Re: [ActiveDir] Slow Links Not Recognized for Offline Files

[Al Mulnick]

Strangely, I saw the message this time :) 
On 6/22/06, Mark Parris [EMAIL PROTECTED] wrote:



BLANK EMAIL ALERT

_
From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 On Behalf Of 
Brian DesmondSent:
 22 June 2006 03:44To:
 ActiveDir@mail.activedir.org
Subject:
 RE: [ActiveDir] Slow Links Not Recognized for Offline Files

RE: [ActiveDir] Slow Links Not Recognized for Offline Files

[neil.ruston]

... Although this all changes in Vista.

NLA is used instead, AFAIK.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: 22 June 2006 03:44
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

No AFAIK the slow link detection is measured by the ICMP latency pinging the DC.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:ActiveDir- 
 [EMAIL PROTECTED] On Behalf Of Mark Parris
 Sent: Wednesday, June 21, 2006 6:05 PM
 To: ActiveDir.org
 Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 If I recall the link speed is the network speed attached to the PC not 
 the WAN speed - so if it's a 100MB lan - that's the speed.
 
 I may be wrong, - but there is a world cup on and I have been drinking 
 all evening, I have a dutch wife so currently I have two drink streams 
 and I am finding it hard to stay sober. Hic hic
 
 
 
 
 
 
 -Original Message-
 From: Noah Eiger [EMAIL PROTECTED]
 Date: Wed, 21 Jun 2006 15:26:15
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 Hi –
 
 
 
 First, this is sort of a follow up on a cold thread from last year. I 
 am having problems implementing the suggestions from last year..
 
 
 
 I have offline files / folder redirection enabled for My Documents. 
 The server files are stored at each user’s “home” Site. When laptop 
 users go to a site different from their home, their redirected folders 
 see the home server and access it directly – that is they do not go 
 offline. The laptops authenticate locally at the new site.
 
 
 
 I have tried adjusting slow links for Offline Files (ComputerAdmin
 TemplatesNetworkOffline FilesConfigure Slow link speed). I have set
 this limit very high (15 which should be around 15Mb) and made the 
 reg mods described in KB 811525. The link is still not seen as slow.
 Gpresult /v says it is not a slow link, but I think that might be to 
 the authenticating DC.
 
 
 
 Am I understanding this correctly?
 
 
 
 Thanks.
 
 
 
 -- nme
  .+w֧B+v*
rz+v*汫
.Böv
rzöv


PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

[ActiveDir] OT: DHCP Cluster

[Bahta, Nathaniel V CTR USAF NASIC/SCNA]

Anybody know any good knowledgebase articles or resources for migrating
a 2000 DHCP cluster to a 2003 DHCP cluster?

I would appreciate the information/links.

Thanks,
Nate
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] Complex LDAP Queries

[AFidel]

I'm trying to transfrom this:
objCommand.CommandText = SELECT
Name, ADsPath FROM   sADPath  _
 
   WHERE objectCategory='organizationalUnit' ORDER BY
Name 
into this using the LDAP OR syntax from
MS's scripting site:
objCommand.CommandText = SELECT
Name, ADsPath FROM   sADPath  _
 
   WHERE |(objectCategory='organizationalUnit')(objectCategory='container')
ORDER BY Name 

I'm doing this because the Users OU
is really a container, not an OU. The results I get back are not at all
correct.
Can anyone point out the problem with
my code and/or point me in the right direction for using OR in complex
LDAP queries?

Thanks,
Andrew Fidel

RE: [ActiveDir] Servers or Workstations

[John Strongosky]

Guido, thanks for the info. Yes you are correct we are not using our windows
all (188) of them as file servers  I'm an old fart, have a bad heart and  I
hate surprises so could tell me what surprises I have in store for me. (i.e.
SIDhistory has some nice surprises here)

john

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Wednesday, June 21, 2006 3:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Servers or Workstations

yes, this approach would work fine. Important is to finish step 1+2 before
you do 3+4. As your AD domain has trusts to both source domains and it
doesn't look like you're leveraging windows file-servers, you could also do
step 5 early on (would be different if you are leveraging a lot of Windows
File Servers - SIDhistory has some nice surprises here).  BTW, step 3+4 can
be done at once (but I also preferr to keep them apart)

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky
Sent: Mittwoch, 21. Juni 2006 17:15
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Servers or Workstations

Guido, thanks, for the feed backhere is the info about our domain. 2
nt4
domains, 1 an account and 1 a resource with a 2 way trust between them.
No
roaming profiles. Servers have shares on them for web development.
Novell is
our file server's. We do direct ip printing. Have 1 Citrix Server. Have
migrated groups first then users with sid history using ADMT v3.0 and now am
starting on workstation's/servers but I used my self as a test dummy and
screwed up my workstation (this worked in our lab) by not having access to
an Helpdesk application that uses a share and logging on to the AD domain
before I had migrated my profile.

So if I'm doing this correctly the scenario for this AD migration using ADMT
v 3.0 should be:

1. Migrate Groups from both Domains with sid history.
2. Migrate Users with Sid history and fix group membership.
3. Migrate User Profiles using the Security Translation Wizard selecting to
do only the profile/User rights and adding security references selecting the
source domain workstations.
4. Migrate the workstation using the Computer Migration Wizard but leave the
Users Profiles and User rights unchecked 5. Migrate Servers using the
Security Translation Wizard and then the Computer Migration Wizard.


john

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesday, June 20, 2006 11:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Servers or Workstations

servers first? workstations first?
first what?

I assume you're talking about migrating your servers and workstations from
an NT4 domain to an AD domain - correct?  If so, the order strongly depends
on various aspects, such as the status of your user and group migration and
how you handle permissions on your servers.  There's too much detail here to
know, which doesn't make sense to add without knowing more about your
environment. 

But more often than not it is more advisable to 1. migrate your users
accounts and groups to AD 2. take care of the user profiles on the
workstations and ensure that the users are actually using the AD account
(often combined with the computer migration) 3. migrate the servers and any
other workstations to AD 

Usually the order of workstation or servers is not important - this changes
if you have a lot of trusts in your environment and need to ensure
availability of specific trusted resources from other domains that have not
been migrated yet. Suddenly the order can become important again.

So maybe you want to enlighten us a little about your environment, such as
trusts between your domains, usage of SidHistory for account/group
migration, usage of local profiles/roaming profiles on workstations,
terminal servers, tools you're using for the migration etc.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky
Sent: Mittwoch, 21. Juni 2006 00:22
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Servers or Workstations

Thanks Rob, thought so... 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Rutherford
Sent: Tuesday, June 20, 2006 3:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Servers or Workstations

Hi John,

I would 'generally' opt for servers first as you can then take advantage of
the 2K, 2K3 goodies, i.e. AD straight away when you migrate the
workstations. 

Rob

Robert Rutherford
QuoStar Solutions Limited
 
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
T:   +44 (0) 8456 440 331
F:   +44 (0) 8456 440 332
M:   +44 (0) 7974 249 494
E:  [EMAIL PROTECTED]
W:  www.quostar.com  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 

RE: [ActiveDir] OT: DHCP Cluster

[Bernier, Brandon \(.\)]

Can you do a rolling upgrade? Meaning evict one node from the cluster,
reload it with 2K3 and put DHCP back on then add it back into the
cluster and do the other node. I've done this with SQL many times, but I
forgot what changed from W2K to W2k3 for DHCP..I don't remember anything
mind blowing, but I'd look into anyways.

-Brandon


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNA
Sent: Thursday, June 22, 2006 10:03 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: DHCP Cluster

Anybody know any good knowledgebase articles or resources for migrating
a 2000 DHCP cluster to a 2003 DHCP cluster?

I would appreciate the information/links.

Thanks,
Nate
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Slow Links Not Recognized for Offline Files

[Darren Mar-Elia]

I've had the same problem with configuring slow link for offline files. Very
annoying when I'm at home, connected over VPN, and the damn thing insists on
synchronizing. Anyway, I've only had spotty success configuring that GP
setting below. I too set it very high and it still inconsistently would
occasionally try to sync. In the end I just disabled idle sync completely,
which seemed to solve the problem.

