Re: [ActiveDir] Slow Links Not Recognized for Offline Files
Strangely, I saw the message this time :) On 6/22/06, Mark Parris [EMAIL PROTECTED] wrote: BLANK EMAIL ALERT _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian DesmondSent: 22 June 2006 03:44To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files
RE: [ActiveDir] Slow Links Not Recognized for Offline Files
... Although this all changes in Vista. NLA is used instead, AFAIK. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: 22 June 2006 03:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files No AFAIK the slow link detection is measured by the ICMP latency pinging the DC. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, June 21, 2006 6:05 PM To: ActiveDir.org Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files If I recall the link speed is the network speed attached to the PC not the WAN speed - so if it's a 100MB lan - that's the speed. I may be wrong, - but there is a world cup on and I have been drinking all evening, I have a dutch wife so currently I have two drink streams and I am finding it hard to stay sober. Hic hic -Original Message- From: Noah Eiger [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:26:15 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Slow Links Not Recognized for Offline Files Hi – First, this is sort of a follow up on a cold thread from last year. I am having problems implementing the suggestions from last year.. I have offline files / folder redirection enabled for My Documents. The server files are stored at each user’s “home” Site. When laptop users go to a site different from their home, their redirected folders see the home server and access it directly – that is they do not go offline. The laptops authenticate locally at the new site. I have tried adjusting slow links for Offline Files (ComputerAdmin TemplatesNetworkOffline FilesConfigure Slow link speed). I have set this limit very high (15 which should be around 15Mb) and made the reg mods described in KB 811525. The link is still not seen as slow. Gpresult /v says it is not a slow link, but I think that might be to the authenticating DC. Am I understanding this correctly? Thanks. -- nme .+w֧B+v*rz+v*汫 .Bövrzöv PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
[ActiveDir] OT: DHCP Cluster
Anybody know any good knowledgebase articles or resources for migrating a 2000 DHCP cluster to a 2003 DHCP cluster? I would appreciate the information/links. Thanks, Nate List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] Complex LDAP Queries
I'm trying to transfrom this: objCommand.CommandText = SELECT Name, ADsPath FROM sADPath _ WHERE objectCategory='organizationalUnit' ORDER BY Name into this using the LDAP OR syntax from MS's scripting site: objCommand.CommandText = SELECT Name, ADsPath FROM sADPath _ WHERE |(objectCategory='organizationalUnit')(objectCategory='container') ORDER BY Name I'm doing this because the Users OU is really a container, not an OU. The results I get back are not at all correct. Can anyone point out the problem with my code and/or point me in the right direction for using OR in complex LDAP queries? Thanks, Andrew Fidel
RE: [ActiveDir] Servers or Workstations
Guido, thanks for the info. Yes you are correct we are not using our windows all (188) of them as file servers I'm an old fart, have a bad heart and I hate surprises so could tell me what surprises I have in store for me. (i.e. SIDhistory has some nice surprises here) john -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, June 21, 2006 3:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Servers or Workstations yes, this approach would work fine. Important is to finish step 1+2 before you do 3+4. As your AD domain has trusts to both source domains and it doesn't look like you're leveraging windows file-servers, you could also do step 5 early on (would be different if you are leveraging a lot of Windows File Servers - SIDhistory has some nice surprises here). BTW, step 3+4 can be done at once (but I also preferr to keep them apart) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Sent: Mittwoch, 21. Juni 2006 17:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Servers or Workstations Guido, thanks, for the feed backhere is the info about our domain. 2 nt4 domains, 1 an account and 1 a resource with a 2 way trust between them. No roaming profiles. Servers have shares on them for web development. Novell is our file server's. We do direct ip printing. Have 1 Citrix Server. Have migrated groups first then users with sid history using ADMT v3.0 and now am starting on workstation's/servers but I used my self as a test dummy and screwed up my workstation (this worked in our lab) by not having access to an Helpdesk application that uses a share and logging on to the AD domain before I had migrated my profile. So if I'm doing this correctly the scenario for this AD migration using ADMT v 3.0 should be: 1. Migrate Groups from both Domains with sid history. 2. Migrate Users with Sid history and fix group membership. 3. Migrate User Profiles using the Security Translation Wizard selecting to do only the profile/User rights and adding security references selecting the source domain workstations. 4. Migrate the workstation using the Computer Migration Wizard but leave the Users Profiles and User rights unchecked 5. Migrate Servers using the Security Translation Wizard and then the Computer Migration Wizard. john -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, June 20, 2006 11:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Servers or Workstations servers first? workstations first? first what? I assume you're talking about migrating your servers and workstations from an NT4 domain to an AD domain - correct? If so, the order strongly depends on various aspects, such as the status of your user and group migration and how you handle permissions on your servers. There's too much detail here to know, which doesn't make sense to add without knowing more about your environment. But more often than not it is more advisable to 1. migrate your users accounts and groups to AD 2. take care of the user profiles on the workstations and ensure that the users are actually using the AD account (often combined with the computer migration) 3. migrate the servers and any other workstations to AD Usually the order of workstation or servers is not important - this changes if you have a lot of trusts in your environment and need to ensure availability of specific trusted resources from other domains that have not been migrated yet. Suddenly the order can become important again. So maybe you want to enlighten us a little about your environment, such as trusts between your domains, usage of SidHistory for account/group migration, usage of local profiles/roaming profiles on workstations, terminal servers, tools you're using for the migration etc. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Sent: Mittwoch, 21. Juni 2006 00:22 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Servers or Workstations Thanks Rob, thought so... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rutherford Sent: Tuesday, June 20, 2006 3:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Servers or Workstations Hi John, I would 'generally' opt for servers first as you can then take advantage of the 2K, 2K3 goodies, i.e. AD straight away when you migrate the workstations. Rob Robert Rutherford QuoStar Solutions Limited The Enterprise Pavilion Fern Barrow Wallisdown Poole Dorset BH12 5HH T: +44 (0) 8456 440 331 F: +44 (0) 8456 440 332 M: +44 (0) 7974 249 494 E: [EMAIL PROTECTED] W: www.quostar.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
