This question can be answered in an number of ways, depending upon the nature
of the issue that one is trying to mitigate against.
1. Deleted objects can be re-animated from another DC which has yet to receive
the deletion event, perhaps because that DC is in a site which only replicates
with it
BTW, even though I'm a big fan of the hot-site concept for
many reasons (also to safely perform schema changes), you'll still need to take
care of the link-issue after objects have accidentally been deleted in AD, as
the DCs outside of the hotsite will have received the tombstones and will
If I could correct one thing Neil.
1. Deleted objects can be re-animated from another DC which has yet to
receive the deletion event, perhaps because that DC is in a site
which only replicates with it partner sites at certain times of the
day.
That's not a reanimation. This would be
Hi,
Because of firewall issues, I am creating a new site that is well connected to
the rest of my AD topology. This new site will contain workstations and a
domain controller for an already existingchild domain. This child
domain DCwill also be the bridgehead serverin this new site.
User
Why is your firewall dropping packets for NetBios datagrams on the same
network? Is this a personal type firewall that's running?
Al
-Original Message-
From: ILyas [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 2:27 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Broadcast -
Currently, I am using BINDand would liketo move over to AD
integrated. Is this is simple as it seems...just install DNS on one DC, and it
just works? Is there a specific place that you specify what DNS server to update
records on, or does the DC just update whatever DNS server that is set in
I think these are browser announcements. Just wish it
wasn't so talkative and noisy.
Domain/Workgroup Announcement , Domain controller, NT workstation,
domain
Enum and Host announcement, workstation, server, domain controller,
print queue
server, nt workstation, master browser - all sending
Using the DLG's doesn't kill us any more than if we used
GG's. Same loss of resource access.
As for the accidents, the guys with the big guns don't use
the GUI for most anything, they use very targeted scripts that do very specific
things. We don't, for instance have any mass delete
Depends. You can update directly the configured
server or you can have DHCP do the update for you. Typically, a DC will
update DNS servers directly based on the configuration it is told to use
(network connections settings).
Installing DNS on a DCfor a new implementation is
aseasy as
All,
We are in the final stages of a global AD design for our company. The
design will have two user domains -- one for North America and one for
Europe -- and it will have an empty root. Each of the user domains will
have approximately 35,000 users. Software distribution will be via
Title: RE: [ActiveDir] OU design quandary
Mike,
I think most people would recommend, as would I, designing your OU structure to model your organizational/administrative model. If you administer your users based on Region/Country/City/Office, then it might make sense for you to design your
Though my AD is smaller in scale, maybe this would help.
I have an AD with 700 OU's where the OU's are defined by business unit. For
example, We have a Southwest division, inside Southwest there is Los
Angeles, San Diego, etc. and inside San Diego there are all the business
units in San Diego.
Mike-
I think you'll want to lean towards Camp Two. Do you have a single group
that handles all aspects of user account management (creation, modification,
deletion, password resets, etc)? If you don't, and you put all 35,000 users
in one OU, then you're going to have a bunch of IT support staff
I would think that the 1st approach may work well for a small environment.
However, for larger organizations and as you start to use GPOs and
delegation, you may see that it makes more sense to create an OU hierarchy
that reflects your IT administration management model. As has been said
From where I'm sitting, Option 1 is out of the equation simply because I don't think you base OU design considerations on whether you search or query. OU is for "Administrative" convenience and I think it is best for your design to reflect your Organization structure, geography, and
ha, I knew that would be your answer
;-))
and I can partly understand your strategy = the owner
of the group should know what's in it, so if there is a problem with the
memberships it's his and not yours. But this is really only acceptable for
a small issue, where you loose a couple of
I'd say it depends on whether you're opting for centralised or decentralised
administration. The fact that you talked about ASP being responsible for
packages suggests that you're referring to a more granular approach on a per
site basis in which case 2nd camp for sure. IMO a 'flat and fat'
I think there's two approaches here but correct me if I
misunderstood to flow.
One concept is to restore the actual object in case of
accidental deletion, intentional deletion, corruption, etc. The other is
to track the membership in case one of it's members gets whacked. That
about what
I'm about to re-enter the wonderful world of onsite vendor support, so I
figure I should re-assemble my handy-dandy CD (used to be floppies) of
useful tools and such. I know little, portable USB drives can be used, too,
but I'll still have a some CD's with the bulk of the tools.
So, I'm looking
For us, our user management is centralized so the user objects were placed
in a single OU broken into sub OUs by type (users, administrators, service,
restricted). Computer support is more decentralized so we have computer
objects in geographic based OUs with sub OUs by function (servers,
My take on it has always been unless the Knowledge
Consistency Checker can't figure it out, don't set a Bridgehead - this is going
to prevent the KCC from doing some good things for you. Along the lines of
creating new links and reassigning the Bridgehead in the event of the preferred
21 matches
Mail list logo