In terms of the slow link detection process, the process (or at least the
determination) is different for GP, user profiles and offline files. GP
currently uses a lame-o mechanism with pings and yes, Neil is right that
Vista replaces this with the mysterious Network Location Awareness process
that is not well defined but apparently uses small rodents who run up the
network cable and ask secret questions of domain controllers to determine
how quickly they will respond. I suspect but I have not confirmed that user
profiles and offline files use a similar ping sequence but they do it
against the user profile server or the offline file sync share. AFAIK there
is no way to see whether you have detected a slow link for offline files or
not. Gpresult only shows GP's slow link status.

Darren

Darren Mar-Elia
For comprehensive Windows Group Policy Information, check out
www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also
check out the Windows Group Policy Guide, a soup-to-nuts resource for Group
Policy information.
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 6:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

... Although this all changes in Vista.

NLA is used instead, AFAIK.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: 22 June 2006 03:44
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

No AFAIK the slow link detection is measured by the ICMP latency pinging the
DC.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:ActiveDir- 
 [EMAIL PROTECTED] On Behalf Of Mark Parris
 Sent: Wednesday, June 21, 2006 6:05 PM
 To: ActiveDir.org
 Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 If I recall the link speed is the network speed attached to the PC not 
 the WAN speed - so if it's a 100MB lan - that's the speed.
 
 I may be wrong, - but there is a world cup on and I have been drinking 
 all evening, I have a dutch wife so currently I have two drink streams 
 and I am finding it hard to stay sober. Hic hic
 
 
 
 
 
 
 -Original Message-
 From: Noah Eiger [EMAIL PROTECTED]
 Date: Wed, 21 Jun 2006 15:26:15
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 Hi –
 
 
 
 First, this is sort of a follow up on a cold thread from last year. I 
 am having problems implementing the suggestions from last year..
 
 
 
 I have offline files / folder redirection enabled for My Documents. 
 The server files are stored at each user’s “home” Site. When laptop 
 users go to a site different from their home, their redirected folders 
 see the home server and access it directly – that is they do not go 
 offline. The laptops authenticate locally at the new site.
 
 
 
 I have tried adjusting slow links for Offline Files (ComputerAdmin
 TemplatesNetworkOffline FilesConfigure Slow link speed). I have set
 this limit very high (15 which should be around 15Mb) and made the 
 reg mods described in KB 811525. The link is still not seen as slow.
 Gpresult /v says it is not a slow link, but I think that might be to 
 the authenticating DC.
 
 
 
 Am I understanding this correctly?
 
 
 
 Thanks.
 
 
 
 -- nme
  .+w?B+v*
rz+v*?
.Böv
rzöv


PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell 

RE: [ActiveDir] Complex LDAP Queries

[joe]

In general SQL statements suck for LDAP queries. You should 
try to use LDAP for LDAP queries. First off, relatively few people use SQL 
format so the help is less than stellar. Second off, the SQL language has 
features that imply capability in LDAP queries that do not exist. Folks who are 
trying to work with it usually don't know much about it and tend to look at SQL 
help and then get confused when something doesn't work. Examples are using LIKE 
or multiple SORT keys and how to convert a complex LDAP query to 
SQL.

And as for Users, you are correct, it isobjectclass 
container. That is why they call it the Users container instead of the Users OU. 
:) By default, every top level container under the domain NC head is a container 
versus an OU with the exceptionof Domain Controllers.

Anyway, a guess (yeah I don't use SQL statements either) 
for the proper SQL string would be something like 

SELECT blah,blah2,blah3 FROM path WHERE blah4='blah5' OR 
blah6='blah7' ORDER BY blah






--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Thursday, June 22, 2006 10:15 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Complex 
LDAP Queries
I'm trying to transfrom this: 
objCommand.CommandText = "SELECT Name, ADsPath 
FROM "  sADPath  _  
   " WHERE 
objectCategory='organizationalUnit' ORDER BY Name"  into this using the LDAP OR syntax from MS's scripting 
site: objCommand.CommandText = "SELECT 
Name, ADsPath FROM "  sADPath  _ " WHERE 
|(objectCategory='organizationalUnit')(objectCategory='container') ORDER BY 
Name"  I'm doing this because 
the Users OU is really a container, not an OU. The results I get back are not at 
all correct. Can anyone point out the 
problem with my code and/or point me in the right direction for using OR in 
complex LDAP queries? Thanks, 
Andrew Fidel

RE: [ActiveDir] OT: DHCP Cluster

[Bahta, Nathaniel V CTR USAF NASIC/SCNA]

I will look into it.  I was under the impression that it was a upgrade
of the OS, but reading further it is actually a fresh install of the OS.
I guess I took the word Upgrade in the wrong context.

Thanks,
Nate 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernier,
Brandon (.)
Sent: Thursday, June 22, 2006 10:57 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: DHCP Cluster

Can you do a rolling upgrade? Meaning evict one node from the cluster,
reload it with 2K3 and put DHCP back on then add it back into the
cluster and do the other node. I've done this with SQL many times, but I
forgot what changed from W2K to W2k3 for DHCP..I don't remember anything
mind blowing, but I'd look into anyways.

-Brandon


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNA
Sent: Thursday, June 22, 2006 10:03 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: DHCP Cluster

Anybody know any good knowledgebase articles or resources for migrating
a 2000 DHCP cluster to a 2003 DHCP cluster?

I would appreciate the information/links.

Thanks,
Nate
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Slow Links Not Recognized for Offline Files

[Noah Eiger]

Thanks to all. I was under the (apparently mistaken) impression that the
slow link for processing GPOs used the ping to the auth DC but that the slow
link for offline files would (imagine that) ping the server that was marked
offline. With an offline folder of any size, this constraint makes OLF
almost unusable in remote sites.

I have seen batch files that use some logic to force the folder offline, but
this seems kludgey.

Another thought: could I somehow peg the laptops to authenticate at their
home DCs? The auth would be less traffic than the redirected files.

And, Darren two things: one, how do disable idle sync? And two, are those
rodents available as a Hotfix?

Thanks.

-- nme

P.S. Brian's email was blank for me too.

-Original Message-
From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 22, 2006 8:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

I've had the same problem with configuring slow link for offline files. Very
annoying when I'm at home, connected over VPN, and the damn thing insists on
synchronizing. Anyway, I've only had spotty success configuring that GP
setting below. I too set it very high and it still inconsistently would
occasionally try to sync. In the end I just disabled idle sync completely,
which seemed to solve the problem.

In terms of the slow link detection process, the process (or at least the
determination) is different for GP, user profiles and offline files. GP
currently uses a lame-o mechanism with pings and yes, Neil is right that
Vista replaces this with the mysterious Network Location Awareness process
that is not well defined but apparently uses small rodents who run up the
network cable and ask secret questions of domain controllers to determine
how quickly they will respond. I suspect but I have not confirmed that user
profiles and offline files use a similar ping sequence but they do it
against the user profile server or the offline file sync share. AFAIK there
is no way to see whether you have detected a slow link for offline files or
not. Gpresult only shows GP's slow link status.

Darren

Darren Mar-Elia
For comprehensive Windows Group Policy Information, check out
www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also
check out the Windows Group Policy Guide, a soup-to-nuts resource for Group
Policy information.
 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 6:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

... Although this all changes in Vista.

NLA is used instead, AFAIK.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: 22 June 2006 03:44
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files

No AFAIK the slow link detection is measured by the ICMP latency pinging the
DC.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:ActiveDir- 
 [EMAIL PROTECTED] On Behalf Of Mark Parris
 Sent: Wednesday, June 21, 2006 6:05 PM
 To: ActiveDir.org
 Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 If I recall the link speed is the network speed attached to the PC not 
 the WAN speed - so if it's a 100MB lan - that's the speed.
 
 I may be wrong, - but there is a world cup on and I have been drinking 
 all evening, I have a dutch wife so currently I have two drink streams 
 and I am finding it hard to stay sober. Hic hic
 
 
 
 
 
 
 -Original Message-
 From: Noah Eiger [EMAIL PROTECTED]
 Date: Wed, 21 Jun 2006 15:26:15
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] Slow Links Not Recognized for Offline Files
 
 Hi –
 
 
 
 First, this is sort of a follow up on a cold thread from last year. I 
 am having problems implementing the suggestions from last year..
 
 
 
 I have offline files / folder redirection enabled for My Documents. 
 The server files are stored at each user’s “home” Site. When laptop 
 users go to a site different from their home, their redirected folders 
 see the home server and access it directly – that is they do not go 
 offline. The laptops authenticate locally at the new site.
 
 
 
 I have tried adjusting slow links for Offline Files (ComputerAdmin
 TemplatesNetworkOffline FilesConfigure Slow link speed). I have set
 this limit very high (15 which should be around 15Mb) and made the 
 reg mods described in KB 811525. The link is still not seen as slow.
 Gpresult /v says it is not a slow link, but I think that might be to 
 the authenticating DC.
 
 
 
 Am I understanding this correctly?
 
 
 
 Thanks.
 
 
 
 -- nme
  .+w?B+v*
rz+v*?
.Böv
rzöv


PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) 

Re: [ActiveDir] Slow Links Not Recognized for Offline Files

[Al Mulnick]

No, I think you had it right the first time according to the doc and what Darren was saying: OLF use a separate mechanism for determining slow links than GPO does. I haven't tested this to see if it's true, but that's two sources saying the same thing. 


Tying the laptops to the DC in the home site would be a worse kludge than using a script to determine location in respect to home drive and disabling/enabling sync of OLF. I would opt for the script.

Like I said earlier, put a trace on the wire and have a look to see what the mechanism is. It's possible there's a blockage on the wire that's preventing the detection from working properly. Maybe fragments or UDP or ??



Al
On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote:
Thanks to all. I was under the (apparently mistaken) impression that theslow link for processing GPOs used the ping to the auth DC but that the slow
link for offline files would (imagine that) ping the server that was markedoffline. With an offline folder of any size, this constraint makes OLFalmost unusable in remote sites.I have seen batch files that use some logic to force the folder offline, but
this seems kludgey.Another thought: could I somehow peg the laptops to authenticate at theirhome DCs? The auth would be less traffic than the redirected files.And, Darren two things: one, how do disable idle sync? And two, are those
rodents available as a Hotfix?Thanks.-- nmeP.S. Brian's email was blank for me too.-Original Message-From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
]Sent: Thursday, June 22, 2006 8:19 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline FilesI've had the same problem with configuring slow link for offline files. Very
annoying when I'm at home, connected over VPN, and the damn thing insists onsynchronizing. Anyway, I've only had spotty success configuring that GPsetting below. I too set it very high and it still inconsistently would
occasionally try to sync. In the end I just disabled idle sync completely,which seemed to solve the problem.In terms of the slow link detection process, the process (or at least thedetermination) is different for GP, user profiles and offline files. GP
currently uses a lame-o mechanism with pings and yes, Neil is right thatVista replaces this with the mysterious Network Location Awareness processthat is not well defined but apparently uses small rodents who run up the
network cable and ask secret questions of domain controllers to determinehow quickly they will respond. I suspect but I have not confirmed that userprofiles and offline files use a similar ping sequence but they do it
against the user profile server or the offline file sync share. AFAIK thereis no way to see whether you have detected a slow link for offline files ornot. Gpresult only shows GP's slow link status.Darren
Darren Mar-EliaFor comprehensive Windows Group Policy Information, check outwww.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Alsocheck out the Windows Group Policy Guide, a soup-to-nuts resource for Group
Policy information.-Original Message-From: [EMAIL PROTECTED][mailto:
[EMAIL PROTECTED]] On Behalf Of[EMAIL PROTECTED]Sent: Thursday, June 22, 2006 6:26 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files... Although this all changes in Vista.NLA is used instead, AFAIK.-Original Message-
From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Brian Desmond
Sent: 22 June 2006 03:44To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline FilesNo AFAIK the slow link detection is measured by the ICMP latency pinging the
DC.Thanks,Brian Desmond[EMAIL PROTECTED]c - 312.731.3132 -Original Message- From: 
[EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED]] On Behalf Of Mark Parris Sent: Wednesday, June 21, 2006 6:05 PM
 To: ActiveDir.org Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files If I recall the link speed is the network speed attached to the PC not the WAN speed - so if it's a 100MB lan - that's the speed.
 I may be wrong, - but there is a world cup on and I have been drinking all evening, I have a dutch wife so currently I have two drink streams and I am finding it hard to stay sober. Hic hic
 -Original Message- From: Noah Eiger [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:26:15
 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Slow Links Not Recognized for Offline Files Hi – First, this is sort of a follow up on a cold thread from last year. I
 am having problems implementing the suggestions from last year.. I have offline files / folder redirection enabled for My Documents. The server files are stored at each user's "home" Site. When laptop
 users go to a site different from their home, their redirected folders see the home server and access it directly – that is they do not go offline. The laptops authenticate locally at the new 

RE: [ActiveDir] Complex LDAP Queries

[AFidel]

Thanks for the input, I ended up finally
figuring it out. The correct format is
objCommand.CommandText = SELECT
Name, ADsPath FROM   sADPath  _
 
   WHERE objectCategory='organizationalUnit' OR objectCategory='container'
AND Name='Users' ORDER BY Name 
The AND is evauluated before the OR
so this gives me all of my OU's plus the Users container.





joe [EMAIL PROTECTED]

Sent by: [EMAIL PROTECTED]
06/22/2006 11:39 AM



Please respond to
ActiveDir@mail.activedir.org





To
ActiveDir@mail.activedir.org


cc



Subject
RE: [ActiveDir] Complex LDAP
Queries








In general SQL statements suck
for LDAP queries. You should try to use LDAP for LDAP queries. First off,
relatively few people use SQL format so the help is less than stellar.
Second off, the SQL language has features that imply capability in LDAP
queries that do not exist. Folks who are trying to work with it usually
don't know much about it and tend to look at SQL help and then get confused
when something doesn't work. Examples are using LIKE or multiple SORT keys
and how to convert a complex LDAP query to SQL.

And as for Users, you are correct,
it is objectclass container. That is why they call it the Users container
instead of the Users OU. :) By default, every top level container under
the domain NC head is a container versus an OU with the exception of Domain
Controllers.

Anyway, a guess (yeah I don't
use SQL statements either) for the proper SQL string would be something
like 

SELECT blah,blah2,blah3 FROM path
WHERE blah4='blah5' OR blah6='blah7' ORDER BY blah





--
O'Reilly Active Directory Third
Edition - http://www.joeware.net/win/ad3e.htm





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, June 22, 2006 10:15 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Complex LDAP Queries


I'm trying to transfrom this: 
objCommand.CommandText = SELECT Name, ADsPath FROM   sADPath
 _ 
 WHERE objectCategory='organizationalUnit'
ORDER BY Name  
into this using the LDAP OR syntax from MS's scripting site:

objCommand.CommandText = SELECT Name, ADsPath FROM   sADPath
 _ 
 WHERE |(objectCategory='organizationalUnit')(objectCategory='container')
ORDER BY Name  

I'm doing this because the Users OU is really a container, not an OU. The
results I get back are not at all correct. 
Can anyone point out the problem with my code and/or point me in the right
direction for using OR in complex LDAP queries? 

Thanks, 
Andrew Fidel

[ActiveDir] DC Configuration

[Al Lilianstrom]

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64 
bit Dell PowerEdge servers. Most of the discussion is about disk 
configuration. Two schools of thought exist here.


1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system 
state backups


2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, 
the second is for NTDS, Sysvol, and system state backups.


I've always liked physically separating the OS from the application 
data. Others here like carving up the volume at the OS.


Any thoughts, opinions, suggestions?

tia, al
--

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Noah Eiger]

What would the partitions on the first configuration gain you (over just a
single C:)? I thought the idea behind placing NTDS, etc on something
_besides_ C: was to get the performance benefits of extra spindles (as in
#2).

-- nme

-Original Message-
From: Al Lilianstrom [mailto:[EMAIL PROTECTED] 
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64 
bit Dell PowerEdge servers. Most of the discussion is about disk 
configuration. Two schools of thought exist here.

1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system 
state backups

2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, 
the second is for NTDS, Sysvol, and system state backups.

I've always liked physically separating the OS from the application 
data. Others here like carving up the volume at the OS.

Any thoughts, opinions, suggestions?

tia, al
-- 

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] DC Configuration

[Al Mulnick]

There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :)


I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can.