RE: [ActiveDir] OT: DHCP Cluster
Can you do a rolling upgrade? Meaning evict one node from the cluster, reload it with 2K3 and put DHCP back on then add it back into the cluster and do the other node. I've done this with SQL many times, but I forgot what changed from W2K to W2k3 for DHCP..I don't remember anything mind blowing, but I'd look into anyways. -Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Thursday, June 22, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DHCP Cluster Anybody know any good knowledgebase articles or resources for migrating a 2000 DHCP cluster to a 2003 DHCP cluster? I would appreciate the information/links. Thanks, Nate List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Slow Links Not Recognized for Offline Files
I've had the same problem with configuring slow link for offline files. Very annoying when I'm at home, connected over VPN, and the damn thing insists on synchronizing. Anyway, I've only had spotty success configuring that GP setting below. I too set it very high and it still inconsistently would occasionally try to sync. In the end I just disabled idle sync completely, which seemed to solve the problem. In terms of the slow link detection process, the process (or at least the determination) is different for GP, user profiles and offline files. GP currently uses a lame-o mechanism with pings and yes, Neil is right that Vista replaces this with the mysterious Network Location Awareness process that is not well defined but apparently uses small rodents who run up the network cable and ask secret questions of domain controllers to determine how quickly they will respond. I suspect but I have not confirmed that user profiles and offline files use a similar ping sequence but they do it against the user profile server or the offline file sync share. AFAIK there is no way to see whether you have detected a slow link for offline files or not. Gpresult only shows GP's slow link status. Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 22, 2006 6:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files ... Although this all changes in Vista. NLA is used instead, AFAIK. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: 22 June 2006 03:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files No AFAIK the slow link detection is measured by the ICMP latency pinging the DC. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, June 21, 2006 6:05 PM To: ActiveDir.org Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files If I recall the link speed is the network speed attached to the PC not the WAN speed - so if it's a 100MB lan - that's the speed. I may be wrong, - but there is a world cup on and I have been drinking all evening, I have a dutch wife so currently I have two drink streams and I am finding it hard to stay sober. Hic hic -Original Message- From: Noah Eiger [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:26:15 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Slow Links Not Recognized for Offline Files Hi First, this is sort of a follow up on a cold thread from last year. I am having problems implementing the suggestions from last year.. I have offline files / folder redirection enabled for My Documents. The server files are stored at each users home Site. When laptop users go to a site different from their home, their redirected folders see the home server and access it directly that is they do not go offline. The laptops authenticate locally at the new site. I have tried adjusting slow links for Offline Files (ComputerAdmin TemplatesNetworkOffline FilesConfigure Slow link speed). I have set this limit very high (15 which should be around 15Mb) and made the reg mods described in KB 811525. The link is still not seen as slow. Gpresult /v says it is not a slow link, but I think that might be to the authenticating DC. Am I understanding this correctly? Thanks. -- nme .+w?B+v*rz+v*? .Bövrzöv PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell
RE: [ActiveDir] Complex LDAP Queries
In general SQL statements suck for LDAP queries. You should try to use LDAP for LDAP queries. First off, relatively few people use SQL format so the help is less than stellar. Second off, the SQL language has features that imply capability in LDAP queries that do not exist. Folks who are trying to work with it usually don't know much about it and tend to look at SQL help and then get confused when something doesn't work. Examples are using LIKE or multiple SORT keys and how to convert a complex LDAP query to SQL. And as for Users, you are correct, it isobjectclass container. That is why they call it the Users container instead of the Users OU. :) By default, every top level container under the domain NC head is a container versus an OU with the exceptionof Domain Controllers. Anyway, a guess (yeah I don't use SQL statements either) for the proper SQL string would be something like SELECT blah,blah2,blah3 FROM path WHERE blah4='blah5' OR blah6='blah7' ORDER BY blah -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, June 22, 2006 10:15 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Complex LDAP Queries I'm trying to transfrom this: objCommand.CommandText = "SELECT Name, ADsPath FROM " sADPath _ " WHERE objectCategory='organizationalUnit' ORDER BY Name" into this using the LDAP OR syntax from MS's scripting site: objCommand.CommandText = "SELECT Name, ADsPath FROM " sADPath _ " WHERE |(objectCategory='organizationalUnit')(objectCategory='container') ORDER BY Name" I'm doing this because the Users OU is really a container, not an OU. The results I get back are not at all correct. Can anyone point out the problem with my code and/or point me in the right direction for using OR in complex LDAP queries? Thanks, Andrew Fidel
RE: [ActiveDir] OT: DHCP Cluster
