Hello Ulf,
Thanks so much for such explainations ! That rocks !
2 interesting points you pointed to me
So if i understand, it is good practice, in my case, to disable automatic
site coverage ?
After checking our production, Automatic site coverage is effectively set to
Hi Deji,
Good article with lots of usefull informations.
Thanks again,
Yann
Akomolafe, Deji [EMAIL PROTECTED] a écrit :
Read http://www.netpro.com/forum/files/authentication_topology.pdf
Sincerely,
_
(, / | /)
: [ActiveDir] Question about DNS SRV registration.
I would not recommend that you do this. Please read the document I
referenced in my previous response. Also, see Ulf's brief
description/explanation of the behavior that you are seeing. I really recommend
that you try to understand what
Website: blocked::http://www.windowsserverfaq.org/
http://www.windowsserverfaq.org
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Yann
Sent: Mittwoch, 24. Januar 2007 11:19
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Question about DNS SRV registration
Subject: RE : RE: [ActiveDir] Question about DNS SRV registration.
Hello Ulf,
Thanks so much for such explainations ! That rocks !
2 interesting points you pointed to me
So if i understand, it is good practice, in my case, to disable automatic
site coverage
@mail.activedir.org
Subject: RE : RE: [ActiveDir] Question about DNS SRV registration.
Hello Ulf,
Thanks so much for such explainations ! That rocks !
2 interesting points you pointed to me
So if i understand, it is good practice, in my case, to disable automatic
site coverage ?
After
Yann,
Create a child DNS domain for the site containing DCb, and establish DCb as the
authoritative server for that domain. If you have resources in Sitea you'll
then need to ensure there is a forwarder set up for resolution, etc. Remember
that separate DNS domains can exist within the one
Read http://www.netpro.com/forum/files/authentication_topology.pdf
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
Hello Yann,
this is usual and happens because Site B was configured in Active Directory
before DC B was there and assigned to that site. Automatic Site Coverage is
the process which is taking care of this effect. What it does, is making
sure that every site in Active Directory has DCs. If a DC
Steve,
Thanks for fast reply;
My example is the reflect of what i had in real production.
So in my production, i have about 15 sites AD and we are in the process of
migration (adding more sites).
So you mean that i have to create 15 child dns domain and set each DCs in
each
Do you now realize that Today is the Tomorrow you were worried about Yesterday?
-anon
From: Yann
Sent: Tue 1/23/2007 2:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE : RE: [ActiveDir] Question about DNS SRV registration.
Steve,
Thanks for fast reply;
My example is the reflect of what i had
] On Behalf Of
Akomolafe, Deji
Sent: Wednesday, 24 January 2007 8:42 AM
To: ActiveDir@mail.activedir.org
Subject: RE: RE : RE: [ActiveDir] Question about DNS SRV registration.
I would not recommend that you do this. Please read the document I
referenced in my
Is this an information security risk to our company
especially related to employees information?
Only you and your company can answer that question. Is it maybe just a
subset of the total info - either some info for all users? All info for some
users? What is bad for others to have and what
http://www.rlmueller.net/ComputerRole.htm
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried
@mail.activedir.orgSubject: RE: [ActiveDir] Question about
computer role
http://www.rlmueller.net/ComputerRole.htm
Sincerely,
_
(, / |
/)
/) /) /---| (/_
__ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)
(/ Microsoft MVP - Directory
Serviceswww.akomolafe.com- we
Laura, yes the restricted group gpo that I
created.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
RobinsonSent: Wednesday, July 26, 2006 4:13 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
"restricted group" policy.
If you
d
are a part of the restricted group, and not worry about anything in
addition that might be there.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves
Sent: Wednesday, July 26, 2006
9:39 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Question
on restricted
I have a few correcting comments on this (see
below).
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
HargravesSent: Wednesday, July 26, 2006 9:39 PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Question on
"restricted group" policy
PROTECTED] On Behalf Of WATSON,
BENSent: Thursday, July 27, 2006 8:56 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
"restricted group" policy.
