RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Joes blog quotes Heinlein… it’s gotta be a good site for it J Ken Jensen Capistrano Unified School District San Juan Capistrano, California I tell ya, if that did it for me, I'd be the happiest man on earth... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, October 10, 2005 9:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? I don't have a problem with it. Take a peek at it first before you for sure tell me you want me to put it up there. I have stuff up there that can incite people and you would sort of become associated with it. We can do the same thing where we have it sent to you directly again. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, October 10, 2005 11:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Interesting idea... what say you joe? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Monday, October 10, 2005 7:14 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Start a blog? :) Since that takes some time to get traffic, perhaps joe would be willing to post your survey on his blog? I imagine he gets some good traffic to his blog. Phil On 10/10/05, Gil Kirkpatrick <[EMAIL PROTECTED]> wrote: We usually do a big "State of the AD World" survey at DEC, and certainly will again in Vegas (assuming there are some people left in the room who haven't already headed out to the casino. :) I needed some answers sooner than later for a whitepaper I was working on. -gil From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Creamer, Mark Sent: Monday, October 10, 2005 1:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. This communication and any documents, files, or previous e-mail messages attached to it constitute an electronic communication within the scope of the Electronic Communication Privacy Act, 18 USCA 2510. This communication may contain non-public, confidential, or legally privileged information intended for the sole use of the designated recipient(s). The unlawful interception, use or disclosure of such information is strictly prohibited under 18 USCA 2511 and any applicable laws.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
I don't have a problem with it. Take a peek at it first before you for sure tell me you want me to put it up there. I have stuff up there that can incite people and you would sort of become associated with it. We can do the same thing where we have it sent to you directly again. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Monday, October 10, 2005 11:55 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Interesting idea... what say you joe? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Monday, October 10, 2005 7:14 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Start a blog? :) Since that takes some time to get traffic, perhaps joe would be willing to post your survey on his blog? I imagine he gets some good traffic to his blog. Phil On 10/10/05, Gil Kirkpatrick <[EMAIL PROTECTED]> wrote: We usually do a big "State of the AD World" survey at DEC, and certainly will again in Vegas (assuming there are some people left in the room who haven't already headed out to the casino. :) I needed some answers sooner than later for a whitepaper I was working on. -gil From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Creamer, MarkSent: Monday, October 10, 2005 1:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Interesting idea... what say you joe? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil RenoufSent: Monday, October 10, 2005 7:14 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Start a blog? :) Since that takes some time to get traffic, perhaps joe would be willing to post your survey on his blog? I imagine he gets some good traffic to his blog. Phil On 10/10/05, Gil Kirkpatrick <[EMAIL PROTECTED]> wrote: We usually do a big "State of the AD World" survey at DEC, and certainly will again in Vegas (assuming there are some people left in the room who haven't already headed out to the casino. :) I needed some answers sooner than later for a whitepaper I was working on. -gil From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Creamer, MarkSent: Monday, October 10, 2005 1:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
Re: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Start a blog? :) Since that takes some time to get traffic, perhaps joe would be willing to post your survey on his blog? I imagine he gets some good traffic to his blog. Phil On 10/10/05, Gil Kirkpatrick <[EMAIL PROTECTED]> wrote: We usually do a big "State of the AD World" survey at DEC, and certainly will again in Vegas (assuming there are some people left in the room who haven't already headed out to the casino. :) I needed some answers sooner than later for a whitepaper I was working on. -gil From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Creamer, MarkSent: Monday, October 10, 2005 1:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? We usually do a big "State of the AD World" survey at DEC, and certainly will again in Vegas (assuming there are some people left in the room who haven't already headed out to the casino. :) I needed some answers sooner than later for a whitepaper I was working on. -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Monday, October 10, 2005 1:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? You want something done right, do it yourself :) -g From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, October 10, 2005 1:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Maybe I shouldn’t be pushing so hard to take over DNS operations for clients and servers. ;-) Actually, we manage the SRV records only, and while they are a bit tricky, but once it’s working it just works. But trying to explain what’s going on to a Windows admin who doesn’t have an AD background is almost a bigger challenge. Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Monday, October 10, 2005 12:06 PMTo: ActiveDir@mail.activedir.orgCc: Christine McDermottSubject: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Wednesday, October 05, 2005 4:32 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfigur
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? Hmm DNS you say... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Monday, October 10, 2005 2:06 PMTo: ActiveDir@mail.activedir.orgCc: Christine McDermottSubject: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil KirkpatrickSent: Wednesday, October 05, 2005 4:32 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) C. Inadvertant misconfiguration of MSFT DNS. D. Inadvertant misconfiguration of non-MSFT DNS. E. Inadvertant misconfiguration of networking devices F. Hardware failure of a DC G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) H. Physical disaster (fire, flood, power failure, etc) I. Malicious attack by a service admin J. Malicious attack by a data admin K. Malicious attack by an authenticated user L. Malicious attack by an unauthenticated user M. Other (please specify) Thanks for your feedback. -gil Gil Kirkpatrick CTO, NetPro Don''t miss the Directory Experts Conference 2006. More information at www.dec2006.com.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? Maybe I shouldn’t be pushing so hard to take over DNS operations for clients and servers. ;-) Actually, we manage the SRV records only, and while they are a bit tricky, but once it’s working it just works. But trying to explain what’s going on to a Windows admin who doesn’t have an AD background is almost a bigger challenge. Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Monday, October 10, 2005 12:06 PM To: ActiveDir@mail.activedir.org Cc: Christine McDermott Subject: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, October 05, 2005 4:32 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) C. Inadvertant misconfiguration of MSFT DNS. D. Inadvertant misconfiguration of non-MSFT DNS. E. Inadvertant misconfiguration of networking devices F. Hardware failure of a DC G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) H. Physical disaster (fire,
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? Hmmm... maybe I could pull off a DEC pass. "All expenses paid" is probably a bit much. People run up a lot of "expenses" in Vegas! -g From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ParrisSent: Monday, October 10, 2005 12:23 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) How about an all expenses paid trip to DEC in Vegas, entry to the NDA lunch and of course the obligatory book – Active Directory Programming, ISBN: 0672315874? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil KirkpatrickSent: 10 October 2005 19:06To: ActiveDir@mail.activedir.orgCc: Christine McDermottSubject: [Norton AntiSpam] [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil KirkpatrickSent: Wednesday, October 05, 2005 4:32 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) C. Inadvertant misconfiguration of MSFT DNS. D. Inadvertant misconfiguration of non-MSFT DNS. E. Inadvertant misconfiguration of
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? Why not just ask the people at DEC - a captive audience of some of the most knowledgeable AD people anywhere. Or were you hoping for answers prior to then? This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? you forgot to mention the amount USD in casino chips you would like to find in your complimentary hotel room upon arrival ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Monday, October 10, 2005 2:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) How about an all expenses paid trip to DEC in Vegas, entry to the NDA lunch and of course the obligatory book – Active Directory Programming, ISBN: 0672315874? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil Kirkpatrick Sent: 10 October 2005 19:06 To: ActiveDir@mail.activedir.org Cc: Christine McDermott Subject: [Norton AntiSpam] [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil Kirkpatrick Sent: Wednesday, October 05, 2005 4:32 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) C. Inadvertant misconfiguration of MSFT DNS. D. Inadvertant misconfiguration of non-MSFT DNS. E. Inadvertant misconfiguration of networking devices F. Ha
RE: [ActiveDir] Results of survey - Most common cause of Active Directory "failures"?
Title: Most common cause of Active Directory "failures"? Suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) How about an all expenses paid trip to DEC in Vegas, entry to the NDA lunch and of course the obligatory book – Active Directory Programming, ISBN: 0672315874? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil Kirkpatrick Sent: 10 October 2005 19:06 To: ActiveDir@mail.activedir.org Cc: Christine McDermott Subject: [Norton AntiSpam] [ActiveDir] Results of survey - Most common cause of Active Directory "failures"? Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change. (45 pts) C. Inadvertant misconfiguration of MSFT DNS. (30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) (28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) (22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) (15 pts) H. Physical disaster (fire, flood, power failure, etc) (14 pts) F. Hardware failure of a DC (12 pts) E. Inadvertant misconfiguration of networking devices (4 pts) J. Malicious attack by a data admin (2 pts) K. Malicious attack by an authenticated user I ignored anything that was ranked lower than 5th... Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS? A little surprising is that the there were two votes for malicious attacks by an internal source. Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...) Incomplete load of an IPSec filter list Impact of a 3rd party agent or application on a DC e.g. Antivirus software Issues with FW config that hindered replication over tombstone livetime (may belong to E) Corrupt AD DC database / required metadata cleanup and repromotion of DC Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards. Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :) The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP. I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :) -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gil Kirkpatrick Sent: Wednesday, October 05, 2005 4:32 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Most common cause of Active Directory "failures"? Greetings fellow travellers, Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days. Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are. Just send me a response like B, A, F or some such, along with any commentary you might have. A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change) C. Inadvertant misconfiguration of MSFT DNS. D. Inadvertant misconfiguration of non-MSFT DNS. E. Inadvertant misconfiguration of networking devices F. Hardware failure of a DC G. Hardware failure of a networking device (including DNS servers, if they are not also DCs) H. Physical disaster (fire, flood, power failure, etc) I. Malicious attack by a service admin J. Malicious attack by a data admin K. Malicious attack by an authenticated user L. Malicious attack by an unauthenticated user M. Other (please specify) Thanks for your feedback. -gil Gil Kirkpatrick CTO, NetPro Don''t miss the Directory Experts Conference 2