Al
On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote:
What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something
_besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED]
]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not
all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with
20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups.
I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom
CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006
List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Free, Bob]

Al - 

Look in the archivies from 11/05 for the Raid suggestions for DC 
thread. It was discussed most thoroughly by some of our luminaries :-) 

HTH

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64 
bit Dell PowerEdge servers. Most of the discussion is about disk 
configuration. Two schools of thought exist here.

1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system 
state backups

2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, 
the second is for NTDS, Sysvol, and system state backups.

I've always liked physically separating the OS from the application 
data. Others here like carving up the volume at the OS.

Any thoughts, opinions, suggestions?

tia, al
-- 

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[joe]

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in this outgoing message.Checked 
  by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - 
  Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Darren Mar-Elia]

Software RAID is where the OS (in this case) handles the 
striping of the data rather than the hardware (usually the 
controller).




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in this outgoing message.Checked 
  by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - 
  Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[joe]

ROFL!

That was more of a case of purposely refusing to 
acknowledge software RAID versus truly understanding what it is. I have had far 
more than my share of times trying to rebuild software raid configs. 



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Software RAID is where the OS (in this case) handles the 
striping of the data rather than the hardware (usually the 
controller).




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in this outgoing message.Checked 
  by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - 
  Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] DC Configuration

[Al Lilianstrom]

Free, Bob wrote:
Al - 


Look in the archivies from 11/05 for the Raid suggestions for DC 
thread. It was discussed most thoroughly by some of our luminaries :-) 


Will do. Thanks, al


HTH

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64 
bit Dell PowerEdge servers. Most of the discussion is about disk 
configuration. Two schools of thought exist here.


1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system 
state backups


2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, 
the second is for NTDS, Sysvol, and system state backups.


I've always liked physically separating the OS from the application 
data. Others here like carving up the volume at the OS.


Any thoughts, opinions, suggestions?

tia, al


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] DC Configuration

[Al Lilianstrom]

Al Mulnick wrote:
There would be a little more to gain than that but often that's the 
reason.  joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared 
with software raid, that he'd take that option. :)
 
I can honestly say I'd agree with him on this one. Software mirroring 
for this type of application is never a good idea.  The slower spindle 
speeds likely won't be enough of an issue to matter in your 
configuration. Unless you have a very large DIT queue jokes here or 
applications that pound the snot out of the individual servers spindle 
speed won't be nearly as important. Since it's 64 bit you're after, 
spend some money on the memory and take advantage of the cache as much 
as you can.
 
Al


 
On 6/22/06, *Noah Eiger* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote:


What would the partitions on the first configuration gain you (over
just a
single C:)? I thought the idea behind placing NTDS, etc on something
_besides_ C: was to get the performance benefits of extra spindles
(as in
#2).



The mirrors would be in hardware. Software raid - only time I've ever 
lost customer data was due to software raid. Never again.


Splitting a large volume into two partitions gains nothing IMO. 
Personally I like my databases on different spindles than the OS.


We have some Unix based apps that hit the DC's pretty hard. Their use is 
only going up. We should be able to fit the DIT in memory so I think 
I'll push for that. Not sure it's a battle I can win but it's always fun 
to try.


thanks, (the other) al

[EMAIL PROTECTED]


-- nme

-Original Message-
From: Al Lilianstrom [mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not
all of them but probably half of them. We've pretty much decided on 64
bit Dell PowerEdge servers. Most of the discussion is about disk
configuration. Two schools of thought exist here.

1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with
20GB or so for the OS and the remainder for NTDS, Sysvol, and system
state backups

2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,
the second is for NTDS, Sysvol, and system state backups.

I've always liked physically separating the OS from the application
data. Others here like carving up the volume at the OS.

Any thoughts, opinions, suggestions?

   tia, al
--

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] NETBIOS Character Limitation?

[joe]

Bingo. 


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Monday, June 19, 2006 4:29 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
NETBIOS Character Limitation?

NetBIOS names are restricted to 15 
chars.

As joe stated, the $ is not included in that 15 since it's 
not part of the name being resolved (using WINS) - it's only used within the AD 
database itself.

The 16th char is reserved and indicates the service(s) 
offered by this NBT name.

Nothing changed from NT to w2k to w2k3 with regard to NBT 
names.

Asjoe also stated, your app appears to introduce a 14 
char limitation and not the underlying OS. ADUC can certainly create a 15 
char NBT name (and still append the $ char in the database) without 
issue.

I hope this helps.

neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: 16 June 2006 18:17To: 
ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgCc: 
joeSubject: RE: [ActiveDir] NETBIOS Character 
Limitation?

Hi Joe, 

So going back to my orginal question, can I use 15 charcter server names or 
am I limited to 14 charchters?

Jose

-- 
  Original message -- From: "joe" [EMAIL PROTECTED] 
  
  
  
  
  

  

  The $ for computer accounts isn't included in 
  theNetBIOS name for nameres, only in the DB and that was to 
  hidethem from being displayed with normal user accounts in NT days. 
  
  
  What is the web based tool? Tell the vendor to fix it. In 
  the meanwhile, create the account another way.
  
  
  --
  O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, 
  JoseSent: Friday, June 16, 2006 12:06 PMTo: 
  ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] NETBIOS 
  Character Limitation?
  
  
  Greetings, 
  
  
  I am trying to 
  create a 15 character SQL cluster node 
  name in Active 
  Directory using a web based tool. The tool will only allow me to use 14 
  characters and the Active Directory group states  The 14 character 
  limit is due to the '$' that must be appended to the samAccountName for 
  backward compatibility. WINS has a 15 character limit. To ensure there is 
  always room for the '$' the field is limited to 14 characters 
  .
  
  I have been 
  working with WINS since NT 3.51, and NetBIOS has always been 15 characters 
  followed by a 16th binary value. The last 16th binary value is for a unique 
  ID. I have Michael Masterson's WINS  DNS book (I was on the board 
  of the NTEA www.ntea.net ) with him. 
  
  http://www.amazon.com/gp/product/1562059432/qid=1150472910/sr=1-7/ref=sr_1_7/002-3567057-9128019?s=booksv=glancen=283155
  
  
  Was the character 
  limitation reduced in AD 2003 and Wins?
  
  Sincerely,
  Jose 
  MedeirosStorage Area Network Systems EngineerMCP+I, MCSE, NT4 MCT 
  408-765-0437 Direct, 408-449-6621 Cell
  "Anyone who has never 
  made a mistake has never tried anything new."
   
  Albert Einstein 
  
  
PLEASE READ: The 
information contained in this email is confidential and 
intended for the 
named recipient(s) only. If you are not an intended 
recipient of this 
email please notify the sender immediately and delete your 
copy from your 
system. You must not copy, distribute or take any further 
action in reliance 
on it. Email is not a secure method of communication and 
Nomura International 
plc ('NIplc') will not, to the extent permitted by law, 
accept 
responsibility or liability for (a) the accuracy or completeness of, 

or (b) the presence 
of any virus, worm or similar malicious or disabling 
code in, this 
message or any attachment(s) to it. If verification of this 
email is sought then 
please request a hard copy. Unless otherwise stated 
this email: (1) is 
not, and should not be treated or relied upon as, 
investment research; 
(2) contains views or opinions that are solely those of 
the author and do 
not necessarily represent those of NIplc; (3) is intended 
for informational 
purposes only and is not a recommendation, solicitation or 
offer to buy or sell 
securities or related financial instruments. NIplc 
does not provide 
investment services to private customers. Authorised and 
regulated by the 
Financial Services Authority. Registered in England 
no. 1550505 VAT No. 
447 2492 35. Registered Office: 1 St Martin's-le-Grand, 
London, EC1A 4NP. A 
member of the Nomura group of companies. 

Re: [ActiveDir] DC Configuration

[Al Lilianstrom]

Free, Bob wrote:
Al - 


Look in the archivies from 11/05 for the Raid suggestions for DC 
thread. It was discussed most thoroughly by some of our luminaries :-) 


Will do. Thanks, al


HTH

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64 
bit Dell PowerEdge servers. Most of the discussion is about disk 
configuration. Two schools of thought exist here.


1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system 
state backups


2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, 
the second is for NTDS, Sysvol, and system state backups.


I've always liked physically separating the OS from the application 
data. Others here like carving up the volume at the OS.


Any thoughts, opinions, suggestions?

tia, al


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Recall: NETBIOS Character Limitation?

[joe]

Does this ever work? I mean for something other than making you look at the
message really closely that the person wants to recall...

snicker 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, June 16, 2006 12:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recall: NETBIOS Character Limitation?

Medeiros, Jose would like to recall the message, NETBIOS Character
Limitation?.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Darren Mar-Elia]

Yea, it seemed an awful basic question for you joe. And, of 
course I fell for it. Agreed though that software RAID is like Congress creating 
its own ethics rules--just a bad idea all around.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:16 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

ROFL!

That was more of a case of purposely refusing to 
acknowledge software RAID versus truly understanding what it is. I have had far 
more than my share of times trying to rebuild software raid configs. 



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Software RAID is where the OS (in this case) handles the 
striping of the data rather than the hardware (usually the 
controller).




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in this outgoing message.Checked 
  by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - 
  Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Is this like AD blog season or what?

[joe]

I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I
am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but
one of the more visible AD gurus. I would probably pay to subscribe to a
blog by DonH if he told stories of all of the AD Dev work and why various
decisions were made.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Friday, June 09, 2006 4:29 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Is this like AD blog season or what?

Active Directory Discussion : Introducing the Active Directory 
Discussion Blog:
http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com
The SBS product team wants to hear from you:
http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Brian Desmond]

You must be thinking of a different kind of RAID. Last I checked
software RAID was something to do with roach spray. 





Thanks,

Brian Desmond

[EMAIL PROTECTED]



c - 312.731.3132











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Darren Mar-Elia
Sent: Thursday, June 22, 2006 5:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration







Software RAID is where the OS (in this case) handles the striping
of the data rather than the hardware (usually the controller).













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, June 22, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration

o Software RAID? What's that? 



o Yeah I am not a fan of mirrors. I like lots of spindles.But
then I tend to work with bigbusy directorieswith Exchange beating
on it. Being 64 bit you don't have to worry _as much_ assuming you have
enough RAM to cache your entire DIT but you still have to load that baby in the
first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care
about fault tolerance the fastest is RAID-0. 



o I would say if you are going 64 bit, make sure you make it a
priority to get enough RAM tohold your entire DIT. That is the cool thing
about getting 64 bit.











--

O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm

















From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Thursday, June 22, 2006 5:12 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Configuration



There would be a little more to gain than that but often
that's the reason. joe might point out that a two mirror configuration is
not his optimal configuration. I'm pretty sure he'd also point out that
compared with software raid, that he'd take that option. :) 











I can honestly say I'd agree with him on this one. Software
mirroring for this type of application is never a good idea. The slower
spindle speeds likely won't be enough of an issue to matter in your
configuration. Unless you have a very large DIT queue jokes here or
applications that pound the snot out of the individual servers spindle speed
won't be nearly as important. Since it's 64 bit you're after, spend some money
on the memory and take advantage of the cache as much as you can. 











Al







On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: 

What would the partitions on the first configuration gain
you (over just a
single C:)? I thought the idea behind placing NTDS, etc on something 
_besides_ C: was to get the performance benefits of extra spindles (as in
#2).

-- nme

-Original Message-
From: Al Lilianstrom [mailto:[EMAIL PROTECTED]
]
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not 
all of them but probably half of them. We've pretty much decided on 64
bit Dell PowerEdge servers. Most of the discussion is about disk
configuration. Two schools of thought exist here.

1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 
20GB or so for the OS and the remainder for NTDS, Sysvol, and system
state backups

2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,
the second is for NTDS, Sysvol, and system state backups. 

I've always liked physically separating the OS from the application
data. Others here like carving up the volume at the OS.

Any thoughts, opinions, suggestions?

 tia, al
--

Al Lilianstrom 
CD/CSS/CSI
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


--
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 


List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] OT: RUS

[joe]

Babysteps...

The likelihood of a full grown perfect provisioning system 
dropping into your lap is almost as unlikely as a duplicate GUID being created. 
So start small, this is what I have always done when growing up systems. Usually 
I would ask for permission to spend time on building a system, be told not only 
no but hell no and I better not catching you working on that so I spend an hour 
here and there after work building it in a skunkworks fashion. I did that at one 
Financial company for managing the NT4 resource domain and rolled out a real 
rough looking tool to the support people, didn't tell any of the management who 
told me not to do it. The support people loved it, my team of 3 people loved it. 
Everyone was far more productive because everything was verified and logged and 
didn't require contacting a DA to get the work done. Eventually the management 
was like, hey how did you guys get so productive so I showed my boss the site 
and he told me to make it look pretty and then a month or two later he announced 
to everyone that the group had thought up, designed, and builta brand new 
way of managing the environment. Most of the folks were like yeah, the group of 
joe is the one, the rest of you didn't have anything to do with it except trying 
to stop him. ;o) 

Anyway, that whole thing grew up out of scripts. I started 
scripting each individual task that we as DAs had to do. At first the scripts 
did the work and logged it all so we didn't need to use the GUI, as that freed 
up time then the scripts were modified to do data validation and then make 
changes. Then I added reporting to it so say you requested a quota increase for 
someone, it validated the quota values, changed the quota, then updated the 
reporting database to reflect the new quota. Ditto for software delivery stuff. 
Then I threw up a web site on a NT4 workstation and set up a basic auth system 
that used windows auth and backended into an Access database to retrieve authz 
info. Slowly I added the scripts to the web site and let the support analysts 
use them. 

It wasn't the greatest but it was such a stellar leap over 
what had come before and really helped stabilize our data collection and 
tracking capability not to mention making folks more efficient because they 
could say get a queue restarted or purged without having to chase down one of 
three domain admins who really didn't give a crap if a print queue was working 
or not. 


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin 
(ITS)Sent: Tuesday, June 13, 2006 9:11 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: 
RUS


Al,

I think thats great 
advice. I wish we really had a provisioning system, like MIIS or something 
similar. We have 22,000 users and theyre all maintained by hand, which is 
horrible.

We have considered 
using a custom attribute to tag employees as well. Were definitely going to be 
using employeeType in the near future to at least identify service accounts and 
contractors/vendors. I think we might end up tagging other custom attributes as 
well. We currently tag a custom attribute with the users Exchange quota limit 
so that our Exchange guys can use that attribute to set mailbox 
limits.

Since were on the 
topic of UPNs, how are additional UPNs created and managed? There are about 15 
additional UPNs in our UPN dropdown list that were created long before I was 
here, and honestly we dont need them. I believe at some point the previous 
admin was going to have a separate UPN for each department, such as 
police.domain.com, fire.domain.com, sheriff.domain.com. Im not sure what the 
thinking behind that was (although Im sure there was a reason) but we have no 
use for them at this point. How can I remove them or modify 
them?





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Al 
MulnickSent: Tuesday, June 13, 
2006 7:41 AMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: 
RUS


I think it's a really good idea to clean up the 
UPN's. However, I think it worth noting that you may want to have a look 
at the process that provisions the users and creates those upn's. Just to 
make sure you don't end up doing the work over and over again. 




I realize upn alone will work, but I think it would be a 
good idea to consider tagging the user objects' custom attributes with some 
identifying information as well. It may be that in the future you'll want 
to sort on different attributes and you may or may not be in a situation where 
upn is flexible enough. 



Al

On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] 
wrote: 



We have 1 AD forest 
with 5 total domains. They are "sister" domains and they don't share a 
namespace. For instance we have one domain for our Police Department, one for 
the Sheriff Department, one for the Public Schools, etc. 

As for Steven's 
suggestion for UPN, we 

RE: [ActiveDir] AD integration

[joe]

And I will consume with a smile. :)

Al is usually sneaking around with the Exchange folks. I am usually with
Dean and we are usually at a bar or chasing down dev guys. :) 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR
Sent: Tuesday, June 13, 2006 6:27 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD integration

Just want to quickly say thanks to both of you, Joe and Al, you've
helped me form some thoughts around this area that I can work with. This
short discussion has been very useful. If I ever see either of you at a
MVP gathering I owe you a beverage of your choice, or two.

-- 
Robert Moir
Microsoft MVP for Windows Servers  Security
Senior IT Systems Engineer
Luton Sixth Form College
Right vs. Wrong   | Good vs. Evil
God vs. the devil | What side you on?

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:ActiveDir-
 [EMAIL PROTECTED] On Behalf Of joe
 Sent: 12 June 2006 15:57
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD integration
 
 The answer to this one is of course it depends.
 
 At first blush it sounds like a single threaded app. Depending on the
 vendor, this may be the best/safest thing to do. :)
 
 As for best practices. I don't think there are any best practices for
 how many domains you should pull data from at a time. It would again
 depend entirely on the app and what it is supposed to be doing and the
 dangers exposed in doing it.
 
 For a relatively fast application that works well in single and
 multidomain environments I could see cases where it is better to pull
 from the GC or better to set up a thread pool and pull from x domains
 at once or a combination. Certainly the thread pool solutions are the
 more scalable solutions but they are also the much harder to do right
 and the more costly solutions. Most customers chose apps on how cheap
 they are first, then later they start to realize the shortcomings that
 made them cheaper.
 
 
 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR
 Sent: Monday, June 12, 2006 8:31 AM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] AD integration
 
 Just a quick question. Is anyone aware of any best practice
 documentation of how a product ought to integrate with AD (e.g. to
pull
 out user data for its own use).
 
 Failing that, can anyone comment on what they think of a model that
can
 only pull data out of one domain at a time so for a 1 domain forest
 needs to make a connection to each domain in turn, pull down that
 information and then load it into SQL server. Am I crazy in thinking
 that anyone following this model has probably just found out that
their
 old NT4 domain integration code kinda works and did the bare minimum
 tidying up before halting any further work?
 
 --
 Robert Moir
 Microsoft MVP for Windows Servers  Security Senior IT Systems
Engineer
 Luton Sixth Form College
 Right vs. Wrong   | Good vs. Evil
 God vs. the devil | What side you on?
 
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.activedir.org/ml/threads.aspx
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[joe]

Exactly...

Congress: Ethics? What's that?



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:25 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Yea, it seemed an awful basic question for you joe. And, of 
course I fell for it. Agreed though that software RAID is like Congress creating 
its own ethics rules--just a bad idea all around.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:16 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

ROFL!

That was more of a case of purposely refusing to 
acknowledge software RAID versus truly understanding what it is. I have had far 
more than my share of times trying to rebuild software raid configs. 



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Software RAID is where the OS (in this case) handles the 
striping of the data rather than the hardware (usually the 
controller).




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in this outgoing message.Checked 
  by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - 
  Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: 

Re: [ActiveDir] Recall: NETBIOS Character Limitation?

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

It ALWAYS makes me look closer at the original message.

It works in Novell is my understanding.

joe wrote:


Does this ever work? I mean for something other than making you look at the
message really closely that the person wants to recall...

snicker 



--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, June 16, 2006 12:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recall: NETBIOS Character Limitation?

Medeiros, Jose would like to recall the message, NETBIOS Character
Limitation?.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Gil Kirkpatrick]

OS, DIT, logs on separate spindles.

Enough memory to store the DIT + overhead.

-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DC Configuration

We have some budget money to replace domain controllers this year. Not
all of them but probably half of them. We've pretty much decided on 64
bit Dell PowerEdge servers. Most of the discussion is about disk
configuration. Two schools of thought exist here.

1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with
20GB or so for the OS and the remainder for NTDS, Sysvol, and system
state backups

2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,
the second is for NTDS, Sysvol, and system state backups.

I've always liked physically separating the OS from the application
data. Others here like carving up the volume at the OS.

Any thoughts, opinions, suggestions?

tia, al
-- 

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] DC Configuration

[Gil Kirkpatrick]

Ethics? Thats the stuff the guys in the other party don't 
have.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:52 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Exactly...

Congress: Ethics? What's that?



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:25 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Yea, it seemed an awful basic question for you joe. And, of 
course I fell for it. Agreed though that software RAID is like Congress creating 
its own ethics rules--just a bad idea all around.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:16 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

ROFL!

That was more of a case of purposely refusing to 
acknowledge software RAID versus truly understanding what it is. I have had far 
more than my share of times trying to rebuild software raid configs. 



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Darren 
Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

Software RAID is where the OS (in this case) handles the 
striping of the data rather than the hardware (usually the 
controller).




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Thursday, June 22, 2006 3:05 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC 
Configuration

o Software RAID? What's that? 

o Yeah I am not a fan of mirrors. I like lots of 
spindles.But then I tend to work with bigbusy directorieswith 
Exchange beating on it. Being 64 bit you don't have to worry _as much_ 
assuming you have enough RAM to cache your entire DIT but you still have to load 
that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if 
you don't care about fault tolerance the fastest is RAID-0. 

o I would say if you are going 64 bit, make sure you make 
it a priority to get enough RAM tohold your entire DIT. That is the cool 
thing about getting 64 bit.




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Thursday, June 22, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC 
Configuration

There would be a little more to gain than that but often that's the 
reason. joe might point out that a two mirror configuration is not his 
optimal configuration. I'm pretty sure he'd also point out that compared with 
software raid, that he'd take that option. :) 

I can honestly say I'd agree with him on this one. Software mirroring for 
this type of application is never a good idea. The slower spindle speeds 
likely won't be enough of an issue to matter in your configuration. Unless you 
have a very large DIT queue jokes here or applications that pound the 
snot out of the individual servers spindle speed won't be nearly as important. 
Since it's 64 bit you're after, spend some money on the memory and take 
advantage of the cache as much as you can. 

Al
On 6/22/06, Noah 
Eiger [EMAIL PROTECTED] 
wrote: 
What 
  would the partitions on the first configuration gain you (over just 
  asingle C:)? I thought the idea behind placing NTDS, etc on something 
  _besides_ C: was to get the performance benefits of extra spindles (as 
  in#2).-- nme-Original Message-From: Al 
  Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: 
  Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: 
  [ActiveDir] DC ConfigurationWe have some budget money to replace 
  domain controllers this year. Not all of them but probably half of them. 
  We've pretty much decided on 64bit Dell PowerEdge servers. Most of the 
  discussion is about diskconfiguration. Two schools of thought exist 
  here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS 
  level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and 
  systemstate backups2) Two sets of 2x73 10K drives in RAID1. The 
  first set is for the OS,the second is for NTDS, Sysvol, and system state 
  backups. I've always liked physically separating the OS from the 
  applicationdata. Others here like carving up the volume at the 
  OS.Any thoughts, opinions, 
  suggestions? tia, 
  al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List 
  info : http://www.activedir.org/List.aspxList 
  FAQ: http://www.activedir.org/ListFAQ.aspxList 
  archive: http://www.activedir.org/ml/threads.aspx--No 
  virus found in this incoming message.Checked by AVG Free Edition. 
  Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 
  6/20/2006--No virus found in 

RE: [ActiveDir] Recall: NETBIOS Character Limitation?

[joe]

Well duh, everything works perfect on NOvell. 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP] 
Sent: Thursday, June 22, 2006 6:58 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Recall: NETBIOS Character Limitation?

It ALWAYS makes me look closer at the original message.

It works in Novell is my understanding.

joe wrote:

Does this ever work? I mean for something other than making you look at the
message really closely that the person wants to recall...

snicker 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, June 16, 2006 12:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recall: NETBIOS Character Limitation?

Medeiros, Jose would like to recall the message, NETBIOS Character
Limitation?.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

  

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] AD Security permission continues to be auto-removed

[J B]




We have some users that have mobile devices that 
connect to Exchange. The3rd party applicationuses a dedicated 
account to send mail from the devices. This account needs to have "Send 
As..." permissions on each of the user accounts' security settings. We 
have set it in all users (about two dozen) but one userin particular has a 
problem. We set the permission and give it "Send As..." rights (just like 
all the others - no different), but usually within an hour, the newly added 
permission is gone - not just the "Send As" setting, but the whole account name 
is gone from this user's security settings as if we never added it in the first 
place. We have five DC's and I have tried adding it from each DC with the 
same results. I am baffled by this. Does anyone have any 
suggestions?

Re: [ActiveDir] DC Configuration

[Laura E. Hunter]

...whichever party that may be.

On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote:


Ethics? Thats the stuff the guys in the other party don't have.


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joe
Sent: Thursday, June 22, 2006 3:52 PM

To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joe
Sent: Thursday, June 22, 2006 3:52 PM

To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration


Exactly...

Congress: Ethics? What's that?


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Darren Mar-Elia
Sent: Thursday, June 22, 2006 6:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration


Yea, it seemed an awful basic question for you joe. And, of course I fell
for it. Agreed though that software RAID is like Congress creating its own
ethics rules--just a bad idea all around.

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joe
Sent: Thursday, June 22, 2006 3:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration


ROFL!

That was more of a case of purposely refusing to acknowledge software RAID
versus truly understanding what it is. I have had far more than my share of
times trying to rebuild software raid configs.

--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Darren Mar-Elia
Sent: Thursday, June 22, 2006 6:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration


Software RAID is where the OS (in this case) handles the striping of the
data rather than the hardware (usually the controller).



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joe
Sent: Thursday, June 22, 2006 3:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DC Configuration


o Software RAID? What's that?

o Yeah I am not a fan of mirrors. I like lots of spindles. But then I tend
to work with big busy directories with Exchange beating on it.  Being 64 bit
you don't have to worry _as much_ assuming you have enough RAM to cache your
entire DIT but you still have to load that baby in the first place so I
would still recommend RAID 0+1, 10, or 5 or if you don't care about fault
tolerance the fastest is RAID-0.

o I would say if you are going 64 bit, make sure you make it a priority to
get enough RAM to hold your entire DIT. That is the cool thing about getting
64 bit.



--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
Mulnick
Sent: Thursday, June 22, 2006 5:12 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Configuration


There would be a little more to gain than that but often that's the reason.
joe might point out that a two mirror configuration is not his optimal
configuration. I'm pretty sure he'd also point out that compared with
software raid, that he'd take that option. :)

I can honestly say I'd agree with him on this one. Software mirroring for
this type of application is never a good idea.  The slower spindle speeds
likely won't be enough of an issue to matter in your configuration. Unless
you have a very large DIT queue jokes here or applications that pound the
snot out of the individual servers spindle speed won't be nearly as
important. Since it's 64 bit you're after, spend some money on the memory
and take advantage of the cache as much as you can.

Al


On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote:
 What would the partitions on the first configuration gain you (over just a
 single C:)? I thought the idea behind placing NTDS, etc on something
 _besides_ C: was to get the performance benefits of extra spindles (as in
 #2).

 -- nme

 -Original Message-
 From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]
 Sent: Thursday, June 22, 2006 1:24 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] DC Configuration

 We have some budget money to replace domain controllers this year. Not
 all of them but probably half of them. We've pretty much decided on 64
 bit Dell PowerEdge servers. Most of the discussion is about disk
 configuration. Two schools of thought exist here.

 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with
 20GB or so for the OS and the remainder for NTDS, Sysvol, and system
 state backups

 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,
 the second is for NTDS, Sysvol, and system state backups.

 I've always liked physically separating the OS from the application
 data. Others here like carving up the volume at the OS.

RE: [ActiveDir] Is this like AD blog season or what?

[joe]

I still want to hear about the admin limit exceeded stuff.  Any stories on
history of why things were done certain ways is always great too. 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Thursday, June 22, 2006 7:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is this like AD blog season or what?

I wouldn't mind hearing specific things people would like to hear about
...  I have my own internal list of ideas of stuff to blog about / proto
blogs / etc, but wondering how much my plan matches desire.

Cheers,
-BrettSh

On Thu, 22 Jun 2006, joe wrote:

 I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I
 am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but
 one of the more visible AD gurus. I would probably pay to subscribe to a
 blog by DonH if he told stories of all of the AD Dev work and why various
 decisions were made.
 
 
 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm 
  
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA
 aka Ebitz - SBS Rocks [MVP]
 Sent: Friday, June 09, 2006 4:29 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] Is this like AD blog season or what?
 
 Active Directory Discussion : Introducing the Active Directory 
 Discussion Blog:
 http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx
 
 -- 
 Letting your vendors set your risk analysis these days?  
 http://www.threatcode.com
 The SBS product team wants to hear from you:
 http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.activedir.org/ml/threads.aspx
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.activedir.org/ml/threads.aspx
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] AD Security permission continues to be auto-removed

[joe]

http://www.google.com/search?sourceid=navclientie=UTF-8rls=GGLG,GGLG:2006-21,GGLG:enq=adminsdholder



--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of J 
BSent: Thursday, June 22, 2006 8:08 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD Security 
permission continues to be "auto-removed"

We have some users that have mobile devices that 
connect to Exchange. The3rd party applicationuses a dedicated 
account to send mail from the devices. This account needs to have "Send 
As..." permissions on each of the user accounts' security settings. We 
have set it in all users (about two dozen) but one userin particular has a 
problem. We set the permission and give it "Send As..." rights (just like 
all the others - no different), but usually within an hour, the newly added 
permission is gone - not just the "Send As" setting, but the whole account name 
is gone from this user's security settings as if we never added it in the first 
place. We have five DC's and I have tried adding it from each DC with the 
same results. I am baffled by this. Does anyone have any 
suggestions?

RE: [ActiveDir] [OT] DC Configuration

[joe]

A party? Where? They got beer?


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Thursday, June 22, 2006 8:31 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Configuration

...whichever party that may be.

On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote:

 Ethics? Thats the stuff the guys in the other party don't have.
 

 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:52 PM

 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration

 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:52 PM

 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Exactly...

 Congress: Ethics? What's that?


 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Darren Mar-Elia
 Sent: Thursday, June 22, 2006 6:25 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Yea, it seemed an awful basic question for you joe. And, of course I fell
 for it. Agreed though that software RAID is like Congress creating its own
 ethics rules--just a bad idea all around.
 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:16 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 ROFL!

 That was more of a case of purposely refusing to acknowledge software RAID
 versus truly understanding what it is. I have had far more than my share
of
 times trying to rebuild software raid configs.

 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Darren Mar-Elia
 Sent: Thursday, June 22, 2006 6:14 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Software RAID is where the OS (in this case) handles the striping of the
 data rather than the hardware (usually the controller).


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:05 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 o Software RAID? What's that?

 o Yeah I am not a fan of mirrors. I like lots of spindles. But then I tend
 to work with big busy directories with Exchange beating on it.  Being 64
bit
 you don't have to worry _as much_ assuming you have enough RAM to cache
your
 entire DIT but you still have to load that baby in the first place so I
 would still recommend RAID 0+1, 10, or 5 or if you don't care about fault
 tolerance the fastest is RAID-0.

 o I would say if you are going 64 bit, make sure you make it a priority to
 get enough RAM to hold your entire DIT. That is the cool thing about
getting
 64 bit.



 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al
 Mulnick
 Sent: Thursday, June 22, 2006 5:12 PM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] DC Configuration


 There would be a little more to gain than that but often that's the
reason.
 joe might point out that a two mirror configuration is not his optimal
 configuration. I'm pretty sure he'd also point out that compared with
 software raid, that he'd take that option. :)

 I can honestly say I'd agree with him on this one. Software mirroring for
 this type of application is never a good idea.  The slower spindle speeds
 likely won't be enough of an issue to matter in your configuration. Unless
 you have a very large DIT queue jokes here or applications that pound
the
 snot out of the individual servers spindle speed won't be nearly as
 important. Since it's 64 bit you're after, spend some money on the memory
 and take advantage of the cache as much as you can.

 Al


 On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote:
  What would the partitions on the first configuration gain you (over just
a
  single C:)? I thought the idea behind placing NTDS, etc on something
  _besides_ C: was to get the performance benefits of extra spindles (as
in
  #2).
 
  -- nme
 
  -Original Message-
  From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]
  Sent: Thursday, June 22, 2006 1:24 PM
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] DC Configuration
 
  We have some budget money to replace domain controllers this year. Not
  all of them but probably half of them. We've pretty much decided on 64
  bit Dell PowerEdge servers. Most of the discussion is about disk
  configuration. Two 

Re: [ActiveDir] Is this like AD blog season or what?

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

I loved the Lobster thingy (even though I hate fish)

joe wrote:


I still want to hear about the admin limit exceeded stuff.  Any stories on
history of why things were done certain ways is always great too. 



--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Thursday, June 22, 2006 7:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is this like AD blog season or what?

I wouldn't mind hearing specific things people would like to hear about
...  I have my own internal list of ideas of stuff to blog about / proto
blogs / etc, but wondering how much my plan matches desire.

Cheers,
-BrettSh

On Thu, 22 Jun 2006, joe wrote:

 


I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I
am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but
one of the more visible AD gurus. I would probably pay to subscribe to a
blog by DonH if he told stories of all of the AD Dev work and why various
decisions were made.


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
   


CPA
 


aka Ebitz - SBS Rocks [MVP]
Sent: Friday, June 09, 2006 4:29 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Is this like AD blog season or what?

Active Directory Discussion : Introducing the Active Directory 
Discussion Blog:

http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

The SBS product team wants to hear from you:
http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

   



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] [OT] DC Configuration

[Thommes, Michael M.]

I know, I know...how about the AD Party?  We're ethical, right?  joe's
probably the most ethical guy around.  And he gives stuff away for free.
When was the last time you saw a politician do that?  I nominate him for
President!  ;-)

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, June 22, 2006 8:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [OT] DC Configuration

A party? Where? They got beer?


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter
Sent: Thursday, June 22, 2006 8:31 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DC Configuration

...whichever party that may be.

On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote:

 Ethics? Thats the stuff the guys in the other party don't have.
 

 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:52 PM

 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration

 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:52 PM

 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Exactly...

 Congress: Ethics? What's that?


 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Darren Mar-Elia
 Sent: Thursday, June 22, 2006 6:25 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Yea, it seemed an awful basic question for you joe. And, of course I
fell
 for it. Agreed though that software RAID is like Congress creating its
own
 ethics rules--just a bad idea all around.
 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:16 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 ROFL!

 That was more of a case of purposely refusing to acknowledge software
RAID
 versus truly understanding what it is. I have had far more than my
share
of
 times trying to rebuild software raid configs.

 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 Darren Mar-Elia
 Sent: Thursday, June 22, 2006 6:14 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 Software RAID is where the OS (in this case) handles the striping of
the
 data rather than the hardware (usually the controller).


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of
 joe
 Sent: Thursday, June 22, 2006 3:05 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] DC Configuration


 o Software RAID? What's that?

 o Yeah I am not a fan of mirrors. I like lots of spindles. But then I
tend
 to work with big busy directories with Exchange beating on it.  Being
64
bit
 you don't have to worry _as much_ assuming you have enough RAM to
cache
your
 entire DIT but you still have to load that baby in the first place so
I
 would still recommend RAID 0+1, 10, or 5 or if you don't care about
fault
 tolerance the fastest is RAID-0.

 o I would say if you are going 64 bit, make sure you make it a
priority to
 get enough RAM to hold your entire DIT. That is the cool thing about
getting
 64 bit.



 --
 O'Reilly Active Directory Third Edition -
 http://www.joeware.net/win/ad3e.htm


 
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al
 Mulnick
 Sent: Thursday, June 22, 2006 5:12 PM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] DC Configuration


 There would be a little more to gain than that but often that's the
reason.
 joe might point out that a two mirror configuration is not his optimal
 configuration. I'm pretty sure he'd also point out that compared with
 software raid, that he'd take that option. :)

 I can honestly say I'd agree with him on this one. Software mirroring
for
 this type of application is never a good idea.  The slower spindle
speeds
 likely won't be enough of an issue to matter in your configuration.
Unless
 you have a very large DIT queue jokes here or applications that
pound
the
 snot out of the individual servers spindle speed won't be nearly as
 important. Since it's 64 bit you're after, spend some money on the
memory
 and take advantage of the cache as much as you can.

 Al


 On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote:
  What would the partitions on the first configuration gain you (over
just
a
  single C:)? I thought the idea behind placing NTDS, etc on something
  _besides_ C: was to get the performance benefits of extra spindles

RE: [ActiveDir] AD Security permission continues to be auto-removed

[deji]

I have a 2-part discussion of this behavior starting here: 
http://www.akomolafe.com/JustSaying/tabid/193/EntryID/19/Default.aspx

It's a bit headache-inducing, but at least you will get the 
benefit of knowing that it is "by design"

HTH
Sincerely,  
_ 
 (, / | 
/) 
/) /)  /---| (/_ 
__ ___// _ // _ ) 
/ |_/(__(_) // 
(_(_)(/_(_(_/(__(/_(_/ 
/) 
 
(/ Microsoft MVP - Directory 
Serviceswww.readymaids.com - we 
know ITwww.akomolafe.comDo you 
now realize that Today is the Tomorrow you were worried about Yesterday? 
-anon



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of J 
BSent: Thursday, June 22, 2006 5:08 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD Security 
permission continues to be "auto-removed"

We have some users that have mobile devices that 
connect to Exchange. The3rd party applicationuses a dedicated 
account to send mail from the devices. This account needs to have "Send 
As..." permissions on each of the user accounts' security settings. We 
have set it in all users (about two dozen) but one userin particular has a 
problem. We set the permission and give it "Send As..." rights (just like 
all the others - no different), but usually within an hour, the newly added 
permission is gone - not just the "Send As" setting, but the whole account name 
is gone from this user's security settings as if we never added it in the first 
place. We have five DC's and I have tried adding it from each DC with the 
same results. I am baffled by this. Does anyone have any 
suggestions?

Re: [ActiveDir] DC Configuration

[Al Mulnick]

Interesting how much traffic this subject has garnered. 

But I have to ask, why? I mean, we haven't even heard the performance concepts and you're ready to put this on extra hardware no questions. What if he only had about 500 users? Would that still hold? What if it were a largely distributed environment and they had a network such that they needed many smaller vs. fewer larger DC's? Maybe a branch office environment? 


I hate software raid (joe's sure to put that definitionin a wiki somewhere) because of the false sense of hope it gives the implementer. But I do understand the idea of the least amount of hardware for the task at hand and not a penny more hardware than is needed. Not that I'm even coming close to endorsing software level RAID - far from it. 


So why not a RAID 1 partition that holds all the OS, binaries, log files, file and print facilitiesetc? 

It's a distributed app and could very easily work to the specs needed in a largely distributed architecture. Were RODC available, it might be chosen for some of the ones I have in mind. 
I'm sure you feel I'm baiting you and picking on you Gil but I am curiouswhat some of thethinking in the crowd is G


On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote:
OS, DIT, logs on separate spindles.Enough memory to store the DIT + overhead.-gil-Original Message-
From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Al Lilianstrom
Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not
all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with
20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups.
I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom
CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] How to block particular Subjects

[Ajay Kumar]

Hi AdamT,

Actually I didn'tuse IMF before, Isthatit will really blocked the particular
Subjects (attachement).I mean to say that If user sends their attachement with
particular subjects, So it should be blocked.

Sam.



On 6/21/06, AdamT [EMAIL PROTECTED] wrote:
On 21/06/06, Ajay Kumar [EMAIL PROTECTED] wrote:
 I just wanna to know that, Is that possible to block particulars subjects Ex: ( Resume ). when user send any mail related to same subject to other domain ( Internet ).We are using exchange server 2003 and atleast 500 users.
 Pls give me any suggestion / Software through I can blockHave you looked at Intelligent Message Filters?
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html--AdamTA casual stroll through the lunatic asylum shows that faith does notprove anything. - Nietzsche
List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: 
http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] Recall: NETBIOS Character Limitation?

[Jose Medeiros]

Hi Joe,

It works with in an Exchange Organization, and your right it does not work 
once the message has been routed through the SMTP Gateway.

My apologies for the un-necessary email.

Jose


- Original Message - 
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]  
[EMAIL PROTECTED]

To: ActiveDir@mail.activedir.org
Sent: Thursday, June 22, 2006 3:57 PM
Subject: Re: [ActiveDir] Recall: NETBIOS Character Limitation?



It ALWAYS makes me look closer at the original message.

It works in Novell is my understanding.

joe wrote:

Does this ever work? I mean for something other than making you look at 
the

message really closely that the person wants to recall...

snicker

--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, June 16, 2006 12:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recall: NETBIOS Character Limitation?

Medeiros, Jose would like to recall the message, NETBIOS Character
Limitation?.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx