RE: Question on Upgrade process

2009-09-24 Thread Free, Bob 
Are they the same people who are Enterprise Admins? IOW, are those your
most trusted admins who have access to everything in AD one way or
another? Since it is well known that the forest is the security
boundary, all DAs of any of the domains need to be fully trusted
throughout the forest.

 

 We have a couple of empty root forests and since the 3 of us that are
Domain Admins in the child domains containing all the assets are also
the uber-AD admins everywhere  it doesn't really make much difference to
me if I am administering the root with an account in the root or one in
the child in MOST cases. There are exceptions but they are rare. Will it
break anything if you remove it? I doubt it unless perhaps you have
service accounts involved and some odd configuration but it is
impossible to say definitively not knowing your environment. . 

 

I don't feel that way about trusts and I administer our trusted domains
differently but with an empty root, single child  with implicit trusts
both ways where all admins involved are equal, I don't think it is that
big of a deal. Depends on why you set up the empty root in the first
place and what perceived separation there is in your organization
between the root and the child. 

 

My 2 penneth, I'd be curious what Brian thinks since he works with some
very large customers.

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, September 24, 2009 5:12 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Just got one followup question, 

 

In a 2 Domain setup  ( Empty root) and then a child domain, is there a
legitimate reason that the Domain Admins of the child domain is in the
root domains administrators group? I don't see the reason it should be
and was going to remove it, accordingly, but wanted to check to see if
it would break anything first. 

 

EZ

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, September 16, 2009 9:06 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-24 Thread Ziots, Edward 
Just got one followup question, 

 

In a 2 Domain setup  ( Empty root) and then a child domain, is there a
legitimate reason that the Domain Admins of the child domain is in the
root domains administrators group? I don't see the reason it should be
and was going to remove it, accordingly, but wanted to check to see if
it would break anything first. 

 

EZ

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, September 16, 2009 9:06 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-16 Thread Ziots, Edward 
Thanks ME2...

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, September 16, 2009 10:39 AM
To: NT System Admin Issues
Subject: Re: Question on Upgrade process

 

He's referring to his own DC's.  He's the OP, and is referring to
himself.

--
ME2



On Wed, Sep 16, 2009 at 10:21 AM, Chyka, Robert 
wrote:

Not necessarily.  You have to manually make a DC a GC.

 

Bob C.

 



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, September 16, 2009 9:06 AM


To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Question on Upgrade process

2009-09-16 Thread Micheal Espinola Jr 
He's referring to his own DC's.  He's the OP, and is referring to himself.

--
ME2


On Wed, Sep 16, 2009 at 10:21 AM, Chyka, Robert  wrote:

>  Not necessarily.  You have to manually make a DC a GC.
>
>
>
> Bob C.
>
>
>  --
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Wednesday, September 16, 2009 9:06 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Upgrade process
>
>
>
> DC’s are GC’s…
>
>
>
> So there are plenty of those.
>
>
>
> Z
>
>
>
> Edward Ziots
>
> Network Engineer
>
> Lifespan Organization
>
> MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
>
> ezi...@lifespan.org
>
> Phone:401-639-3505
>   --
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Wednesday, September 16, 2009 5:25 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Upgrade process
>
>
>
> I think that’s a decent plan. If you run into issues, DCpromo the problem
> DC out of the environment, fix SP issues, and re-promote. I assume you have
> a couple of GCs per domain.
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, 15 September 2009 10:03 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Upgrade process
>
>
>
> Thanks Brian there isn’t 100’s of DCs in this upgrade only like 8 total,
> and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child domain.
>
>
>
> Basically just use the GUI or NTDSUTIL to transfer the roles, do a netdom
> query fsmo to check to make sure it moved, and do the SP as usual.
>
>
>
> Z
>
>
>
>
>
> Edward Ziots
>
> Network Engineer
>
> Lifespan Organization
>
> MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
>
> ezi...@lifespan.org
>
> Phone:401-639-3505
>   --
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Tuesday, September 15, 2009 7:42 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Question on Upgrade process
>
>
>
> *I don’t typically do all that stuff as I’m often doing hundreds of DCs.
> What I will do is move FSMO roles to an alternate before bouncing the role
> owners.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, September 15, 2009 6:31 AM
> *To:* NT System Admin Issues
> *Subject:* Question on Upgrade process
>
>
>
> Just like to quickly bounce this off the list.
>
>
>
> I have a task to upgrade a set of Domain Controllers from Windows 2003 SP1,
> to Windows 2003 SP2 accordingly.
>
>
>
> Do most of you do the DC’s without the FSMO roles, first, and then do
> dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
> accordingly? Do you usually move your FSMO Roles before you upgrade the
> machines accordingly?
>
>
>
> I haven’t seen any issues in the 100+ upgrades that have been done already
> but given these are the DC’s just a little leery about replication issues,
> failure of a role-server etc etc afterwards.
>
>
>
> Has anyone seen or experienced anything negative in there travels through
> the SP upgrade route?
>
>
>
> Z
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-16 Thread Ziots, Edward 
In this network they are, was done when it was set up. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Chyka, Robert [mailto:bch...@medaille.edu] 
Sent: Wednesday, September 16, 2009 10:22 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Not necessarily.  You have to manually make a DC a GC.

