fine, require less maintenance and can be replaced in 5 minutes, vs. the 3 hour argument that you'll get if you try replacing someone's desktop because they saved 19 items that have nothing to do with their job on the local hard drive. 
Then again, desktops are about as expensive nowadays as thin clients, so the justification for thin clients isn't what it used to be.

RE: [OT]Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Kurt Falde









Great so we can have even more people
taking confidential data home with them and getting their laptops stolen from
their cars J  Until we get Vista BitLocker and laptops that utilize it across
the board I would be extremely paranoid about laptops all over.

 



Kurt Falde











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, July 12, 2006
5:06 PM
To: ActiveDir@mail.activedir.org
Subject: [OT]Re: [ActiveDir]
Multihomed Domain Controllers



 



I know we're drifting off-topic, but I read this and started thinking:
laptops.  Why bother with desktops? 







 





On 7/12/06, Matt
Hargraves <[EMAIL PROTECTED]>
wrote: 



Not so sure I agree with that.  Thin clients work just fine,
require less maintenance and can be replaced in 5 minutes, vs. the 3 hour
argument that you'll get if you try replacing someone's desktop because they
saved 19 items that have nothing to do with their job on the local hard
drive. 

Then again, desktops are about as expensive nowadays as thin clients, so the
justification for thin clients isn't what it used to be.

RE: [ActiveDir] Multihomed Domain Controllers









Sorry, forgive me for my lack of clarity. 
 I was on the phone with Microsoft when I wrote that, so my head was
shrinking….  But don’t worry, they refunded my case.

 

I agree with you 100%.  

My rant was purely referring to the
desktop published app, not a physical workstation.  I was ranting about
admins who can’t seem to understand that citrix costs more than rdp, but
that is about the only difference if every user is connecting to the citrix
desktop instead of published apps.  Especially since they don’t want
to lock the users down on the citrix servers.  

 

Wow, it’s a long way from multihomed
domain controllers to Citrix and desktops vs. thin clients.

 

 

 









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matt Hargraves
Sent: Wednesday, July 12, 2006
3:46 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
Multihomed Domain Controllers



 

Not so sure I agree with that.  Thin clients work just fine,
require less maintenance and can be replaced in 5 minutes, vs. the 3 hour
argument that you'll get if you try replacing someone's desktop because they
saved 19 items that have nothing to do with their job on the local hard
drive. 

Then again, desktops are about as expensive nowadays as thin clients, so the
justification for thin clients isn't what it used to be.

[OT]Re: [ActiveDir] Multihomed Domain Controllers

I know we're drifting off-topic, but I read this and started thinking: laptops.  Why bother with desktops? 
 
On 7/12/06, Matt Hargraves <[EMAIL PROTECTED]> wrote:

Not so sure I agree with that.  Thin clients work just fine, require less maintenance and can be replaced in 5 minutes, vs. the 3 hour argument that you'll get if you try replacing someone's desktop because they saved 19 items that have nothing to do with their job on the local hard drive. 
Then again, desktops are about as expensive nowadays as thin clients, so the justification for thin clients isn't what it used to be.

Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Matt Hargraves

Not so sure I agree with that.  Thin clients work just fine, require less maintenance and can be replaced in 5 minutes, vs. the 3 hour argument that you'll get if you try replacing someone's desktop because they saved 19 items that have nothing to do with their job on the local hard drive.
Then again, desktops are about as expensive nowadays as thin clients, so the justification for thin clients isn't what it used to be.

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

I only surf on the big ones.  The small ones just don't catch the waves
right.  

I don't even let them go to Windows Update.  WSUS connections configured
through Group Policy are about as far as I want them to go to the
internet.  The problem is users, and in many cases admins.  I get a
server just right, go back to my office, and by the time I get back
they've already installed 15 programs ending in "zilla".

And of course no self-respecting admin can get a $15 Citrix
infrastructure without immediately giving every STINKING user a desktop.
Forget published apps.  Forget everything that made it worth investing
any money whatsoever, let's just give them a STINKING desktop.  Sorry, I
guess I must have let all of my thinking about Defending Security
Infrastructure get to my head.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 12:45 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

You surf on your servers?

My servers go to WU/MU...and maybe to Joe's blog for information on 
Defending Security Infrastructure..iin fact they regularly hang out on 
Joe's blog for all the information I need to know on Defending 
Security Infrastructure.. in fact 
http://blog.joeware.net/2006/07/11/445/ that link is the home page so 
that I'm constantly reminded about Defending Security Infrastructur 
..but other than that... they don't have antispyware because they don't 
go anywhere to get spyware and the Enhanced IE is still on there.

Kevin Brunson wrote:

>I have definitely found the hosts file to be useful on servers to keep
>them from EVER getting to spyware sites.  This guy has a great list :
>http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hos
t
>s
>
>Just cut and paste into the hosts file and you are good to go.  I
>scripted it for all of the servers I deal with.  But I guess this is
>getting pretty far OT: :)
>Kevin
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
>CPA aka Ebitz - SBS Rocks [MVP]
>Sent: Wednesday, July 12, 2006 10:41 AM
>To: ActiveDir@mail.activedir.org
>Subject: Re: [ActiveDir] Multihomed Domain Controllers
>
>In the year 2006.. I hope we are still not making host file entries on 
>servers and workstations  :-)
>
>Peter Johnson wrote:
>
>  
>
>>You might want to then create entries in the host file on the backup 
>>server so that you guarantee that the backup server always uses the 
>>right network connection.
>>
>> 
>>
>>
>>
>>
>-------
-
>  
>
>>*From:* [EMAIL PROTECTED] 
>>[mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
>>Rutherford
>>*Sent:* 12 July 2006 12:57
>>*To:* ActiveDir@mail.activedir.org
>>*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>>
>> 
>>
>>No issues, if you...
>>
>> 
>>
>>Go to the TCP/IP settings of the backup network card, click advanced, 
>>goto the DNS tab and untick register the connection in DNS.
>>
>> 
>>
>>Cheers,
>>
>> 
>>
>>Rob
>>
>> 
>>
>>  
>>
>> 
>>
>>  
>>
>>*Robert Rutherford*
>>*QuoStar Solutions Limited*
>> 
>>
>>The Enterprise Pavilion
>>Fern Barrow
>>Wallisdown
>>Poole
>>Dorset
>>BH12 5HH
>> 
>>
>>  
>>
>> 
>>
>>  
>>
>>*T:*
>>
>>  
>>
>>+44 (0) 8456 440 331
>>
>>*F:*
>>
>>  
>>
>>+44 (0) 8456 440 332
>>
>>*M:*
>>
>>  
>>
>>+44 (0) 7974 249 494
>>
>>*E: *
>>
>>  
>>
>>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>
>>*W: *
>>
>>  
>>
>>www.quostar.com <http://www.quostar.com>
>>
>>  
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>>
>>
>>
>---
-
>  
>
>> 
>>
>> 
>>
>>**From:** [EMAIL PROTECTED] 
>>[mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
>>*Sent:* 12 July 2006 11:43
>>*To:* ActiveDir@mail.activedir.org
>>*Subject:* [ActiveDir] Multihomed Domain Controllers
>>
>>Hi,
>>
>>

Re: [ActiveDir] Multihomed Domain Controllers


You surf on your servers?

My servers go to WU/MU...and maybe to Joe's blog for information on 
Defending Security Infrastructure..iin fact they regularly hang out on 
Joe's blog for all the information I need to know on Defending 
Security Infrastructure.. in fact 
http://blog.joeware.net/2006/07/11/445/ that link is the home page so 
that I'm constantly reminded about Defending Security Infrastructur 
..but other than that... they don't have antispyware because they don't 
go anywhere to get spyware and the Enhanced IE is still on there.




Kevin Brunson wrote:


I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites.  This guy has a great list :
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=host
s

Just cut and paste into the hosts file and you are good to go.  I
scripted it for all of the servers I deal with.  But I guess this is
getting pretty far OT: :)
Kevin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 10:41 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)


Peter Johnson wrote:

 

You might want to then create entries in the host file on the backup 
server so that you guarantee that the backup server always uses the 
right network connection.





   



 

*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
Rutherford

*Sent:* 12 July 2006 12:57
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers



No issues, if you...



Go to the TCP/IP settings of the backup network card, click advanced, 
goto the DNS tab and untick register the connection in DNS.




Cheers,



Rob









*Robert Rutherford*
*QuoStar Solutions Limited*


The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH








*T:*



+44 (0) 8456 440 331

*F:*



+44 (0) 8456 440 332

*M:*



+44 (0) 7974 249 494

*E: *



[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

*W: *



www.quostar.com <http://www.quostar.com>
























   



 






**From:** [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green

*Sent:* 12 July 2006 11:43
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] Multihomed Domain Controllers

Hi,

First posting to this list but I've lurked quite a while and I've
   



 


been very impressed by
the quality of replies by the gurus.

My question is regarding the advisability of having multihomed DCs. 
Basically I want

to run backups over a separate GbE and as my servers have dual inbuilt
   



 


NICs this
seems an obvious route to take. I know there are some issues with DNS 
(I have

a DNS integrated AD).

Would this cause replication problems, etc ?

Any other "gotchas" ?



   Many Thanks,

---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098

"I dream of hover cars and old transistor radios ... She dreams of 
flowers in a field of sunny bungalows"




   



 

Confidentiality Note: The information contained in this email and 
document(s) attached are for the exclusive use of the addressee and 
may contain confidential, privileged and non-disclosable information. 
If the recipient of this email is not the addressee, such recipient is
   



 

strictly prohibited from reading, photocopying, distribution or 
otherwise using this email or its contents in any way.


Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
immediately at [EMAIL PROTECTED], if you have received this
   



 


email in error.

Disclaimer: The views, opinions and guidelines contained in this 
confidential e-mail are those of the originating author and may not be
   



 


representative of Sapiens (UK) Ltd.

   



 



 



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Rocky Habeeb

Could someone please tell me 
what all this "Defending Security Infrastructure" stuff is about?  Even 
though joe said "Do not read about "Defending Security Infrastructure"" on his 
blog, I went there and read all about what he wrote about "Defending Security 
Infrastructure" because I literally hang off every word joe writes, and he wrote 
about "Defending Security Infrastructure" and I wanted to know what his thoughts 
were on"Defending Security Infrastructure".  But interestingly enough, joe 
didn't have much to say about "Defending Security Infrastructure" so I queried 
other avenues on "Defending Security Infrastructure" and there sure is a lot on 
the subject of "Defending Security Infrastructure" but I couldn't really distill 
it. So now I'm going to have to keep watching the joedog blog on "Defending 
Security Infrastructure", because if joe talks about "Defending Security 
Infrastructure", then "Defending Security Infrastructure" is probably pretty 
important.

_

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Deji 
  AkomolafeSent: 12 July, 2006 12:29 PMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Multihomed 
  Domain Controllers

  Susan,

  there are still valid reasons for using 
  hosts file even in an enterprise. I believe that we went through this a couple 
  of months ago.

  NB: Not to encourage joe or anything like that. I just need to 
  point out that my statement above may be intepreted to imply that 
  hosts files have a role to play in the whole big "Defending Security 
  Infrastructure" realm; for example, if your "Defending 
  Security Infrastructure" service delivery plans does NOT include a 
  robust "split-brain" DNS infrastructure. Of course, a "Defending Security 
  Infrastructure" plan that does not include that is not worth the name 
  "Defending Security Infrastructure plan" at all and does not belong in 
  the "Defending Security Infrastructure" big black ops book.

  Now I crawl back into my heavily-defended "Defending Security 
  Infrastructure" bunker - or castle - or cave.

  Sincerely,    
  _    
    (, /  |  
  /)   
  /) /)       /---| 
  (/_  __   ___// _   //  _  ) 
  /    |_/(__(_) // 
  (_(_)(/_(_(_/(__(/_(_/ 
  /)  

  (/   Microsoft MVP - Directory 
  Serviceswww.readymaids.com - we know ITwww.akomolafe.com -5.75, 
  -3.23Do you now realize that Today 
  is the Tomorrow you were worried about Yesterday? 
  -anon

  From: Susan Bradley, CPA aka Ebitz - SBS Rocks 
  [MVP]Sent: Wed 7/12/2006 8:40 AMTo: 
  ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Multihomed 
  Domain Controllers
  In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
> --------------------
>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
> 	
>
>  
>
> 	
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
> 	
>
>  
>
> 	
>
> *T:*
>
> 	
>
> +44 (0) 8456 440 331
>
> *F:*
>
> 	
>
> +44 (0) 8456 440 332
>
> *M:*
>
> 	
>
> +44 (0) 7974 249 494
>
> *E: *
>
> 	
>
> [EMAIL PROTECTED] 
>
> *W: *
>
> 	
>
> www.quostar.com 
>
> 	
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> 
>
>  
>
>  
>
> **From:** [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
&

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites.  This guy has a great list :
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=host
s

Just cut and paste into the hosts file and you are good to go.  I
scripted it for all of the servers I deal with.  But I guess this is
getting pretty far OT: :)
Kevin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 10:41 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
>

>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
>   
>
>  
>
>   
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
>   
>
>  
>
>   
>
> *T:*
>
>   
>
> +44 (0) 8456 440 331
>
> *F:*
>
>   
>
> +44 (0) 8456 440 332
>
> *M:*
>
>   
>
> +44 (0) 7974 249 494
>
> *E: *
>
>   
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> *W: *
>
>   
>
> www.quostar.com <http://www.quostar.com>
>
>   
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>

>
>  
>
>  
>
> **From:** [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've

> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt

> NICs this
> seems an obvious route to take. I know there are some issues with DNS 
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
>

> Confidentiality Note: The information contained in this email and 
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information. 
> If the recipient of this email is not the addressee, such recipient is

> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTECTED], if you have received this

> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this 
> confidential e-mail are those of the originating author and may not be

> representative of Sapiens (UK) Ltd.
>

>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Deji Akomolafe




Susan,
 
there are still valid reasons for using hosts file even in an enterprise. I believe that we went through this a couple of months ago.
 


 
NB: Not to encourage joe or anything like that. I just need to point out that my statement above may be intepreted to imply that hosts files have a role to play in the whole big "Defending Security Infrastructure" realm; for example, if your "Defending Security Infrastructure" service delivery plans does NOT include a robust "split-brain" DNS infrastructure. Of course, a "Defending Security Infrastructure" plan that does not include that is not worth the name "Defending Security Infrastructure plan" at all and does not belong in the "Defending Security Infrastructure" big black ops book.
 
Now I crawl back into my heavily-defended "Defending Security Infrastructure" bunker - or castle - or cave.
 
Sincerely,    _      (, /  |  /)   /) /)       /---| (/_  __   ___// _   //  _  ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /)     (/   Microsoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.com -5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon


From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Wed 7/12/2006 8:40 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
> 
>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
> 	
>
>  
>
> 	
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
> 	
>
>  
>
> 	
>
> *T:*
>
> 	
>
> +44 (0) 8456 440 331
>
> *F:*
>
> 	
>
> +44 (0) 8456 440 332
>
> *M:*
>
> 	
>
> +44 (0) 7974 249 494
>
> *E: *
>
> 	
>
> [EMAIL PROTECTED] 
>
> *W: *
>
> 	
>
> www.quostar.com 
>
> 	
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> 
>
>  
>
>  
>
> **From:** [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've 
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt 
> NICs this
> seems an obvious route to take. I know there are some issues with DNS 
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
> 
> Confidentiality Note: The information contained in this email and 
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information. 
> If the recipient of this email is not the addressee, such recipient is 
> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTE

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread joe

But I hope we still have the option of doing so...  I use the hosts file on
a regular basis to redirect the localhost name to the machine's IP instead
of to 127.blah and then stick in route statements so all locally directed
traffic bounces out to a router and back so I can look at the network traces
of the traffic. 

  joe

--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 
Do not read this worthless blog entry on Defending Security Infrastructures
- http://blog.joeware.net/2006/07/11/445/ ---  I'm serious, you will learn
absolutely nothing about Defending Security Infrastructures. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
> 
>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
>   
>
>  
>
>   
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
>   
>
>  
>
>   
>
> *T:*
>
>   
>
> +44 (0) 8456 440 331
>
> *F:*
>
>   
>
> +44 (0) 8456 440 332
>
> *M:*
>
>   
>
> +44 (0) 7974 249 494
>
> *E: *
>
>   
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> *W: *
>
>   
>
> www.quostar.com <http://www.quostar.com>
>
>   
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
> 
>
>  
>
>  
>
> **From:** [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've 
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt 
> NICs this
> seems an obvious route to take. I know there are some issues with DNS 
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
> 
> Confidentiality Note: The information contained in this email and 
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information. 
> If the recipient of this email is not the addressee, such recipient is 
> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTECTED], if you have received this 
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this 
> confidential e-mail are those of the originating author and may not be 
> representative of Sapiens (UK) Ltd.
> 
>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Kurt Falde

So how many DC's do you have? What is your DIT size like to warrant
going through all this trouble? Are there other applications that you
need to backup on the DC's that are requiring full backups of all your
DC's.  With most environments getting the system state from a DC/GC in
each domain should be enough to allow you to do whatever authoritative
restores that you need. Now if you have other apps that you need to do a
large data backups of then this may be required.  Yes you can do
multiple nic's on DC's and quite a few organizations do however it
definitely would not fall under best practices for Domain Controllers.

Kurt Falde
Premier Field Engineer
Northeast Region
Microsoft Corporation

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)

Peter Johnson wrote:

> You might want to then create entries in the host file on the backup 
> server so that you guarantee that the backup server always uses the 
> right network connection.
>
>  
>
>

>
> *From:* [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>  
>
> No issues, if you...
>
>  
>
> Go to the TCP/IP settings of the backup network card, click advanced, 
> goto the DNS tab and untick register the connection in DNS.
>
>  
>
> Cheers,
>
>  
>
> Rob
>
>  
>
>   
>
>  
>
>   
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>  
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>  
>
>   
>
>  
>
>   
>
> *T:*
>
>   
>
> +44 (0) 8456 440 331
>
> *F:*
>
>   
>
> +44 (0) 8456 440 332
>
> *M:*
>
>   
>
> +44 (0) 7974 249 494
>
> *E: *
>
>   
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> *W: *
>
>   
>
> www.quostar.com <http://www.quostar.com>
>
>   
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>  
>
>

>
>  
>
>  
>
> **From:** [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
>  First posting to this list but I've lurked quite a while and I've

> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs. 
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt

> NICs this
> seems an obvious route to take. I know there are some issues with DNS 
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>  
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of 
> flowers in a field of sunny bungalows"
>
>
>

> Confidentiality Note: The information contained in this email and 
> document(s) attached are for the exclusive use of the addressee and 
> may contain confidential, privileged and non-disclosable information. 
> If the recipient of this email is not the addressee, such recipient is

> strictly prohibited from reading, photocopying, distribution or 
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
> immediately at [EMAIL PROTECTED], if you have received this

> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this 
> confidential e-mail are those of the originating author and may not be

> representative of Sapiens (UK) Ltd.
>

>

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] Multihomed Domain Controllers

In the year 2006.. I hope we are still not making host file entries on 
servers and workstations  :-)


Peter Johnson wrote:

You might want to then create entries in the host file on the backup 
server so that you guarantee that the backup server always uses the 
right network connection.


