Check it again.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Friday, December 08, 2006 8:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DNS scavenging question
I was curious about the static record thing with AgeAllRecords. I just tried
How are you determining the clients are utilizing the PDCE for these
activities? A network trace from the client may prove useful.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Thursday, November 30, 2006 1:51 PM
To: ActiveDir@mail.activedir.org
Subject: [
While I firmly agree that guidance should never be blindly followed,
regardless of the source, I'd add that customers who say "Microsoft reviewed
this" or something like that should not necessarily be taken to mean the
design was in any way developed by or recommended by MS (I can't speak for
the O
Yes, enable it on the server. Only records with old timestamps will be
deleted. So the only real possible negative is you somehow have "valid"
records with old timestamps that have not been refreshing their timestamps
for some reason. How could that happen? Perhaps you had devices previously
pe
If you're asking about applying ACLs via GPO against SYSVOL then yes, it
will cause SYSVOL to replicate. However, this should only happen once.
When the GPO is re-applied FRS should suppress replication of the files
since nothing is actually changing (unless, of course, someone had actually
change
Anyone else getting timeouts trying to get to the list archive
URL?
http://www.activedir.org/ml/threads.aspx
Wellington CBD
E-mail: [EMAIL PROTECTED]
Web: http://www.dia.govt.nz/
|-+-->
| | |
| | |
| | |
| |
*points at joe's signature...*
And in case that was too vague, try here.
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, September 14, 2006 9:13 PM
To: ActiveDir@mail.activedir.org
Sub
The bug you're probably referring to is that in 2003 RTM you cannot reduce
the size of an Event Log via GPO. You can increase the size but not
decrease it. This can cause you to have larger logs than what you think if
all you do is review what the GPOs say.
> -Original Message-
> From:
This is a Vista/Longhorn change as the event logging system has been
completely revamped. I'm not, however, 100% certain about 64bit XP and 2003
on if they suffer from the same limitations as the 32bit flavors. I suspect
they do.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto
Especially if you have a Premier account be sure to ask
your TAM or MS contact to provide some business justification to this DCR so it
gets as much traction as possible.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier,
GuidoSent: Thursday, August 31,
Are these manual or automatically generated connection
objects? If automatic, were they created back when bridge all site links
was enabled? If so, if you delete them, do they come back? Do the
site links only have 2 sites, the remote and its designated hub, or do they have
multiple sites
Wait, I've seen this one before. "My voice is my
passport; verify me."
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Figueroa,
JohnnySent: Thursday, August 10, 2006 4:55 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Password
resets
There is t
I suggest stop trying to understand why any one support engineer happens to
disagree with another since the answers aren't going to help your issue.
But, if you must know...
1. Because there's no one right way. People who tell you there's only 1
right way are wrong.
2. You'd have to ask the en
The Netware partial-replica model immediately jumped to
mind when the RODC-PAS idea was broached. I can see a lot of customers
trying to use this feature to create partial-replicas way beyond concerns of
preventing replication of sensitive data. I suppose one big difference
(making an assu
Check your antivirus software to make sure it doesn't
include some sort of pseudo-firewall feature. Also make sure the built-in
firewall isn't enabled.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
HBooGzSent: Monday, July 31, 2006 1:15 AMTo:
ActiveDir@mail.
Look here:
http://technet2.microsoft.com/WindowsServer/en/library/1f105ee4-b025-478c-a0
3e-77fcd91a64e41033.mspx?mfr=true
> -Original Message-
> > This IE setting can be applied via "policy mode" or "preferences
> > mode".
> > Policy mode is what you normally think of when configuring G
This IE setting can be applied via "policy mode" or "preferences mode".
Policy mode is what you normally think of when configuring GPO settings in
that it'll be reset if a user ever changes it. Preferences mode only
changes the initial value but allows the user to change it afterwards if
they like
ition -
http://www.joeware.net/win/ad3e.htm
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Sunday, July 16, 2006 9:55 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Clean install VS Upgrade of Windows 2003
The statement that with each ne
The statement that with each new OS the upgrade in place scenario has
improved, at least to date, has been true. If they said it's perfected each
time then I could see your point. I've been to many customers that have
done in-place upgrades of the OS with great success. Is it the preferred
metho
> shouldn't be an item that costs money from the company
> producing the infrastructure software... I would expect it to
> come with the infrastructure components or be a download.
