Title: Message
Dear
Montano,
The
local computers must and shud always point to the DNS server of their
site.
Like
in SITE 2, lOCAL DNS shuld be DC3.
Pointing to tha main Dc is not
recommended.
Cheers,
Mohammed AThif Khaleel
-Original Message-From: Montano, Greg
Title: Message
I
completely agree, pretty much across the board.
Part
of Novell's original demise, IMO, was that the were not a single source solution
- you went to them for the servers and someone else for the 50-100x more
clients. Their recent moves lead me to believe that they might
Title: Message
That's not entirely true. Where they point, in the grand scheme of
things, is more or less irrelevant.
However, pointing them locally has some advantages. The only real
advantages from pointing locally are that replication delays (for AD integrated
DNS) aren't as much of a
Title: Message
Pointing
to tha main Dc is not recommended Can you explain
why?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004
1:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] multiple
sites DNS question
Everyone
I have added a w2k3 DC into our network and am gradually
giving it more responsibility, so far so good.
The next thing I want to do is make it our DHCP server
(currently being held by win2k server that is going to be formatted and made
into w2k3).
I have created an identical
Title: Message
Hi, this is a
(hopefully) quick question that I have not had much luck researching.
We're running
Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode.
We have a business
need to go to Native mode very soon, maybe even today.
We have no more NT4
DC's, although
Title: DNS Name Question
Hello!
Pardon me for a basic question, but an important question I need to
understand...
We are finally in the beginning phase of moving to AD from NT 4.0 environment
and in the process of picking DNS name for our company. Our environment is
pretty simple
Dont forget to change the IP helper
address.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerry Johnson
Sent: Tuesday, February 10, 2004
7:52 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Changing DHCP
Servers
Everyone
I have added a w2k3 DC into our
Oh! Authorize the DHCP Sever in AD
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jerry Johnson
Sent: Tuesday, February 10, 2004
7:52 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Changing DHCP
Servers
Everyone
I have added a w2k3 DC into our network and
Title: Message
http://support.microsoft.com/default.aspx?scid=kb;en-us;296250
There's a link that explains it. It talks about SBS Server 2000, but it
applies to any 2000/2003 DNS implementation.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
Title: Message
Should be alright!
Just curious, did you migrate the users
without SID History? The minimum requirement for the SID History migration is windows
2000 native domain.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jb Leney
Sent: Tuesday, February
There's a utility in the Win2k Resource kit called
DHCPEXIM. You can also get it here http://tinyurl.com/36j2m. I know it
works for Win2k, not sure about Win2k3 though.
Mike Celone
Systems Specialist
Radio Frequency
Systems
v 203-630-3311 x1031
f 203-634-2027
m 203-537-2406
From:
Title: RE: [ActiveDir] Computer Migration Issues with ADMT - FIXED :- )
I haven't moved anymore machines in the lab yet. I'll be migrating about 25 machines or so Wed night and I can let you know how it goes then.
Mike Celone
Systems Specialist
Radio Frequency Systems
v 203-630-3311 x1031
Title: Message
I
guess when u have NT 4 Domain, you must be in native mode.
-Original Message-From: Jb Leney
[mailto:[EMAIL PROTECTED]Sent: Tuesday, February 10, 2004 4:57
PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir]
Mixed Exchange and Mixed AD Modes
Hi, this is a
Yes,
if you have the same ip address for new DHCP Server + i guess the clients shuld
renew their ipaddress again
-Original Message-From: Jerry Johnson
[mailto:[EMAIL PROTECTED]Sent: Tuesday, February 10, 2004 4:52
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir]
Changing DHCP
It wont work with Windows 2003. But you can use Netsh command to
import to windows 2003. Here is the syntax
Netsh
DHCP
Server
Import File Name All
Thanks,
Santhosh
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Celone, Mike
Sent: Tuesday, February 10,
Title: Message
Super,
thanks Mike. Just wanted to verify with the experts one this
one...
Justin L.
x4903
-Original Message-From: Celone, Mike
[mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004
9:12 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] Mixed
MS have a tool called DHCPexim... http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp
I'm not sure if it works under 2003
but I've used it a few times under 2000 with no problems.
Robert Rutherford
+44 (0)1305 208232
+44 (0)7970 122362
[EMAIL PROTECTED]
Sent by:
Title: Message
Good
question...actually, no we have not migrated users yet. In fact, an external
NT4-2000 AD migration using ADMT is the main reason we need to go Native.
Migrating with SIDHistory enabledalso.
The
main issues I was worried about was thatsomething might break with Exch
Title: Message
-Original Message-From: Santhosh Sivarajan
[mailto:[EMAIL PROTECTED]Sent: Tuesday, February 10, 2004
4:48 PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] multiple sites DNS question
"Pointing to tha main Dc is
not recommended" Can you explain
why?
Title: Message
Coz
it will consume a lot of traffic and will certainly affect tha replication.Sicne
these LOCAL DNS servers ar also GLOBAL CATALOG SERVERS the clients wont have any
authentication issues. Now, these local dns servers can point to tha ROOT
SERVER.
Designing wise this is how
Title: Message
Make a last check that you dont
have any older software that might be doing authentication that looks for an NT
PDC, and that you dont have any strange stuff that must be run on a DC.
Ive seen a security admin package break when I switched to Native mode
native mode changes
Title: Message
DHCPExim does not work (or at least isn't supported) on 2003, but you
don't need it. See KB 325473
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]Sent: Tuesday, February 10,
2004 9:47 AMTo: [EMAIL
Even without the same IP, clients will
check their DHCP server that the lease is still valid up until a certain point,
then theyll look for any DHCP server. They might (I think they do,
IIRC) log errors in the event log, but the clients will switch to the new DHCP
server without any
Title: Message
I'd
suggest against running DHCP on a domain controller, due to a know security
issue. However, its a fairly small window of opportunity, but it is a ugly hole
if it is exploited.
--
Roger D. Seielstad -
MTS MCSE
Title: Message
Excellent point Rich...I will have to dig around and see of we have any
strange legacy apps that will fail.
Offhand, anyone know if Citrix has problems against Native mode? (I know,
very generic question; I am not the Citrix admin here...)
Thanks,
Justin L.
x4903
Title: Message
You
should be able to go native with zero impact. Exchange 5.5 lives without a
problem in a Native AD org.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original
Title: Message
Actually, DNS traffic in general is fairly light - I've run orgs in which
80+ physical locations ran off 2-3 DNS servers, across WAN's, without issues.
Technically, there's no need for more than 2 DNS servers in a lot of AD
scenarios.
Keep
in mind that a client queries DNS
Title: Message
It wont work with Windows 2003. But you can use Netsh command to
import to windows 2003. Here is the syntax
Netsh
DHCP
Server
Import File Name All
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, February 10, 2004
Thanks to everyone!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Monday, February 09, 2004 4:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password Expiration
Anyone know what the default Notification of password expiring is
Return Receipt
Your RE: [ActiveDir] Password Expiration
document
:
Title: Message
switching to native doesn't change the security model
(other than allowing you to do new things, such as the creation of universal
security groups and leveraging SIDhistory).
Apps would have failed already, after you've
inplace-upgraded your NT4 domain to 2000 and at this
Title: Message
what version OS are we talking about? and are
these the only domains in your forest - i.e. this domain is also the forest
root?
and I guess we are assuming that you're using AD
integrated DNS for this domain only (and as such the DNS zone data exists on all
DCs) - right?
Title: Message
Roger makes an important point - shouldn't forget that
clients can "use" the DHCP server to hijack the DCs address simply by
registering the same name (MS DHCP servers will happily overwrite their own name
record in DNS, if configured to register client's names in DNS
!!!)
SID always changes when moving objects
Even between Domains in same AD forest. Only GUID would stay the same in
this case (which is enough to keep the user-profile on Win2000 / XP client -
although there are some limitations). If you're in native mode, you'd at
least keep the old SID in the
I wanted to check to see if anyone has
worked with this error in the past. I think the person before me deleted
some objects because he did not know what they did and now it's causing
FRS problems. I read the technet # 312862 and it helped a little
but does anyone know of anything else to look
Title: Message
I
agree, but in my case I have no choice. But, as to your question, yes it is as
simple
as
that. Just deactivate the scope on the win2k box, and activate it on your w2k3
box. One
thing
I noticed, shutting down DHCP server on the w2k3 box and restarting it was
necessary.
Title: Message
Wow! Do you have really mobile users?
Why 4 hours? Just curious.
Jordan
From: Roger Seielstad
[mailto:[EMAIL PROTECTED]
Sent: February 10, 2004 1:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Changing
DHCP Servers
Actually, there's another
See step 4 at http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url="">
I am getting Event ID
13508. The step says there might be a problem with the RPC service. The others
steps check out ok, I have 13gb on the staging area, 3gb staging area limit,
etc.
Got any ideas?
Were you able to read the event viewer from the opposite
computer? Do you have any entries in the system log that
relate?
Al
From: Bruce Clingaman
[mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 5:13
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir]
Event 13562 errors on FRS
Title: Message
I have to call you out on this one Rich... Sorry buddy.
Times places and dates please. :oP
Authentication and machines looking for the PDC should have
no problems. I have a ton of old NT4 code that hasn't the foggiest clue it runs
against W2K whether in native or not.
I
Title: Message
I wouldn't completely agree with you as I have seen a case
to the otherwise, but mostly I agree with you. :o)
My main thing I tell people, test in the lab with your
primary LOB stuff and make sure you don't get impacted there before setting your
world on fire.
joe
From:
Here here. I agree with Al. Shoot the person who deleted
things they didn't know about.
If you don't know what it is, you back away. If you find
that happening more often than not set your admin ID to a random password and
fill out an application at Wendy's.
From: [EMAIL PROTECTED]
Title: Message
We will have to carry this discussion on at the Summit with
beers. Probably in the bar at the Ren., we will grab Dean and everyone else that
shows up who can put two words together and form the sentence "draft please".
Working as a consultant at a company that is trying to
You guys have probably all seen this, but just in case
This thing has greater potential than Blaster due to the fact that there are
more vectors for it to come in through...
Pulled from the Full Disclosure ListServ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Except that is really MS04-007.
And [EMAIL PROTECTED] goes to me. :o)
RPC/DCOM was actually easy to defend against in many ways. For ASN, the
range of methods for leveraging this vulnerability are many and varied.
Granted, we had 6 months to think about it.
William Lefkovics, ExchangeMVP
eEye
Yeah MS04-007 is what I said
Doh!
Thanks for the correction. :o)
I have an excuse, I am in argument with my TAM about the wording in
MS04-006. While it isn't as bad as the wording in 007, it is still bad. With
007 you would think it was a simple matter of someone spilled some coffee on
47 matches
Mail list logo