 




*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Robert 
Rutherford

*Sent:* 12 July 2006 12:57
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers

 


No issues, if you...

 

Go to the TCP/IP settings of the backup network card, click advanced, 
goto the DNS tab and untick register the connection in DNS.


 


Cheers,

 


Rob

 




 




*Robert Rutherford*
*QuoStar Solutions Limited*
 


The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
 




 




*T:*



+44 (0) 8456 440 331

*F:*



+44 (0) 8456 440 332

*M:*



+44 (0) 7974 249 494

*E: *



[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

*W: *



www.quostar.com <http://www.quostar.com>



 

 

 

 

 

 

 

 

 

 




 

 

**From:** [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Green

*Sent:* 12 July 2006 11:43
*To:* ActiveDir@mail.activedir.org
*Subject:* [ActiveDir] Multihomed Domain Controllers

Hi,

 First posting to this list but I've lurked quite a while and I've 
been very impressed by

the quality of replies by the gurus.

My question is regarding the advisability of having multihomed DCs. 
Basically I want
to run backups over a separate GbE and as my servers have dual inbuilt 
NICs this
seems an obvious route to take. I know there are some issues with DNS 
(I have

a DNS integrated AD).

Would this cause replication problems, etc ?

Any other "gotchas" ?

 


Many Thanks,

---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098

"I dream of hover cars and old transistor radios ... She dreams of 
flowers in a field of sunny bungalows"




Confidentiality Note: The information contained in this email and 
document(s) attached are for the exclusive use of the addressee and 
may contain confidential, privileged and non-disclosable information. 
If the recipient of this email is not the addressee, such recipient is 
strictly prohibited from reading, photocopying, distribution or 
otherwise using this email or its contents in any way.


Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
immediately at [EMAIL PROTECTED], if you have received this 
email in error.


Disclaimer: The views, opinions and guidelines contained in this 
confidential e-mail are those of the originating author and may not be 
representative of Sapiens (UK) Ltd.





--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Matt Hargraves

I've never seen a problem with doing this stuff before and there are actually some backup solution providers that recommend using a paralell network for backup data to transmit across.That being said, I think the most important thing for you to make sure that you're *not* doing is testing it out on your FSMO roles holder.  Do it with a non-GC domain controller first, then move up to a GC and after all of your DCs are working on the paralell network for backups, I'd probably move FSMO roles over to one of them that is working and move the last GC over (then move back the FSMO roles, if you have some old software that's hardcoded to the 'PDC').
On 7/12/06, Kevin Brunson <[EMAIL PROTECTED]> wrote:



















The one gotcha I have seen (only once
though), was that somehow multihoming a 2000 DC corrupted a couple of registry
keys.  I think KB 888048 appeared a few days after the 8 hour phone call with
MS.  Basically the dc no longer had a DNS name.  Needless to say that caused
problems.  But as long as you know which registry keys to change if it goes
bad, you should be fine.  I have seen a multitude of multihomed domain
controllers since with no issues.

Kevin Brunson

 









From:
[EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Jeff Green
Sent: Wednesday, July 12, 2006
5:43 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Multihomed
Domain Controllers



 

Hi,



First posting to this list but I've lurked quite a while and I've been very
impressed by 
the
quality of replies by the gurus. 

My
question is regarding the advisability of having multihomed DCs. Basically I
want 
to run
backups over a separate GbE and as my servers have dual inbuilt NICs this

seems
an obvious route to take. I know there are some issues with DNS (I have

a DNS
integrated AD). 

Would
this cause replication problems, etc ? 

Any
other "gotchas" ? 

 

   
   
    Many Thanks,


---

Jeff
Green 
Network
Support Manager 
SAPIENS
(UK)
Ltd 
t: +44
(0)1895 464228 f: +44 (0)1895 463098 

"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows" 



Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.

Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at [EMAIL PROTECTED], if you have received this email in
error.

Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.

Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Paul Williams

Title: Multihomed Domain Controllers

Couple of points. Most have probably been
covered, or read by you:

Clearly label the NICs, e.g. LAN00 and
BACKUP00.
Adjust the binding order so that LAN00 is above
BACKUP00.
If you don't require NetBT, disable it on
BACKUP00 (BackupExec will most likely not like you if you disable
this).
Forget about the Advanced TCP/IP DNS option
"Don't register in DNS". There is a hotfix, and it's supposed to be in
SP1, but I'm still seeing A records registered in DNS in my lab when I don't
want them in there, so use the necessary registry key
DisableDynamicUpdate on the NIC BACKUP00.
Only have a gateway on LAN00
Bind the BackupExec agent to BACKUP00
only.
If the backup LAN is routed, define persistent
routes in the routing table.
Brower operations won't affect AD. If you
have bad entries in DNS, that will cause issues so check DNS.
OS Shouldn't matter. I've implemented
multi-homed systems many times in the past, and have been messing around with
NLB and LDAP on DCs (in Unicast mode -requires a second NIC) over the last
couple of days without any issues. DNS is the main issue. There
can be some issues with NetBT/ WINS, but I personally wouldn't use LMHOSTS or
WINS on the BACKUP00 NIC.
That's a few points based on what I'm doing in
the lab. Main thing is to test your configuration. In the last place
I worked we used a dedicated backup LAN. No issues worth noting (in other
words it worked and I don't remember any issues), and that was a mixed NT 4, 2k
and k3 environment.
Dedicated systems management LANs are also a good
idea, e.g. iLO, etc.
--Paul

- Original Message -
From:
Jeff
Green
To: ActiveDir@mail.activedir.org

Sent: Wednesday, July 12, 2006 1:03
PM
Subject: RE: [ActiveDir] Multihomed
Domain Controllers

Hi Guys,
Many thanks to all that have responded
(and so quickly !)
Points / clarifications / additional
Qs
a) DNS multihomed
issues
Yes, found that in the MS KB about not
"registering this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP
settings blank on the second NIC.
b) Browser
Issues
Several things in MS KB about this and
fixes (including hacking a registry if I remember
correctly)

But would Browser issues affect AD
operations - I'm talking about replication issues here ?
c) Currently running
W2K SP4 + rollups on all DCs - but moving to W2K3.
Sorry
should have stated this.
d)
Backup
Using BackupExec, which allows binding of remote agents to specific
NICs
Have I got everything covered - I can't believe this is
an unusual configuration ?

Many Thanks

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff
GreenSent: 12 July 2006 11:43To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Multihomed Domain
Controllers

Hi,
First posting to this list
but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having
multihomed DCs. Basically I want to run
backups over a separate GbE and as my servers have dual inbuilt NICs
this seems an obvious route to take. I know
there are some issues with DNS (I have a
DNS integrated AD).
Would this cause replication problems, etc ?

Any other "gotchas" ?
Many
Thanks,
--- Jeff
Green Network Support Manager
SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios
... She dreams of flowers in a field of sunny bungalows"
Confidentiality
Note: The information contained in this email and document(s) attached are for
the exclusive use of the addressee and may contain confidential, privileged
and non-disclosable information. If the recipient of this email is not the
addressee, such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at [EMAIL PROTECTED], if you have received this
email in error.Disclaimer: The views, opinions and guidelines
contained

Re: [ActiveDir] Multihomed Domain Controllers

Did you hear me giggle? Are you watching me?
 
Like I mentioned, keeping any solution as simple as possible will pay dividends later.  If the solution requires two networks and a dual-homed DC, I have not qualms about doing that and I understand the amount of complexity that entails.  I also accept that complexity by default if I have to go down that road. 

 
Satellite links?  Permanent ones? Or mobile? ;-) 
On 7/12/06, Robert Rutherford <[EMAIL PROTECTED]> wrote:



I guess that is very true... on reflection I was using the separate connection situation on satellite sites, where the DC did have backup exec loaded.. I hear you *gasp*

 
Cheers

 







 

Robert Rutherford
QuoStar Solutions Limited 


The Enterprise PavilionFern BarrowWallisdownPooleDorsetBH12 5HH
 
 




T:
+44 (0) 8456 440 331

F:
+44 (0) 8456 440 332

M:
+44 (0) 7974 249 494

E: 

[EMAIL PROTECTED]

W: 
www.quostar.com

 
 
 
 
 
 
 
 




From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Al MulnickSent:
 12 July 2006 14:36
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Multihomed Domain Controllers
 


Personally, I've never used that configuration for a DC.  Since being bit in the nt4.0 days (before that really, but hate to show the age :) I've had architectural reasons to not do that.  Since AD is made up of a multi-master fabric, I have had no reason at all to require an isolated network dedicated to backups.  I get the feeling in your case it's just a nice to have vs. a requirement since you have the hardware and figure why not put it to use.  You'd be a rare exception if the size of the dit is large enough to require such a configuration.  Saying that, is it possible? Most likley.  Will it be difficult when/if you call for support for some other issue to explain to the engineer that you have a mutli-homed DC? Most likely.  Does it break the "keep it as simple as possible while meeting the requirements?" rule? Most likley.  

 
When you test this, as the others have mentioned, be sure to test the recoverability and the gotchas that come along with bringing up a recovered DC on a multi-homed machine.  You'll want to have that documented and thouroughly tested so as not to have to deal with that when under pressure.  You may also want to consider an alternative backup method that doesn't require a dedicated network to the DC's.  

 
Just some random thoughts and my $.04 (USD) worth. 
 
Al 
On 7/12/06, Jeff Green <[EMAIL PROTECTED]
> wrote: 



Hi Guys,
 
 
    Many thanks to all that have responded (and so quickly !)
 
Points / clarifications / additional Qs
 
    a)    DNS multihomed issues
 
    Yes, found that in the MS KB about not "registering this connection in DNS" on the second NIC.
 
    Also leave the gateway / DNS TCP/IP settings blank on the second NIC.
 
    b)    Browser Issues
 
    Several things in MS KB about this and fixes (including hacking a registry if I remember correctly)
    
    But would Browser issues affect AD operations - I'm talking about replication issues here ?
 
    c)    Currently running W2K SP4 + rollups on all DCs - but moving to W2K3.
 
   Sorry should have stated this.
 
 
    d)    Backup
 
   Using BackupExec, which allows binding of remote agents to specific NICs
 
 
Have I got everything covered - I can't believe this is an unusual configuration ?
 
 
    
    Many Thanks
    
   



From: [EMAIL PROTECTED] [mailto:
 [EMAIL PROTECTED]] On Behalf Of Jeff GreenSent: 12 July 2006 11:43
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Multihomed Domain Controllers
 


Hi, 
 First posting to this list but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus. 
My question is regarding the advisability of having multihomed DCs. Basically I want to run backups over a separate GbE and as my servers have dual inbuilt NICs this 
seems an obvious route to take. I know there are some issues with DNS (I have a DNS integrated AD). 
Would this cause replication problems, etc ? 
Any other "gotchas" ? 
            Many Thanks, 
--- Jeff Green Network Support Manager SAPIENS (UK) Ltd 
t: +44 (0)1895 464228 f: +44 (0)1895 463098 
"I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows"  
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any

RE: [ActiveDir] Multihomed Domain Controllers

Title: Multihomed Domain Controllers








The one gotcha I have seen (only once
though), was that somehow multihoming a 2000 DC corrupted a couple of registry
keys.  I think KB 888048 appeared a few days after the 8 hour phone call with
MS.  Basically the dc no longer had a DNS name.  Needless to say that caused
problems.  But as long as you know which registry keys to change if it goes
bad, you should be fine.  I have seen a multitude of multihomed domain
controllers since with no issues.

Kevin Brunson

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Green
Sent: Wednesday, July 12, 2006
5:43 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Multihomed
Domain Controllers



 

Hi,



First posting to this list but I've lurked quite a while and I've been very
impressed by 
the
quality of replies by the gurus. 

My
question is regarding the advisability of having multihomed DCs. Basically I
want 
to run
backups over a separate GbE and as my servers have dual inbuilt NICs this

seems
an obvious route to take. I know there are some issues with DNS (I have

a DNS
integrated AD). 

Would
this cause replication problems, etc ? 

Any
other "gotchas" ? 

 

   
   
    Many Thanks,


---

Jeff
Green 
Network
Support Manager 
SAPIENS
(UK)
Ltd 
t: +44
(0)1895 464228 f: +44 (0)1895 463098 

"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows" 



Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.

Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at [EMAIL PROTECTED], if you have received this email in
error.

Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.

Re: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Susan Bradley

Depends on your support engineers... mullihomed DCs are quite typical to the SBS CSS engineer :-) The KB in the 2000 era that we had tattooed to our foreheads due to our two nic DCs was this one http://support.microsoft.com/default.aspx?scid=kb;en-us;292822Al Mulnick <[EMAIL PROTECTED]> wrote:Personally, I've never used that configuration for a DC. Since being bit in the nt4.0 days (before that really, but hate to show the age :) I've had architectural reasons to not do that. Since AD is made up of a multi-master fabric, I have had no reason at all to require an isolated network dedicated to backups. I get the feeling in your case it's just a nice to have vs. a requirement since
you have the hardware and figure why not put it to use. You'd be a rare exception if the size of the dit is large enough to require such a configuration. Saying that, is it possible? Most likley. Will it be difficult when/if you call for support for some other issue to explain to the engineer that you have a mutli-homed DC? Most likely. Does it break the "keep it as simple as possible while meeting the requirements?" rule? Most likley. When you test this, as the others have mentioned, be sure to test the recoverability and the gotchas that come along with bringing up a recovered DC on a multi-homed machine. You'll want to have that documented and thouroughly tested so as not to have to deal with that when under pressure. You may also want to consider an alternative backup method that doesn't require a dedicated network to the DC's. Just some random thoughts and
my $.04 (USD) worth. Al On 7/12/06, Jeff Green <[EMAIL PROTECTED]> wrote: Hi Guys, Many thanks to all that have responded (and so quickly !) Points / clarifications / additional Qs a) DNS multihomed issues Yes, found that in the MS KB about not "registering this connection in DNS" on the second NIC. Also leave the gateway / DNS TCP/IP settings blank on the second NIC. b) Browser Issues Several things in MS KB about this and fixes (including hacking a registry if I remember correctly) But would Browser issues affect AD operations - I'm talking about
replication issues here ? c) Currently running W2K SP4 + rollups on all DCs - but moving to W2K3. Sorry should have stated this. d) Backup Using BackupExec, which allows binding of remote agents to specific NICs Have I got everything covered - I can't believe this is an unusual configuration ? Many Thanks From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Jeff GreenSent: 12 July 2006 11:43 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Multihomed Domain Controllers Hi, First posting to this list but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus. My question is regarding the advisability of having multihomed DCs. Basically I want to run backups over a separate GbE and as my servers have dual
inbuilt NICs this seems an obvious route to take. I know there are some issues with DNS (I have a DNS integrated AD). Would this cause replication problems, etc ? Any other "gotchas" ? Many Thanks, --- Jeff Green Network Support Manager SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098 "I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows"
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way. Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at [EMAIL PROTECTED] , if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any

RE: [ActiveDir] Multihomed Domain Controllers

2006-07-12 Thread Robert Rutherford




I guess that is very true... on reflection I was using the 
separate connection situation on satellite sites, where the DC did have backup 
exec loaded.. I hear you *gasp*
 
Cheers
 




  
  

 

  Robert 
  RutherfordQuoStar 
  Solutions Limited 
  

  The 
  Enterprise PavilionFern 
  BarrowWallisdownPooleDorsetBH12 5HH 
 

  


  T:
  +44 
(0) 8456 
440 331

  F:
  +44 
(0) 8456 440 332

  M:
  +44 
(0) 7974 
249 494

  E: 

  [EMAIL PROTECTED]

  W: 

  www.quostar.com
 
 
 
 
 
 
 
 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: 12 July 2006 14:36To: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Multihomed 
Domain Controllers

Personally, I've never used that configuration for a DC.  Since being 
bit in the nt4.0 days (before that really, but hate to show the age :) I've had 
architectural reasons to not do that.  Since AD is made up of a 
multi-master fabric, I have had no reason at all to require an isolated network 
dedicated to backups.  I get the feeling in your case it's just a nice to 
have vs. a requirement since you have the hardware and figure why not put it to 
use.  You'd be a rare exception if the size of the dit is large enough to 
require such a configuration.  Saying that, is it possible? Most 
likley.  Will it be difficult when/if you call for support for some other 
issue to explain to the engineer that you have a mutli-homed DC? Most 
likely.  Does it break the "keep it as simple as possible while meeting the 
requirements?" rule? Most likley.  
 
When you test this, as the others have mentioned, be sure to test the 
recoverability and the gotchas that come along with bringing up a recovered DC 
on a multi-homed machine.  You'll want to have that documented and 
thouroughly tested so as not to have to deal with that when under 
pressure.  You may also want to consider an alternative backup method that 
doesn't require a dedicated network to the DC's.  
 
Just some random thoughts and my $.04 (USD) worth. 
 
Al 
On 7/12/06, Jeff 
Green <[EMAIL PROTECTED]> 
wrote: 

  
  
  Hi 
  Guys,
   
   
      
  Many thanks to all that have responded 
  (and so quickly !)
   
  Points / 
  clarifications / additional Qs
   
      a)    DNS multihomed 
  issues
   
      
  Yes, found that in the MS KB about not 
  "registering this connection in DNS" on the second NIC.
   
      
  Also leave the gateway / DNS TCP/IP 
  settings blank on the second NIC.
   
      b)    Browser Issues
   
      
  Several things in MS KB about this and 
  fixes (including hacking a registry if I remember 
  correctly)
      
  
      
  But would Browser issues affect AD 
  operations - I'm talking about replication issues here ?
   
      c)    Currently running W2K SP4 + rollups 
  on all DCs - but moving to W2K3.
   
     Sorry 
  should have stated this.
   
   
      d)    Backup
   
     Using 
  BackupExec, which allows binding of remote agents to specific 
  NICs
   
   
  Have I got 
  everything covered - I can't believe this is an unusual configuration 
  ?
   
   
      
  
      
  Many Thanks
      
  
     
  
  
  
  From: [EMAIL PROTECTED] [mailto: 
  [EMAIL PROTECTED]] On Behalf Of Jeff 
  GreenSent: 12 July 2006 11:43
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] Multihomed Domain 
  Controllers
   
  
  
  Hi, 
   First posting to this list 
  but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus. 
  My question is regarding the advisability of having 
  multihomed DCs. Basically I want to run 
  backups over a separate GbE and as my servers have dual inbuilt NICs this 
  seems an obvious route to take. I know 
  there are some issues with DNS (I have a 
  DNS integrated AD). 
  Would this cause replication problems, etc ? 
  
  Any other "gotchas" ? 
      
      
      Many 
  Thanks, 
  --- Jeff 
  Green Network Support Manager 
  SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098 
  "I dream of hover cars and old transistor radios 
  ... She dreams of flowers in a field of sunny bungalows" 
   
  Confidentiality Note: The information contained in this email and 
  document(s) attached are for the exclusive use of the addressee and may 
  contain confidential, privileged and non-disclosable information. If the 
  recipient of this email is not the addressee, such recipient is strictly 
  prohibited

Re: [ActiveDir] Multihomed Domain Controllers