I will look into it. I was under the impression that it was a upgrade of the OS, but reading further it is actually a fresh install of the OS. I guess I took the word Upgrade in the wrong context. Thanks, Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.) Sent: Thursday, June 22, 2006 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: DHCP Cluster Can you do a rolling upgrade? Meaning evict one node from the cluster, reload it with 2K3 and put DHCP back on then add it back into the cluster and do the other node. I've done this with SQL many times, but I forgot what changed from W2K to W2k3 for DHCP..I don't remember anything mind blowing, but I'd look into anyways. -Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Thursday, June 22, 2006 10:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: DHCP Cluster Anybody know any good knowledgebase articles or resources for migrating a 2000 DHCP cluster to a 2003 DHCP cluster? I would appreciate the information/links. Thanks, Nate List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Slow Links Not Recognized for Offline Files
Thanks to all. I was under the (apparently mistaken) impression that the slow link for processing GPOs used the ping to the auth DC but that the slow link for offline files would (imagine that) ping the server that was marked offline. With an offline folder of any size, this constraint makes OLF almost unusable in remote sites. I have seen batch files that use some logic to force the folder offline, but this seems kludgey. Another thought: could I somehow peg the laptops to authenticate at their home DCs? The auth would be less traffic than the redirected files. And, Darren two things: one, how do disable idle sync? And two, are those rodents available as a Hotfix? Thanks. -- nme P.S. Brian's email was blank for me too. -Original Message- From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 8:19 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files I've had the same problem with configuring slow link for offline files. Very annoying when I'm at home, connected over VPN, and the damn thing insists on synchronizing. Anyway, I've only had spotty success configuring that GP setting below. I too set it very high and it still inconsistently would occasionally try to sync. In the end I just disabled idle sync completely, which seemed to solve the problem. In terms of the slow link detection process, the process (or at least the determination) is different for GP, user profiles and offline files. GP currently uses a lame-o mechanism with pings and yes, Neil is right that Vista replaces this with the mysterious Network Location Awareness process that is not well defined but apparently uses small rodents who run up the network cable and ask secret questions of domain controllers to determine how quickly they will respond. I suspect but I have not confirmed that user profiles and offline files use a similar ping sequence but they do it against the user profile server or the offline file sync share. AFAIK there is no way to see whether you have detected a slow link for offline files or not. Gpresult only shows GP's slow link status. Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 22, 2006 6:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files ... Although this all changes in Vista. NLA is used instead, AFAIK. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: 22 June 2006 03:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files No AFAIK the slow link detection is measured by the ICMP latency pinging the DC. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, June 21, 2006 6:05 PM To: ActiveDir.org Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files If I recall the link speed is the network speed attached to the PC not the WAN speed - so if it's a 100MB lan - that's the speed. I may be wrong, - but there is a world cup on and I have been drinking all evening, I have a dutch wife so currently I have two drink streams and I am finding it hard to stay sober. Hic hic -Original Message- From: Noah Eiger [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:26:15 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Slow Links Not Recognized for Offline Files Hi First, this is sort of a follow up on a cold thread from last year. I am having problems implementing the suggestions from last year.. I have offline files / folder redirection enabled for My Documents. The server files are stored at each users home Site. When laptop users go to a site different from their home, their redirected folders see the home server and access it directly that is they do not go offline. The laptops authenticate locally at the new site. I have tried adjusting slow links for Offline Files (ComputerAdmin TemplatesNetworkOffline FilesConfigure Slow link speed). I have set this limit very high (15 which should be around 15Mb) and made the reg mods described in KB 811525. The link is still not seen as slow. Gpresult /v says it is not a slow link, but I think that might be to the authenticating DC. Am I understanding this correctly? Thanks. -- nme .+w?B+v*rz+v*? .Bövrzöv PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s)
Re: [ActiveDir] Slow Links Not Recognized for Offline Files
No, I think you had it right the first time according to the doc and what Darren was saying: OLF use a separate mechanism for determining slow links than GPO does. I haven't tested this to see if it's true, but that's two sources saying the same thing. Tying the laptops to the DC in the home site would be a worse kludge than using a script to determine location in respect to home drive and disabling/enabling sync of OLF. I would opt for the script. Like I said earlier, put a trace on the wire and have a look to see what the mechanism is. It's possible there's a blockage on the wire that's preventing the detection from working properly. Maybe fragments or UDP or ?? Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: Thanks to all. I was under the (apparently mistaken) impression that theslow link for processing GPOs used the ping to the auth DC but that the slow link for offline files would (imagine that) ping the server that was markedoffline. With an offline folder of any size, this constraint makes OLFalmost unusable in remote sites.I have seen batch files that use some logic to force the folder offline, but this seems kludgey.Another thought: could I somehow peg the laptops to authenticate at theirhome DCs? The auth would be less traffic than the redirected files.And, Darren two things: one, how do disable idle sync? And two, are those rodents available as a Hotfix?Thanks.-- nmeP.S. Brian's email was blank for me too.