 

Bob C.

 



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, September 16, 2009 9:06 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-16 Thread Chyka, Robert 
Not necessarily.  You have to manually make a DC a GC.

 

Bob C.

 



From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, September 16, 2009 9:06 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-16 Thread Ziots, Edward 
DC's are GC's... 

 

So there are plenty of those. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 16, 2009 5:25 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I think that's a decent plan. If you run into issues, DCpromo the
problem DC out of the environment, fix SP issues, and re-promote. I
assume you have a couple of GCs per domain.

 

Cheers

Ken

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-16 Thread Ken Schaefer 
I think that's a decent plan. If you run into issues, DCpromo the problem DC 
out of the environment, fix SP issues, and re-promote. I assume you have a 
couple of GCs per domain.

Cheers
Ken

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, 15 September 2009 10:03 PM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total, and 
only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child domain.

Basically just use the GUI or NTDSUTIL to transfer the roles, do a netdom query 
fsmo to check to make sure it moved, and do the SP as usual.

Z


Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Phone:401-639-3505

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

I don't typically do all that stuff as I'm often doing hundreds of DCs. What I 
will do is move FSMO roles to an alternate before bouncing the role owners.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

Just like to quickly bounce this off the list.

I have a task to upgrade a set of Domain Controllers from Windows 2003 SP1, to 
Windows 2003 SP2 accordingly.

Do most of you do the DC's without the FSMO roles, first, and then do dcdiag, 
netdiag, and repadmin  then do the servers with the FSMO roles accordingly? Do 
you usually move your FSMO Roles before you upgrade the machines accordingly?

I haven't seen any issues in the 100+ upgrades that have been done already but 
given these are the DC's just a little leery about replication issues, failure 
of a role-server etc etc afterwards.

Has anyone seen or experienced anything negative in there travels through the 
SP upgrade route?

Z









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Question on Upgrade process

2009-09-15 Thread Micheal Espinola Jr 
Same/similar

--
ME2


On Tue, Sep 15, 2009 at 8:53 AM, David Lum  wrote:

>  SP1 to SP2? I never did anything except do the non-FSMO ones first, then
> as long as the event logs look clear and replication works then I do the
> other DC. Five disparate domains, ten DC’s, no issues ever. From SP0 – SP1,
> SP1 – SP2, etc.
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, September 15, 2009 4:31 AM
> *To:* NT System Admin Issues
> *Subject:* Question on Upgrade process
>
>
>
> Just like to quickly bounce this off the list.
>
>
>
> I have a task to upgrade a set of Domain Controllers from Windows 2003 SP1,
> to Windows 2003 SP2 accordingly.
>
>
>
> Do most of you do the DC’s without the FSMO roles, first, and then do
> dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
> accordingly? Do you usually move your FSMO Roles before you upgrade the
> machines accordingly?
>
>
>
> I haven’t seen any issues in the 100+ upgrades that have been done already
> but given these are the DC’s just a little leery about replication issues,
> failure of a role-server etc etc afterwards.
>
>
>
> Has anyone seen or experienced anything negative in there travels through
> the SP upgrade route?
>
>
>
> Z
>
>
>
> Edward Ziots
>
> Network Engineer
>
> Lifespan Organization
>
> MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
>
> ezi...@lifespan.org
>
> Phone:401-639-3505
>  --
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Question on Upgrade process

2009-09-15 Thread David Lum 
SP1 to SP2? I never did anything except do the non-FSMO ones first, then as 
long as the event logs look clear and replication works then I do the other DC. 
Five disparate domains, ten DC's, no issues ever. From SP0 - SP1, SP1 - SP2, 
etc.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, September 15, 2009 4:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

Just like to quickly bounce this off the list.

I have a task to upgrade a set of Domain Controllers from Windows 2003 SP1, to 
Windows 2003 SP2 accordingly.

Do most of you do the DC's without the FSMO roles, first, and then do dcdiag, 
netdiag, and repadmin  then do the servers with the FSMO roles accordingly? Do 
you usually move your FSMO Roles before you upgrade the machines accordingly?

I haven't seen any issues in the 100+ upgrades that have been done already but 
given these are the DC's just a little leery about replication issues, failure 
of a role-server etc etc afterwards.

Has anyone seen or experienced anything negative in there travels through the 
SP upgrade route?

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Question on Upgrade process

2009-09-15 Thread Ziots, Edward 
Thanks Brian there isn't 100's of DCs in this upgrade only like 8 total,
and only 3-4 hold the FSMO roles, (1 in the root) and 2 in the child
domain.

 

Basically just use the GUI or NTDSUTIL to transfer the roles, do a
netdom query fsmo to check to make sure it moved, and do the SP as
usual. 

 

Z

 

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Tuesday, September 15, 2009 7:42 AM
To: NT System Admin Issues
Subject: RE: Question on Upgrade process

 

I don't typically do all that stuff as I'm often doing hundreds of DCs.
What I will do is move FSMO roles to an alternate before bouncing the
role owners.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

 

Just like to quickly bounce this off the list. 

 

I have a task to upgrade a set of Domain Controllers from Windows 2003
SP1, to Windows 2003 SP2 accordingly. 

 

Do most of you do the DC's without the FSMO roles, first, and then do
dcdiag, netdiag, and repadmin  then do the servers with the FSMO roles
accordingly? Do you usually move your FSMO Roles before you upgrade the
machines accordingly? 

 

I haven't seen any issues in the 100+ upgrades that have been done
already but given these are the DC's just a little leery about
replication issues, failure of a role-server etc etc afterwards. 

 

Has anyone seen or experienced anything negative in there travels
through the SP upgrade route? 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Question on Upgrade process

2009-09-15 Thread Brian Desmond 
I don't typically do all that stuff as I'm often doing hundreds of DCs. What I 
will do is move FSMO roles to an alternate before bouncing the role owners.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, September 15, 2009 6:31 AM
To: NT System Admin Issues
Subject: Question on Upgrade process

Just like to quickly bounce this off the list.

I have a task to upgrade a set of Domain Controllers from Windows 2003 SP1, to 
Windows 2003 SP2 accordingly.

Do most of you do the DC's without the FSMO roles, first, and then do dcdiag, 
netdiag, and repadmin  then do the servers with the FSMO roles accordingly? Do 
you usually move your FSMO Roles before you upgrade the machines accordingly?

I haven't seen any issues in the 100+ upgrades that have been done already but 
given these are the DC's just a little leery about replication issues, failure 
of a role-server etc etc afterwards.

Has anyone seen or experienced anything negative in there travels through the 
SP upgrade route?

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~