Is there a way to set a
restricted group membership, yet allow for additional members to not be removed
when the group
If you
delete what? The GPO?
Laura
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
StrongoskySent: Wednesday, July 26, 2006 7:08 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Question on
"restricted group" policy.
Hey,
Created a
When I wanted to do this with my domain
workstations, I simply used a group policy object to deploy a startup script
that added the proper security groups to the local administrators group. If I
wanted to then remove these groups, I would simply edit the script and switch
the /add to a
This somewhat depends upon which side of Restricted Groups
you're using (i.e. "Members of this Group" or "This group is a member of"). If
its the former, and you clear out the users in the list but leave the local
Administrators group under control, then it will clear out the members of that
Yes -- I've done that, and that's how it worked for
me.
From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 5:23 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
"restricted group" policy.
This somewhat depends upon
GPO settings stated that they would be.
On 7/26/06, Derek Harris [EMAIL PROTECTED] wrote:
Yes -- I've done that, and that's how it worked for
me.
From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
]
Sent: Wednesday, July 26, 2006 5:23 PMTo:
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Quest
Your problem is that your belief is incorrect[1].
:o)
First off, LDP and ADSIEDIT look at the world in different
ways. LDP is LDAP based, ADSIEDIT is.. well ADSI based which then thunks
down to LDAP eventually depending on the call and the provider being used.
Things will be and are
Joe,
Thank you for the detailed reply. I now understand.
Thanks,
Mike
On 7/11/06, joe [EMAIL PROTECTED] wrote:
Your problem is that your belief is incorrect[1]. :o)
First off, LDP and ADSIEDIT look at the world in different ways. LDP is LDAP based, ADSIEDIT is.. well ADSI based which
BaudinoSent: Tuesday, July 11, 2006 2:13 PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Question about
dynamically binding aux classes
Joe,
Thank you for the detailed reply. I now understand.
Thanks,
Mike
On 7/11/06, joe
[EMAIL PROTECTED]
wrote:
Your
problem
I will be out of the office on PTO starting Wednesday, July 12, 2006 and
will return to the office on Monday, July 31, 2006. Please email your
requests to the Help Desk email. If you cannot email, contact Selwyn
(x129) or Oliver (x127) for any IT concerns.
List info :
Complete pass. That and if it can never catch up (never being a reasonable time to achieve the goal that originally took you down this path making it worthwhile to perform an off-line defrag in the first place but not necessarily forever type of never).
As I mentioned in my previous post, I
If each 2k3DC is newly promoted, as opposed to an in-place
upgrade, then the .dit on those DCs will essentially be compacted with minimal
whitespace. Were you planning on rebuilding your DCs as part of the migration,
or doing in-place upgrades?
From: [EMAIL PROTECTED]
[mailto:[EMAIL
http://technet2.microsoft.com/WindowsServer/en/Library/5dd6f9eb-0533-4474-ac52-dca78c5471dd1033.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/en/Library/975c456e-8b79-4ace-8363-82543236dbb31033.mspx?mfr=true
Hi,Thanks for replying. Wealready didin-place upgrade for half of our DCs."Coleman, Hunter" [EMAIL PROTECTED] a écrit: If each 2k3DC is newly promoted, as opposed to an in-place upgrade, then the .dit on those DCs will essentially be compacted with minimal whitespace. Were you planning
Hello Al,Good links u pointed to me, especially the link to automate the process. Thanks again for clarification on this subject.YannAl Mulnick [EMAIL PROTECTED] a écrit:http://technet2.microsoft.com/WindowsServer/en/Library/5dd6f9eb-0533-4474-ac52-dca78c5471dd1033.mspx?mfr=true
Just curious, Al, where did you hear this from:
doing this. Online defrag can be a wonderful thing, and off-line is
typically recommended if online is not going to be able to finish
during it's run time.
Because I've never recommended that. online defrag actually saves off
where it
: Tuesday, June 27, 2006 5:28 PM
To: ActiveDir@mail.activedir.org
Subject: Re: RE : Re: [ActiveDir] Question regarding compacting AD DB.
Just curious, Al, where did you hear this from:
doing this. Online defrag can be a wonderful thing, and off-line is
typically recommended if online
There are three things currently handled in the extended-rights container of
objectclass controlAccessRight.
Validated Writes
Property Sets
Extended Rights
These are differentiated by the validAccesses attribute[1]. Quickly it lays
out like
Validated Writes have validAccess value of 8
Property
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 20, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on rightsguid
There are three things currently handled in the extended-rights container of
objectclass
Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 20, 2006 10:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on rightsguid
There are three things currently handled
It is 1/2 a dozen of one, 1/2 a dozen of the other ...
We store forward links, but AD defines a table, with indices such that
we have an efficient way to lookup backlinks for a given object. Don't
have time right now to show you what I mean, but my Daddy says there are
24 usable hours in the
Maybe DsAddressToSiteNames?
See ATSN, it does it right now, it will let you know if
that is what you are looking for
http://www.joeware.net/win/free/tools/atsn.htm
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I just read up on DsAddressToSiteNames and
it sounds like it will do the job Im looking for.
Thanks joe!
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, April 05, 2006
3:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
Brett knows the difference between Jet Blue and Jet Red too :)
Rich
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, October 06, 2005 9:24 PM
To: 'Send - AD mailing list'
Subject: RE: [ActiveDir] Question on Replication Topology
I
There's a difference?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Friday, October 07, 2005 9:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Brett knows the difference between Jet
Yeah, one's red and one's blue. Color monitors are great ;o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 10:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's
Ask Brett :P
C
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 10/7/2005 5:08 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's a difference?
-Original Message-
From: [EMAIL PROTECTED]
[mailto
One is an airline.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 8:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's a difference?
-Original Message
: Friday, October 07, 2005 11:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's a difference?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Friday, October 07, 2005 9:20 AM
If you create an object, you are the owner of the object
and have full control over it. Seems like your options include removing their
create/delete OU rights and making them go through you, or setting up a proxied
system (e.g. web page) that will do the creation for them.
You could run a
backup/Restore
4. Guido and disaster recovery.
5. Tony Murray and wine
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Tuesday, August 16, 2005 1:37 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Thursday, August 18, 2005 7:05 AM
Some people choose to have nothing to do with me. That suits me fine,
I'm not fond of high politeness taxes. I think some would consider
joe rude as well. I usually
Joe rude, NEVER he is just forceful ;P
Dont worry Joe people are just intimidated by your knowledge like Dean :P
C
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 10/7/2005 4:39 AM
To: 'Send - AD mailing list'
Subject: RE: [ActiveDir] Question
the choice to modify users
informations.
Thanks,
Yann
De: [EMAIL PROTECTED] de la part de joe
Date: ven. 07/10/2005 02:21
À: ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] Question about Delegation Object Owner.
Yep, completely agree. Remove the right
PROTECTED] On Behalf Of Brett Shirley
Sent: Wednesday, August 17, 2005 11:37 AM
To: ActiveDir@mail.activedir.org
Cc: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
You're trying to weasel your way out of taking responsibility for your
misunderstanding
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Thursday, August 18, 2005 7:05 AM
To: ActiveDir@mail.activedir.org
Cc: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Dean, unfortunately I have ALOT ALOT
Magalhaes
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: 18 August 2005 09:05 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Outside of saying whichever way you hash it Brett, your comments were
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Tuesday, August 16, 2005 12:59 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
I am fortunate enough to be provided with source access by Microsoft.
Actually, I say Tom-arto since I'm British. ;0
a draft (or publish it somewhere) for technical
review.
Thanks,
Francis
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: August 16, 2005 3:44 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication
: RE: [ActiveDir] Question on Replication Topology
Sounds good to me Robert. For the sake of clarification and a little
more detail, see below -
The IM process itself does not create phantoms, if it were exclusively
responsible for that task, all group modifications referencing
non-local
@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Dean and all;
This has been a great topic so far. It seems that the IM infrastructure role
isn't quite grasped by everybody and can be a little confusing (me being
first confused!)
Can I suggest that we gather all
@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Dean, what did you mean by the last line, indicated here?
The IM process itself does not create phantoms, if it were
exclusively responsible for that task, all group modifications
referencing non-local
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Wednesday, August 17, 2005 4:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Dean, what did you mean by the last line, indicated
] On Behalf Of Brett Shirley
Sent: Wednesday, August 17, 2005 8:27 AM
To: ActiveDir@mail.activedir.org
Cc: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Yeah, that's what I thought you might mean ... that's not true.
The process of injecting a phantom is carried out
: Wednesday, August 17, 2005 8:27 AM
To: ActiveDir@mail.activedir.org
Cc: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Yeah, that's what I thought you might mean ... that's not true.
The process of injecting a phantom is carried out by the directory service
PROTECTED] On Behalf Of Dean Wells
Sent: Wednesday, August 17, 2005 11:25 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
As is often the case, your response is rude and comes across as little more
than an effort to belittle others ... me in this case. You don't
Subject: RE: [ActiveDir] Question on Replication Topology
Do you have sites and subnets defined, or is everything in the Default
First Site?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Monday, August 15, 2005 11:28 AM
Since all DCs are within the same site, the KCC will
construct a ring topology based on the numeric ordering of each of the DCs
GUIDs, thus we get something like this when we graphically represent your
description of the connection objects -
As you can see, the KCC has indeed created a ring
appreciate the time you and others take to
post.
Rocky
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Dean WellsSent: Tuesday, August 16, 2005 7:58
AMTo: Send - AD mailing listSubject: RE:
, August 16, 2005 8:11 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
Replication Topology
Dean,
Thank
you for responding to my question. I am assuming that because you did not
state "worry" (in so many words), that this ring topology is expected and is
sufficient
Am I missing something or having Infrastructure Master running on GC is
an issue in multi-domain forest ?
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Monday, August 15, 2005 9:28 PM
To: activedir@mail.activedir.org
Subject:
Of Teverovsky, Guy
Sent: Tuesday, August 16, 2005 8:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Am I missing something or having Infrastructure Master running on GC is
an issue in multi-domain forest ?
Guy
-Original Message-
From: [EMAIL
PROTECTED] On Behalf Of Teverovsky, Guy
Sent: Tuesday, August 16, 2005 11:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Am I missing something or having Infrastructure Master running on GC is an
issue in multi-domain forest ?
Guy
-Original Message
for the infrastructure
master to keep an eye on.
Just my $0.02
Have a great day!
Rob
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Tuesday, August 16, 2005 11:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question
]
[mailto:[EMAIL PROTECTED] Behalf Of Teverovsky, Guy
Sent: Tuesday, August 16, 2005 8:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Am I missing something or having Infrastructure Master running on GC is an
issue in multi-domain forest ?
Guy
Title: RE: [ActiveDir] Question on Replication Topology
Rob,
My understanding is that he has two domains in the forest: empty root and a production child domain. Though the forest root domain is empty, but it still has 2 domains.
quote
We have:
Forest Root Domain (Empty)
DC1 (Holds
PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Teverovsky, GuySent: Tuesday, August 16, 2005
11:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Question on Replication Topology
Rob,
My understanding
is that he has two domains in the forest: empty root and a production
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
(RRE)
Sent: Tuesday, August 16, 2005 6:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Actually, if it's a Single Domain Forest
.
Guy
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Tuesday, August 16, 2005
6:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question
on Replication Topology
We have a Forest
root domain (technically empty No accounts
Title: RE: [ActiveDir] Question on Replication Topology
I wasnt answering with any specific
setup in mindthe previous poster asked about the single-domain
part. I dont know where it came from and it wasnt really
important to my answerbut yes, if you have more than one domain than you
@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Rob,
My understanding is that he has two domains in the forest: empty root and a
production child domain. Though the forest root domain is empty, but it still
has 2 domains.
quote
We have:
Forest Root Domain (Empty
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, August 16, 2005 12:01 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I read it to be that he has 2 domains. He fat-fingered the number of
FSMO roles in the child
Title: Message
Correctit can, unless all dcs
are gcs
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Teverovsky, Guy
Sent: Tuesday, August 16, 2005
12:01 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question
on Replication Topology
: Tuesday, August 16, 2005 12:01 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Question on
Replication Topology
In that case I
believe that running IM on GCs can cause issues.
The IM in child
domain has almost no phantoms to track, but the IM in forest root would try
talking to itself
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
You are correct. However if you have two DC's it doesn't hurt to offload the
infrastructure master role to the DC that dose not have the other 4 roles,
even if it's in a single domain forest.
Jose
mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Note in the original post, Rocky mentioned that all DCs are GCs ... in
instances such as these, co-hosting the IM and GC roles is a non-issue.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
: Tuesday, August 16, 2005 12:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I am afraid not...
One of the common replies and misunderstood rumors is that the
Infrastructure Master (IM) is only allowed to run on a Global Catalog Server
(GC) if every
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Tuesday, August 16, 2005 12:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I am afraid not...
One of the common replies and misunderstood rumors
, 2005 12:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Deji,
Thank you for pointing out my mistake. You are correct. DC5 holds all
3 roles, not all 5 roles. It's the details, I know. I can just hear
joe now, SEE, SEE, This is what I'm always
Of Dean Wells
Sent: Tuesday, August 16, 2005 1:15 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
For my own purposes, I am interested to know why it is you interpret the
whitepaper you posted a link to as supporting your case, it clearly
states -
Multidomain
:[EMAIL PROTECTED] Behalf Of Dean Wells
Sent: Tuesday, August 16, 2005 10:08 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
Jose, I don't wish to continue going back and forth on this topic, the
behavior and constraints are what they are. I'm not stating
I managed to locate a detailed explanation of the IM's behavior I wrote some
time back, I've pasted it below in the hopes that it will clear up some of
the confusion.
---
The IM locates phantom records within the local DIT. Phantoms are
injected database rows, they are structural entities
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I love this particular discussion. I can never quite follow the reasoning why
about the IM/GC issue... but learn a little more about it each time.
:m:dsm:cci:mvp
-Original Message-
From
mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
For my own purposes, I am interested to know why it is you interpret the
whitepaper you posted a link to as supporting your case, it clearly
states -
Multidomain forest where every domain controller in a domain holds the
global
Of Medeiros, Jose
Sent: Tuesday, August 16, 2005 1:37 PM
To: ActiveDir@mail.activedir.org; Send - AD mailing list
Subject: RE: [ActiveDir] Question on Replication Topology
No Problem at all.. You say Tomato I say Tamato..I also misunderstood his
question as I assumed him meant DC's and not GC's.
Thanks
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
(RRE)
Sent: Tuesday, August 16, 2005 1:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
The part that is throwing me for a loop is that they both seem to be saying
the same
@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
The part that is throwing me for a loop is that they both seem to be saying
the same thing...if all DC's in a multi-domain forest are GC's then it
doesn't matter where the IM goes since there aren't any phantoms created
@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I like your explanation...please allow me to comment on a snippet just to be
sure we're on the same page:
DEJI
IF the IM does not create phantoms, then the DCs that are not GCs do not
have a way to reference those objects
From: [EMAIL PROTECTED] on behalf of Robert Williams (RRE)
Sent: Tue 8/16/2005 12:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
I like your explanation...please allow me to comment on a snippet just to be
sure we're on the same page:
DEJI
Do you have sites and subnets defined, or is everything in the Default
First Site?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent: Monday, August 15, 2005 11:28 AM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Question on
This article may provide some help.
The DNS suffix of the computer name of a new domain
controller may not match the name of the domain after you install upgrade a
Windows NT 4.0 Primary domain controller to Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;257623
From:
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Steven L Dunn
: Subject: [ActiveDir] Question on IIS management via AD...
:
: I want to allow one of our users to manage our
: website services (IIS, Indexing Service) without
1 - 100 of 179 matches
Mail list logo