-Original Message-From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 8:19 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline FilesI've had the same problem with configuring slow link for offline files. Very annoying when I'm at home, connected over VPN, and the damn thing insists onsynchronizing. Anyway, I've only had spotty success configuring that GPsetting below. I too set it very high and it still inconsistently would occasionally try to sync. In the end I just disabled idle sync completely,which seemed to solve the problem.In terms of the slow link detection process, the process (or at least thedetermination) is different for GP, user profiles and offline files. GP currently uses a lame-o mechanism with pings and yes, Neil is right thatVista replaces this with the mysterious Network Location Awareness processthat is not well defined but apparently uses small rodents who run up the network cable and ask secret questions of domain controllers to determinehow quickly they will respond. I suspect but I have not confirmed that userprofiles and offline files use a similar ping sequence but they do it against the user profile server or the offline file sync share. AFAIK thereis no way to see whether you have detected a slow link for offline files ornot. Gpresult only shows GP's slow link status.Darren Darren Mar-EliaFor comprehensive Windows Group Policy Information, check outwww.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Alsocheck out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information.-Original Message-From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of[EMAIL PROTECTED]Sent: Thursday, June 22, 2006 6:26 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline Files... Although this all changes in Vista.NLA is used instead, AFAIK.-Original Message- From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Brian Desmond Sent: 22 June 2006 03:44To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Slow Links Not Recognized for Offline FilesNo AFAIK the slow link detection is measured by the ICMP latency pinging the DC.Thanks,Brian Desmond[EMAIL PROTECTED]c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED]] On Behalf Of Mark Parris Sent: Wednesday, June 21, 2006 6:05 PM To: ActiveDir.org Subject: Re: [ActiveDir] Slow Links Not Recognized for Offline Files If I recall the link speed is the network speed attached to the PC not the WAN speed - so if it's a 100MB lan - that's the speed. I may be wrong, - but there is a world cup on and I have been drinking all evening, I have a dutch wife so currently I have two drink streams and I am finding it hard to stay sober. Hic hic -Original Message- From: Noah Eiger [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:26:15 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Slow Links Not Recognized for Offline Files Hi – First, this is sort of a follow up on a cold thread from last year. I am having problems implementing the suggestions from last year.. I have offline files / folder redirection enabled for My Documents. The server files are stored at each user's "home" Site. When laptop users go to a site different from their home, their redirected folders see the home server and access it directly – that is they do not go offline. The laptops authenticate locally at the new
RE: [ActiveDir] Complex LDAP Queries
Thanks for the input, I ended up finally figuring it out. The correct format is objCommand.CommandText = SELECT Name, ADsPath FROM sADPath _ WHERE objectCategory='organizationalUnit' OR objectCategory='container' AND Name='Users' ORDER BY Name The AND is evauluated before the OR so this gives me all of my OU's plus the Users container. joe [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 06/22/2006 11:39 AM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Complex LDAP Queries In general SQL statements suck for LDAP queries. You should try to use LDAP for LDAP queries. First off, relatively few people use SQL format so the help is less than stellar. Second off, the SQL language has features that imply capability in LDAP queries that do not exist. Folks who are trying to work with it usually don't know much about it and tend to look at SQL help and then get confused when something doesn't work. Examples are using LIKE or multiple SORT keys and how to convert a complex LDAP query to SQL. And as for Users, you are correct, it is objectclass container. That is why they call it the Users container instead of the Users OU. :) By default, every top level container under the domain NC head is a container versus an OU with the exception of Domain Controllers. Anyway, a guess (yeah I don't use SQL statements either) for the proper SQL string would be something like SELECT blah,blah2,blah3 FROM path WHERE blah4='blah5' OR blah6='blah7' ORDER BY blah -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 22, 2006 10:15 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Complex LDAP Queries I'm trying to transfrom this: objCommand.CommandText = SELECT Name, ADsPath FROM sADPath _ WHERE objectCategory='organizationalUnit' ORDER BY Name into this using the LDAP OR syntax from MS's scripting site: objCommand.CommandText = SELECT Name, ADsPath FROM sADPath _ WHERE |(objectCategory='organizationalUnit')(objectCategory='container') ORDER BY Name I'm doing this because the Users OU is really a container, not an OU. The results I get back are not at all correct. Can anyone point out the problem with my code and/or point me in the right direction for using OR in complex LDAP queries? Thanks, Andrew Fidel
[ActiveDir] DC Configuration
We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in #2). -- nme -Original Message- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DC Configuration
There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
Al - Look in the archivies from 11/05 for the Raid suggestions for DC thread. It was discussed most thoroughly by some of our luminaries :-) HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DC Configuration
Free, Bob wrote: Al - Look in the archivies from 11/05 for the Raid suggestions for DC thread. It was discussed most thoroughly by some of our luminaries :-) Will do. Thanks, al HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] DC Configuration
Al Mulnick wrote: There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, *Noah Eiger* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in #2). The mirrors would be in hardware. Software raid - only time I've ever lost customer data was due to software raid. Never again. Splitting a large volume into two partitions gains nothing IMO. Personally I like my databases on different spindles than the OS. We have some Unix based apps that hit the DC's pretty hard. Their use is only going up. We should be able to fit the DIT in memory so I think I'll push for that. Not sure it's a battle I can win but it's always fun to try. thanks, (the other) al [EMAIL PROTECTED] -- nme -Original Message- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org mailto:ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] NETBIOS Character Limitation?