> It isn't like if this were free the support teams at MSFT
> wouldn't have anything
The quality of AD admins in even very large orgs varies more than the
engineers delivering the RAPs. I've seen "AD administrators" that literally
had no clue what DSRM was, how data is transferred between DCs (doesn't FRS
replicate users, too? Or, AD replication is broken so SYSVOL isn't
replicat
Title: AD Snapshot Tool (ADST) - how useful is it?
The ADST has no direct ties to PSS; it was created by a
different organization within Microsoft. It is not a glorified MPSReports,
if that's what you're thinking. It collects a myriad of data about the
configuration of the replication topol
When you installed Exchange 2003 you extended the schema and fixed the
problem then. So no, you don't need the InetOrgPerson fix now. Running the
Exchange 2003 schema extension (and allowing it to fully replicate out)
before the 2003 AD schema extension is a common recommendation to avoid
having
It's part of the next MOM release... forget everything you used to know
about it.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
> Sent: Sunday, April 30, 2006 8:48 PM
> To: activedir@mail.activedir.org
> Subject: [ActiveDir] OT: Micro
You'll probably want to give MS a call and have a detailed discussion on
this. Read the Branch Office Deployment Guide, too.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Myke
> Sent: Friday, April 28, 2006 9:16 AM
> To: ActiveDir@mail.activedir
The domain password policy is just that; for the entire
domain. Your block inheritance scenario won't work because it's not the
user account that determines what the domain password policy is. You can,
however, set a specific account for 'password never expires', which
prevents the max pas
Did you associate the appropriate subnet(s) of whatever constitutes "UCPG"
into the UCPG site? Site boundaries are defined by the subnets associated
with them. You configure them in Sites and Services.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
You don't describe how large/complex the environment is, but... generally
speaking, I would recommend instead of doing an upgrade in place and then
try renaming the domain you instead do a migration from the NT4 domain into
a freshly built AD domain that already has the final name.
> -Original
time.windows.com,0x1 is the default value for XP and 2003 computers. The
fact that it's not set on some of your servers could be because they were
upgraded in place from 2000 or someone's (or something, like a GPO, for
example) has reset them using any number of means; the net time command,
w32tm.
That's not tied to DNS or even AD, per se, as it's the older NetBIOS name
browsing mechanism that's been around for many years and has slowly (too
slowly, imo) been depreciated. The fact you're not seeing all computers
could be because not every computer has the Computer Browser service
running, t
512MB is for Windows 2000. And you'd only use /3GB if
you had 2000 Advanced Server, at which point you'd cache around 1GB.
Without /3GB on Windows 2003 the default is around 1.5GB, with /3GB it's around
2.6GB. /3GB is supported on both Standard and Enterprise Edition
with respect to DCs.
Umm. Did you read the whitepaper this thread is
talking about?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nicolas
BlankSent: Sunday, April 02, 2006 3:21 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Active
Directory Performance for 64-bit V
y copy of the zone ? well, I do not need
to create zones on this scenario... right
On 3/30/06, David
Adner <[EMAIL PROTECTED]> wrote:
Host a
secondary copy of the zone on the 2000 server. Or upgrade it to
2003. :)
From: [EMAIL PROT
do the process you
explained on a MS DNS 2000Thanks comments
On 3/30/06, David
Adner <[EMAIL PROTECTED]> wrote:
Assuming
I understood you correctly, if your MS DNS server is running on Windows
Server 2003 then you could leverage stub zones or condi
Assuming I understood you correctly, if your MS DNS server
is running on Windows Server 2003 then you could leverage stub zones or
conditional forwarders. With either method you could, for example, say any
queries for "linux.com" (or whatever it's called) go to your Linux DNS server
while a
Not exactly. The point of a site is to help
concentrate site-aware type apps and services so that users access their
local/closest resources. Authentication to DCs (and getting GPOs and login
scripts from them) is just one potential service for this. DFS and SMS are
also site-aware.
Either option is perfectly valid depending on your
needs. Just because you're removing the DCs from the branches does not
mean you need to collapse the sites, too. If you have any site-aware
apps/services like DFS, SMS, etc that may exist in the branches then having
those sites can provide
Setting that Registry value is not the answer. You're disabling a safety
mechanism in AD. Don't change random Registry values in AD unless you know
what they're used for.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
> Sent: Sunday,
Title: DNS Partition Question
You never moved the information out of "Active
Directory". You just moved it to a different partition in AD. It
should no longer exist in the domain partition but now in the DomainDnsZones
partition for the domain in question. To verify it no longer exists in
I'd recommend opening a case with PSS and/or getting a ROSS onsite (talk to
your TAM if you have one; if you don't have a TAM nevermind) and not try to
fix this over a listserv. You're walking on thin ice with the activities
you're performing.
> -Original Message-
> From: [EMAIL PROTECTED
Irrespective of what you choose, I suggest you choose
something and actually implement and use it. That'll put you in the top 1%
(my guestimate based on personal experience) of AD environments out
there.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSe
Title: [ActiveDir] Name Server records
One guess is you're using zone transfers with the option
"Allow only servers on name servers tab" (or whatever it's called) and the
person who set this up added the DNS server in question.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On B
I think you're trying to compare apples and oranges. Yes, both solutions
can help reduce the time it takes to perform a restore (give a specific
scenario), but that's basically it. Lag sites are single snapshots based on
the number of lag sites you deploy. The products you mention below are true
; through quickly while others take the scenic route (wherever
> the heck that is).
>
> --
> Dean Wells
> MSEtechnology
> * Email: [EMAIL PROTECTED]
> http://msetechnology.com
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTE
Oh no, Dean's fallen and can't get up!
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
> Sent: Monday, February 20, 2006 9:17 PM
> To: Send - AD mailing list
> Subject: RE: [ActiveDir] repadmin info oddity
>
> These are DSA invocation I
In addition to AD Sites and Services, check under
System\File Replication Service\Domain System Volume (Sysvol share)\ for any
leftover frsMember objects.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin
(ITS)Sent: Tuesday, February 14, 2006 1:28 PMTo:
Unfortunately the name servers tab often requires manual
effort to keep it up to date. As for Sites and Services, just what
object(s) do you see for the old DC? Just the server object or also its
NTDS Settings object?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf O
Whether a DC registers a particular SRV, which priority it has, which sites
are covered can all be controlled via Registry changes. Whether a DC
registers a particular A same as parent record can also be controlled (at
least with 2003 SP1). So you'll need to clarify exactly what you want to
modif
Something to consider in addition to the others'
comments. Keep in mind just because MS does it a certain way that doesn't
mean it'll be applicable to your own environment. However, this
article/doc does include some interesting comments regarding how smaller GPO's
with a focused set of se
Unless Novell's changed what flavor of DNS/feature set they
have since NetWare 5.1 (last time I ever saw Novell) it did not support dynamic
updates. More specifically, it supported "dynamic updates" but only via a
NetWare DHCP server. Also, at the time, the GUI for managing records
didn't
If there really is some sort of self-service system, then it should be
possible to have it also temporarily grant the user the Logon Locally User
Right (I'm assuming these are console logons since we're talking about
bastion servers) and then have that revoked, for example, after 10 minutes
(meanin
You'll need to disable Slow Link Detection. You want
to do this before disabling ICMP since once it's disabled the clients won't be
able to process GPO's anymore (until Slow Link Detection is disabled). If
you've already disabled ICMP then you'll need some alternate method of changing
the
I seem to have missed part of the conversation since it suddenly seems to
have jumped to what appears to be a conclusion that the VMWare issues were
due to SID's and differencing disks. Is that what was determined? It'll be
good to know for future reference. :)
> -Original Message-
> Fr
Just out of curiosity, but do you find this behavior unusual? Would you
think it's still reasonable to be able to introduce, for example, a 2000 DFL
Domain in a 2003 FFL Forest? Were you thinking of a merger/migration
scenario where perhaps you need to migrate in a 2000 Domain into your 2003
Fore
I guess I missed the previous thread, so this may have already been asked,
but... Did you copy the base VM to build both DC's and if so, did you use
sysprep/newsid/etc before trying to promote them?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
>
Title: FSMO Role Transfer GUI
Raerrr. Cat fight.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Saturday, December 17, 2005 3:31 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] FSMO Role
Transfer GUI
Bite me Wells.
From: [EMA
The internet address portion of the response is optional and may not be
returned in its entirety based on UDP packet size. The number if internet
address entries returned can vary based on the number of characters in the
host and domain names.
> -Original Message-
> From: [EMAIL PROTECTE
Can you contact the schema master and is it advertising as the schema
master? Dcdiag.exe on that DC will show its advertisements. If you tried
isolating the schema master then you're probably running into the init sync
requirements.
Initial synchronization requirements for Windows 2000 Server an
Rocks [MVP]
> Sent: Wednesday, November 30, 2005 3:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] FSMO role transfer
>
>
>
> If the task is that trivial
> If the benefit is so great
> Why isn't it part of the AD snap ins as a one button task?
>
vailable.
>
> Is that agreeable?
>
> Nathaniel Vincent Bahta
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
> Sent: Wednesday, November 30, 2005 1:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: R
, I try to
> utilize all of them available.
>
> Is that agreeable?
>
> Nathaniel Vincent Bahta
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
> Sent: Wednesday, November 30, 2005 1:24 PM
> To: ActiveDir@
gt; The above 2 scenarios are very different - if one were to perform a
> > risk analysis the actions taken to mitigate those risks would be
> > suitably different.
> > neil
> >
> --
> > --
&g
How about making /options work with /csv...? :)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
> Sent: Tuesday, November 29, 2005 7:11 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] GC list
>
> Note instead of rep
I would only agree if you told me your DC's regularly fail
to come back after a reboot. And if you did tell me that I'd have to say
you're doing something wrong.
I suppose I don't consider rebooting a DC to be quite the
dangerous act as others do. To what degree is this taken? If it
hol
If the insurance is guarding against apps/services/etc that
may need the FSMO holders while they're offline, then I can agree with
this. If it's out of fear that something unexpected will happen that takes
out the FSMO holders completely, then I don't think it's worth the effort.
If the la
I scanned through the list of current switches and you
appear to already have everything I was going to ask for.
:)
The only item I wasn't 100% certain on was if it can query
lastLogon. I saw references to pwdLastSet and lastLogonTimeStamp.
The ability to query lastLogon would be nice f
I'd focus less on industry standards, despite that being what mgmt asked
for, and instead try to quantify what you actually need and how it would
benefit the org (ie: save money in the end, speed things up, improve
dependability, etc). For example, you might say Projects A, B, C and D are
on hold
Title: [ActiveDir] Automatically created replication links
By default, the KCC will try not to create redundant
CO's. So if you're describing a desire to have your DC maintain 2 CO's to
two different hub locations, for example, then the KCC won't do
that.
You can adjust this behavior via a
Did you disable the DHCP Client service on the server? That service is
responsible for dynamic registration of a computer's A and PTR record.
Also, did you manually delete the DNS record and allow the server to
re-create it via dynamic registration? If not, then it's possible the DHCP
server sti
In my experience the behavior noted in the KB was fairly
inconsistent. Some DC's would be fine, but then miss records on the next
reboot. The records in question would also vary.
As for the workaround, it's probably less than ideal since
you're right, simply restarting the Netlogon servic
May want to check this out to verify this isn't the
issue:
The Domain Controller does not register _GC, _KERBEROS, and
_KPASSWD DNS entries when a Windows 2000 server starts
http://support.microsoft.com/kb/841395/
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulf
I have this vague feeling your young whippersnapper's
initials are E.F. Could be wrong, though.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Monday, November 07, 2005 9:09 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Raid
suggestion
Well, you can have a single DC Forest. But regardless, all you need is
ADSIEDIT, which you can get from the Support Tools, which you can download
off MS's site. Or are you saying the Support Tools won't install on an SBS
server? I have no SBS experience so I may be making bad assumptions.
> ---
To the original poster, if you have a TAM that would be the best avenue to
obtain further information. They can get you a document that details what
the Active Directory Health Check involves.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick K
> Microsoft AD Health Check:
> http://www.systems-group.net/En/Consultancy+Services/Solutions
> /Microsoft+AD+
> Health+Check.htm
>
> Looks like it's talked about here too
>
> Dean Wells wrote:
>
> >Ooops ... my apologies :O(
> >
> >--
> >Dean Wel
This article below describes where to read it and how to change it. A value
of assumes the default. The new 2003 SP1 180 day default is only
implemented if a forest is built as 2003 SP1. If you simply install SP1 the
value doesn't change.
Looks like they even updated this link, although the wo
Boo, hiss. It's Engineering Services that offers it, not MCS. ;>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
> Sent: Thursday, October 13, 2005 11:22 AM
> To: Send - AD mailing list
> Subject: RE: [ActiveDir] AD/DNS BPA?
>
> The to
In addition to the others' comments, while the BODG is a
good and useful reference, your environment is probably small enough that you
don't have to worry about most of what's described in it. I think it's
good that you read and understand what's stated in it, but don't feel you need
to emp
Houston and San Antonio TAM's are, IMO, generally more technical than the
average TAM. Or, if not technical, they're much more directly involved with
their customers and know how to take care of them. Regardless, you're
always going to hear the dev/support/sales engineers bag on TAM's. There's
a
More specifically, if in your Premier support contract you
agreed purchase a certain number of hours for a TAM, you'll have one. Not
all support contracts include hours for a TAM.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta
Nathaniel V Contr NASIC/SCNAS
2K3 and 2K3 SP1 DC's should interoperate with no issues
besides the potential list of known issues with SP1 in general. ie:
SP1 includes the original version of MS05-019. So if that patch caused you
grief then you could potentially see communication issues between the DC's
unless you inst
The gist of it should be:
Sysvol\Domain\ - Scan
Sysvol\Domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ - Don't Scan
Sysvol\Staging\ - Don't Scan
Sysvol\Staging Areas\ - Don't Scan
Sysvol\Sysvol\ - Don't Scan
So, effectively, you only need to set the 4 folder exclusions. The
reasoning for the Sta
Title: Tombstone Interval
Another tidbit... DNS servers run through an internal
process every 2am to identify and delete "stale" dnsTombstone records.
It's at that point they begin the traditional AD object deletion process.
The 2am interval is not configurable.
From: [EMAIL PROTEC
I still plan to check it out since I'm curious how it
works. Does it include tombstones? DSAStat does, which some might
consider a negative at times.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Thursday, September 08, 2005 8:15 PMTo: Send
Haven't run it yet, but I'm curious what benefits it
provides over dsastat.exe (or was a goal to avoid having to use an external
tool)?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Thursday, September 08, 2005 3:23 PMTo: Send
- AD mailing lis
Haven't run it yet, but I'm curious what benefits it
provides over dsastat.exe (or was a goal to avoid having to use an external
tool)?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean
WellsSent: Thursday, September 08, 2005 3:23 PMTo: Send
- AD mailing lis
Is the corresponding Registry value a type of reg_binary? If so you can't
set it via an ADM. You would need to use an alternate method to update each
user's Registry like via a login script.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Charli
I hadn't noticed that section that specifically talks about
GP. Thanks for the pointer.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
MurraySent: Wednesday, August 24, 2005 11:48 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ports during
authentication/
I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed member<->member and DC<->DC, but not
members<->DC's. At least, not if Kerberos is used. Not sure
how they feel about certs. Shared keys just would
It's been a few weeks, so time for another question on ports. MS's whitepaper
that discusses how to setup AD to communicate through a firewall (the one that
focuses primarily on DC to DC communication) lists the following ports needed to
service "User Login and Authentication" and "Computer
*cough* That's the KB he referenced. :)
David, did you try both workarounds or just one of them? Did you try
rebooting after making the changes? Can you described the exact things you
did?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Mich
Anyone reintroduce a DC that's been offline/failing to replicate for greater
than the tombstone lifetime interval? Or restore a backup that was older
than the tombstone lifetime interval?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent
The physical servers themselves are pretty much a commodity nowadays between
HP, IBM and Dell. The vendors' support model and practices are a big
factor. Cost is also a factor, of course. Shifting to a new hardware
vendor will increase administrative and support costs. You'll now have to
keep t
Inadequate hardware is one, although that's typically
less and less of an issue since most server class
hardware nowadays is more than robust enough.
Firewalls or router ACL's between sites and only
designated DC's can intercommunicate with each other
is another reason.
"Branch" environments wher
So Russ doesn't feel so bad, I've been to many
customers that decided to specify preferred BH's.
When I ask why I normally get any of the following
responses.
1) They want a predictable DC to goto when they need
to force replication between sites. This is
relatively easy to ween them off of.
2) L
Yeah. Stop trying to disable the KCC already. The KCC is your friend. :)
You do, however, want to disable 'bridge all site links' (located under the
properties of "Intersite Transports -> IP"). You need to do this because
the network is not fully routable due to your VPN tunnels. With BASL
ena
I worked for a company with around 15k users. I would say it's scalable as
a directory service. Some of its management tools might be arguably better,
but they have their fair share of annoyances, too. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
I don't agree with your overall plan, but regardless, do you know you can
define a single IP address to a Site of its own? Just define it as, for
example, 10.10.1.1/255.255.255.255 (ie: a 32bit mask).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
This article may provide some help.
The DNS suffix of the computer name of a new domain
controller may not match the name of the domain after you install upgrade a
Windows NT 4.0 Primary domain controller to Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;257623
From:
1 - 100 of 216 matches
Mail list logo