Bingo. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, June 19, 2006 4:29 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] NETBIOS Character Limitation? NetBIOS names are restricted to 15 chars. As joe stated, the $ is not included in that 15 since it's not part of the name being resolved (using WINS) - it's only used within the AD database itself. The 16th char is reserved and indicates the service(s) offered by this NBT name. Nothing changed from NT to w2k to w2k3 with regard to NBT names. Asjoe also stated, your app appears to introduce a 14 char limitation and not the underlying OS. ADUC can certainly create a 15 char NBT name (and still append the $ char in the database) without issue. I hope this helps. neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 16 June 2006 18:17To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.orgCc: joeSubject: RE: [ActiveDir] NETBIOS Character Limitation? Hi Joe, So going back to my orginal question, can I use 15 charcter server names or am I limited to 14 charchters? Jose -- Original message -- From: "joe" [EMAIL PROTECTED] The $ for computer accounts isn't included in theNetBIOS name for nameres, only in the DB and that was to hidethem from being displayed with normal user accounts in NT days. What is the web based tool? Tell the vendor to fix it. In the meanwhile, create the account another way. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, JoseSent: Friday, June 16, 2006 12:06 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] NETBIOS Character Limitation? Greetings, I am trying to create a 15 character SQL cluster node name in Active Directory using a web based tool. The tool will only allow me to use 14 characters and the Active Directory group states The 14 character limit is due to the '$' that must be appended to the samAccountName for backward compatibility. WINS has a 15 character limit. To ensure there is always room for the '$' the field is limited to 14 characters . I have been working with WINS since NT 3.51, and NetBIOS has always been 15 characters followed by a 16th binary value. The last 16th binary value is for a unique ID. I have Michael Masterson's WINS DNS book (I was on the board of the NTEA www.ntea.net ) with him. http://www.amazon.com/gp/product/1562059432/qid=1150472910/sr=1-7/ref=sr_1_7/002-3567057-9128019?s=booksv=glancen=283155 Was the character limitation reduced in AD 2003 and Wins? Sincerely, Jose MedeirosStorage Area Network Systems EngineerMCP+I, MCSE, NT4 MCT 408-765-0437 Direct, 408-449-6621 Cell "Anyone who has never made a mistake has never tried anything new." Albert Einstein PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies.
Re: [ActiveDir] DC Configuration
Free, Bob wrote: Al - Look in the archivies from 11/05 for the Raid suggestions for DC thread. It was discussed most thoroughly by some of our luminaries :-) Will do. Thanks, al HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Recall: NETBIOS Character Limitation?
Does this ever work? I mean for something other than making you look at the message really closely that the person wants to recall... snicker -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, June 16, 2006 12:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recall: NETBIOS Character Limitation? Medeiros, Jose would like to recall the message, NETBIOS Character Limitation?. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] Is this like AD blog season or what?
I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but one of the more visible AD gurus. I would probably pay to subscribe to a blog by DonH if he told stories of all of the AD Dev work and why various decisions were made. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, June 09, 2006 4:29 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is this like AD blog season or what? Active Directory Discussion : Introducing the Active Directory Discussion Blog: http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx -- Letting your vendors set your risk analysis these days? http://www.threatcode.com The SBS product team wants to hear from you: http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
You must be thinking of a different kind of RAID. Last I checked software RAID was something to do with roach spray. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 5:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, June 22, 2006 5:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in #2). -- nme -Original Message- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ] Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] OT: RUS
Babysteps... The likelihood of a full grown perfect provisioning system dropping into your lap is almost as unlikely as a duplicate GUID being created. So start small, this is what I have always done when growing up systems. Usually I would ask for permission to spend time on building a system, be told not only no but hell no and I better not catching you working on that so I spend an hour here and there after work building it in a skunkworks fashion. I did that at one Financial company for managing the NT4 resource domain and rolled out a real rough looking tool to the support people, didn't tell any of the management who told me not to do it. The support people loved it, my team of 3 people loved it. Everyone was far more productive because everything was verified and logged and didn't require contacting a DA to get the work done. Eventually the management was like, hey how did you guys get so productive so I showed my boss the site and he told me to make it look pretty and then a month or two later he announced to everyone that the group had thought up, designed, and builta brand new way of managing the environment. Most of the folks were like yeah, the group of joe is the one, the rest of you didn't have anything to do with it except trying to stop him. ;o) Anyway, that whole thing grew up out of scripts. I started scripting each individual task that we as DAs had to do. At first the scripts did the work and logged it all so we didn't need to use the GUI, as that freed up time then the scripts were modified to do data validation and then make changes. Then I added reporting to it so say you requested a quota increase for someone, it validated the quota values, changed the quota, then updated the reporting database to reflect the new quota. Ditto for software delivery stuff. Then I threw up a web site on a NT4 workstation and set up a basic auth system that used windows auth and backended into an Access database to retrieve authz info. Slowly I added the scripts to the web site and let the support analysts use them. It wasn't the greatest but it was such a stellar leap over what had come before and really helped stabilize our data collection and tracking capability not to mention making folks more efficient because they could say get a queue restarted or purged without having to chase down one of three domain admins who really didn't give a crap if a print queue was working or not. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin (ITS)Sent: Tuesday, June 13, 2006 9:11 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: RUS Al, I think thats great advice. I wish we really had a provisioning system, like MIIS or something similar. We have 22,000 users and theyre all maintained by hand, which is horrible. We have considered using a custom attribute to tag employees as well. Were definitely going to be using employeeType in the near future to at least identify service accounts and contractors/vendors. I think we might end up tagging other custom attributes as well. We currently tag a custom attribute with the users Exchange quota limit so that our Exchange guys can use that attribute to set mailbox limits. Since were on the topic of UPNs, how are additional UPNs created and managed? There are about 15 additional UPNs in our UPN dropdown list that were created long before I was here, and honestly we dont need them. I believe at some point the previous admin was going to have a separate UPN for each department, such as police.domain.com, fire.domain.com, sheriff.domain.com. Im not sure what the thinking behind that was (although Im sure there was a reason) but we have no use for them at this point. How can I remove them or modify them? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Tuesday, June 13, 2006 7:41 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: RUS I think it's a really good idea to clean up the UPN's. However, I think it worth noting that you may want to have a look at the process that provisions the users and creates those upn's. Just to make sure you don't end up doing the work over and over again. I realize upn alone will work, but I think it would be a good idea to consider tagging the user objects' custom attributes with some identifying information as well. It may be that in the future you'll want to sort on different attributes and you may or may not be in a situation where upn is flexible enough. Al On 6/13/06, Clay, Justin (ITS) [EMAIL PROTECTED] wrote: We have 1 AD forest with 5 total domains. They are "sister" domains and they don't share a namespace. For instance we have one domain for our Police Department, one for the Sheriff Department, one for the Public Schools, etc. As for Steven's suggestion for UPN, we
RE: [ActiveDir] AD integration
And I will consume with a smile. :) Al is usually sneaking around with the Exchange folks. I am usually with Dean and we are usually at a bar or chasing down dev guys. :) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR Sent: Tuesday, June 13, 2006 6:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD integration Just want to quickly say thanks to both of you, Joe and Al, you've helped me form some thoughts around this area that I can work with. This short discussion has been very useful. If I ever see either of you at a MVP gathering I owe you a beverage of your choice, or two. -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of joe Sent: 12 June 2006 15:57 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD integration The answer to this one is of course it depends. At first blush it sounds like a single threaded app. Depending on the vendor, this may be the best/safest thing to do. :) As for best practices. I don't think there are any best practices for how many domains you should pull data from at a time. It would again depend entirely on the app and what it is supposed to be doing and the dangers exposed in doing it. For a relatively fast application that works well in single and multidomain environments I could see cases where it is better to pull from the GC or better to set up a thread pool and pull from x domains at once or a combination. Certainly the thread pool solutions are the more scalable solutions but they are also the much harder to do right and the more costly solutions. Most customers chose apps on how cheap they are first, then later they start to realize the shortcomings that made them cheaper. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob MOIR Sent: Monday, June 12, 2006 8:31 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD integration Just a quick question. Is anyone aware of any best practice documentation of how a product ought to integrate with AD (e.g. to pull out user data for its own use). Failing that, can anyone comment on what they think of a model that can only pull data out of one domain at a time so for a 1 domain forest needs to make a connection to each domain in turn, pull down that information and then load it into SQL server. Am I crazy in thinking that anyone following this model has probably just found out that their old NT4 domain integration code kinda works and did the bare minimum tidying up before halting any further work? -- Robert Moir Microsoft MVP for Windows Servers Security Senior IT Systems Engineer Luton Sixth Form College Right vs. Wrong | Good vs. Evil God vs. the devil | What side you on? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
Exactly... Congress: Ethics? What's that? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:25 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006 List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive:
Re: [ActiveDir] Recall: NETBIOS Character Limitation?
It ALWAYS makes me look closer at the original message. It works in Novell is my understanding. joe wrote: Does this ever work? I mean for something other than making you look at the message really closely that the person wants to recall... snicker -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, June 16, 2006 12:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recall: NETBIOS Character Limitation? Medeiros, Jose would like to recall the message, NETBIOS Character Limitation?. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
OS, DIT, logs on separate spindles. Enough memory to store the DIT + overhead. -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS. Any thoughts, opinions, suggestions? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DC Configuration
Ethics? Thats the stuff the guys in the other party don't have. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:52 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Exactly... Congress: Ethics? What's that? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:25 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-EliaSent: Thursday, June 22, 2006 6:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, June 22, 2006 3:05 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles.But then I tend to work with bigbusy directorieswith Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM tohold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, June 22, 2006 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just asingle C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in#2).-- nme-Original Message-From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ]Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx--No virus found in this incoming message.Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/370 - Release Date: 6/20/2006--No virus found in
RE: [ActiveDir] Recall: NETBIOS Character Limitation?
Well duh, everything works perfect on NOvell. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Thursday, June 22, 2006 6:58 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Recall: NETBIOS Character Limitation? It ALWAYS makes me look closer at the original message. It works in Novell is my understanding. joe wrote: Does this ever work? I mean for something other than making you look at the message really closely that the person wants to recall... snicker -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, June 16, 2006 12:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recall: NETBIOS Character Limitation? Medeiros, Jose would like to recall the message, NETBIOS Character Limitation?. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] AD Security permission continues to be auto-removed
We have some users that have mobile devices that connect to Exchange. The3rd party applicationuses a dedicated account to send mail from the devices. This account needs to have "Send As..." permissions on each of the user accounts' security settings. We have set it in all users (about two dozen) but one userin particular has a problem. We set the permission and give it "Send As..." rights (just like all the others - no different), but usually within an hour, the newly added permission is gone - not just the "Send As" setting, but the whole account name is gone from this user's security settings as if we never added it in the first place. We have five DC's and I have tried adding it from each DC with the same results. I am baffled by this. Does anyone have any suggestions?
Re: [ActiveDir] DC Configuration
...whichever party that may be. On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote: Ethics? Thats the stuff the guys in the other party don't have. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Exactly... Congress: Ethics? What's that? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles. But then I tend to work with big busy directories with Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM to hold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, June 22, 2006 5:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in #2). -- nme -Original Message- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ] Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two schools of thought exist here. 1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and system state backups 2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS, the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the application data. Others here like carving up the volume at the OS.
RE: [ActiveDir] Is this like AD blog season or what?
I still want to hear about the admin limit exceeded stuff. Any stories on history of why things were done certain ways is always great too. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, June 22, 2006 7:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is this like AD blog season or what? I wouldn't mind hearing specific things people would like to hear about ... I have my own internal list of ideas of stuff to blog about / proto blogs / etc, but wondering how much my plan matches desire. Cheers, -BrettSh On Thu, 22 Jun 2006, joe wrote: I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but one of the more visible AD gurus. I would probably pay to subscribe to a blog by DonH if he told stories of all of the AD Dev work and why various decisions were made. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, June 09, 2006 4:29 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is this like AD blog season or what? Active Directory Discussion : Introducing the Active Directory Discussion Blog: http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx -- Letting your vendors set your risk analysis these days? http://www.threatcode.com The SBS product team wants to hear from you: http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] AD Security permission continues to be auto-removed
http://www.google.com/search?sourceid=navclientie=UTF-8rls=GGLG,GGLG:2006-21,GGLG:enq=adminsdholder -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J BSent: Thursday, June 22, 2006 8:08 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD Security permission continues to be "auto-removed" We have some users that have mobile devices that connect to Exchange. The3rd party applicationuses a dedicated account to send mail from the devices. This account needs to have "Send As..." permissions on each of the user accounts' security settings. We have set it in all users (about two dozen) but one userin particular has a problem. We set the permission and give it "Send As..." rights (just like all the others - no different), but usually within an hour, the newly added permission is gone - not just the "Send As" setting, but the whole account name is gone from this user's security settings as if we never added it in the first place. We have five DC's and I have tried adding it from each DC with the same results. I am baffled by this. Does anyone have any suggestions?
RE: [ActiveDir] [OT] DC Configuration
A party? Where? They got beer? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, June 22, 2006 8:31 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration ...whichever party that may be. On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote: Ethics? Thats the stuff the guys in the other party don't have. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Exactly... Congress: Ethics? What's that? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles. But then I tend to work with big busy directories with Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM to hold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, June 22, 2006 5:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles (as in #2). -- nme -Original Message- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] ] Sent: Thursday, June 22, 2006 1:24 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Configuration We have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64 bit Dell PowerEdge servers. Most of the discussion is about disk configuration. Two
Re: [ActiveDir] Is this like AD blog season or what?
I loved the Lobster thingy (even though I hate fish) joe wrote: I still want to hear about the admin limit exceeded stuff. Any stories on history of why things were done certain ways is always great too. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, June 22, 2006 7:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Is this like AD blog season or what? I wouldn't mind hearing specific things people would like to hear about ... I have my own internal list of ideas of stuff to blog about / proto blogs / etc, but wondering how much my plan matches desire. Cheers, -BrettSh On Thu, 22 Jun 2006, joe wrote: I wouldn't mind seeing some AD Dev guys blogging. The closest to it that I am aware of is Brett then ~Eric and Eric isn't in AD Dev nor ever was but one of the more visible AD gurus. I would probably pay to subscribe to a blog by DonH if he told stories of all of the AD Dev work and why various decisions were made. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, June 09, 2006 4:29 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Is this like AD blog season or what? Active Directory Discussion : Introducing the Active Directory Discussion Blog: http://blogs.technet.com/ad/archive/2006/06/09/434604.aspx -- Letting your vendors set your risk analysis these days? http://www.threatcode.com The SBS product team wants to hear from you: http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] [OT] DC Configuration
I know, I know...how about the AD Party? We're ethical, right? joe's probably the most ethical guy around. And he gives stuff away for free. When was the last time you saw a politician do that? I nominate him for President! ;-) Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 8:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [OT] DC Configuration A party? Where? They got beer? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, June 22, 2006 8:31 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration ...whichever party that may be. On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote: Ethics? Thats the stuff the guys in the other party don't have. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Exactly... Congress: Ethics? What's that? -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Yea, it seemed an awful basic question for you joe. And, of course I fell for it. Agreed though that software RAID is like Congress creating its own ethics rules--just a bad idea all around. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration ROFL! That was more of a case of purposely refusing to acknowledge software RAID versus truly understanding what it is. I have had far more than my share of times trying to rebuild software raid configs. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, June 22, 2006 6:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration Software RAID is where the OS (in this case) handles the striping of the data rather than the hardware (usually the controller). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, June 22, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Configuration o Software RAID? What's that? o Yeah I am not a fan of mirrors. I like lots of spindles. But then I tend to work with big busy directories with Exchange beating on it. Being 64 bit you don't have to worry _as much_ assuming you have enough RAM to cache your entire DIT but you still have to load that baby in the first place so I would still recommend RAID 0+1, 10, or 5 or if you don't care about fault tolerance the fastest is RAID-0. o I would say if you are going 64 bit, make sure you make it a priority to get enough RAM to hold your entire DIT. That is the cool thing about getting 64 bit. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Thursday, June 22, 2006 5:12 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DC Configuration There would be a little more to gain than that but often that's the reason. joe might point out that a two mirror configuration is not his optimal configuration. I'm pretty sure he'd also point out that compared with software raid, that he'd take that option. :) I can honestly say I'd agree with him on this one. Software mirroring for this type of application is never a good idea. The slower spindle speeds likely won't be enough of an issue to matter in your configuration. Unless you have a very large DIT queue jokes here or applications that pound the snot out of the individual servers spindle speed won't be nearly as important. Since it's 64 bit you're after, spend some money on the memory and take advantage of the cache as much as you can. Al On 6/22/06, Noah Eiger [EMAIL PROTECTED] wrote: What would the partitions on the first configuration gain you (over just a single C:)? I thought the idea behind placing NTDS, etc on something _besides_ C: was to get the performance benefits of extra spindles
RE: [ActiveDir] AD Security permission continues to be auto-removed
I have a 2-part discussion of this behavior starting here: http://www.akomolafe.com/JustSaying/tabid/193/EntryID/19/Default.aspx It's a bit headache-inducing, but at least you will get the benefit of knowing that it is "by design" HTH Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J BSent: Thursday, June 22, 2006 5:08 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] AD Security permission continues to be "auto-removed" We have some users that have mobile devices that connect to Exchange. The3rd party applicationuses a dedicated account to send mail from the devices. This account needs to have "Send As..." permissions on each of the user accounts' security settings. We have set it in all users (about two dozen) but one userin particular has a problem. We set the permission and give it "Send As..." rights (just like all the others - no different), but usually within an hour, the newly added permission is gone - not just the "Send As" setting, but the whole account name is gone from this user's security settings as if we never added it in the first place. We have five DC's and I have tried adding it from each DC with the same results. I am baffled by this. Does anyone have any suggestions?
Re: [ActiveDir] DC Configuration
Interesting how much traffic this subject has garnered. But I have to ask, why? I mean, we haven't even heard the performance concepts and you're ready to put this on extra hardware no questions. What if he only had about 500 users? Would that still hold? What if it were a largely distributed environment and they had a network such that they needed many smaller vs. fewer larger DC's? Maybe a branch office environment? I hate software raid (joe's sure to put that definitionin a wiki somewhere) because of the false sense of hope it gives the implementer. But I do understand the idea of the least amount of hardware for the task at hand and not a penny more hardware than is needed. Not that I'm even coming close to endorsing software level RAID - far from it. So why not a RAID 1 partition that holds all the OS, binaries, log files, file and print facilitiesetc? It's a distributed app and could very easily work to the specs needed in a largely distributed architecture. Were RODC available, it might be chosen for some of the ones I have in mind. I'm sure you feel I'm baiting you and picking on you Gil but I am curiouswhat some of thethinking in the crowd is G On 6/22/06, Gil Kirkpatrick [EMAIL PROTECTED] wrote: OS, DIT, logs on separate spindles.Enough memory to store the DIT + overhead.-gil-Original Message- From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Al Lilianstrom Sent: Thursday, June 22, 2006 1:24 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] DC ConfigurationWe have some budget money to replace domain controllers this year. Not all of them but probably half of them. We've pretty much decided on 64bit Dell PowerEdge servers. Most of the discussion is about diskconfiguration. Two schools of thought exist here.1) 2x73GB 15K drives in RAID1. Carve up the volume at the OS level with 20GB or so for the OS and the remainder for NTDS, Sysvol, and systemstate backups2) Two sets of 2x73 10K drives in RAID1. The first set is for the OS,the second is for NTDS, Sysvol, and system state backups. I've always liked physically separating the OS from the applicationdata. Others here like carving up the volume at the OS.Any thoughts, opinions, suggestions? tia, al--Al Lilianstrom CD/CSS/CSI[EMAIL PROTECTED]List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspxList info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] How to block particular Subjects
Hi AdamT, Actually I didn'tuse IMF before, Isthatit will really blocked the particular Subjects (attachement).I mean to say that If user sends their attachement with particular subjects, So it should be blocked. Sam. On 6/21/06, AdamT [EMAIL PROTECTED] wrote: On 21/06/06, Ajay Kumar [EMAIL PROTECTED] wrote: I just wanna to know that, Is that possible to block particulars subjects Ex: ( Resume ). when user send any mail related to same subject to other domain ( Internet ).We are using exchange server 2003 and atleast 500 users. Pls give me any suggestion / Software through I can blockHave you looked at Intelligent Message Filters? http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html--AdamTA casual stroll through the lunatic asylum shows that faith does notprove anything. - Nietzsche List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] Recall: NETBIOS Character Limitation?
Hi Joe, It works with in an Exchange Organization, and your right it does not work once the message has been routed through the SMTP Gateway. My apologies for the un-necessary email. Jose - Original Message - From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Thursday, June 22, 2006 3:57 PM Subject: Re: [ActiveDir] Recall: NETBIOS Character Limitation? It ALWAYS makes me look closer at the original message. It works in Novell is my understanding. joe wrote: Does this ever work? I mean for something other than making you look at the message really closely that the person wants to recall... snicker -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, June 16, 2006 12:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recall: NETBIOS Character Limitation? Medeiros, Jose would like to recall the message, NETBIOS Character Limitation?. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx