RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
> However, I've had horrible experiences with __DFS__, and have high > expectations for DFS-R. I'm sure you meant FRS (even though if requires DFS), but the core DFS features of Win2003 are actually not changing that much in R2. I'd almost vote that the DFS updates from Win2000 to Win2003 were more important (e.g. multiple roots, better site-awareness) than the additions to DFS in R2. And it does work rather well already. Granted, R2 does have a great new MMC SnapIn to manage the roots and links and I certainly like the capability to create place-holder folders to create a true hierarchy in DFS (without the requirement to cascade roots). Other nice features are the target priority and failback options (if you have multiple targets at all) - realize that failback will only be made available to XP SP2 clients with a special hotfix (so it may be of limited use). The main advantages are truly the file replication engine - i.e. the advantages of DFS-R over FRS are enormous. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Donnerstag, 4. August 2005 16:29 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Ouch Bad Rick. I haven't spent as much time as I would like with R2. I appreciate you pointing out the schema update, and I'll have to go look at the .ldf to get an idea of what it does. To be honest - I completely missed that. As to testing and functionality, I highly recommend that anyone looking to implement new functionality into an exitisng production environment test it. Interaction and co-operation among applications and server components is a funny thing. One should not blindly believe that just because it's a module on top of Win2k3 that it will not have any negative side effects is asking for trouble. As to DFS-R, I'd have to say that it - too, is the number one on my list of best additions that should have been there a long time ago. I see it as having the potential of solving many problems. However, I've had horrible experiences with DFS, and have high expectations for DFS-R. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, August 04, 2005 3:37 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Rick, I agree that R2 adds new functionalities. As we all know R2 is an updated release of the Windows Server OS and it is not mandatory. My opinion is that R2 has some new cool features and my favorite is DFS-R!!! Update Releases (http://www.microsoft.com/windowsserver2003/evaluation/overview/roadmap. mspx ) Update releases integrate the previous major release with the latest service pack, selected feature packs, and new functionality. Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack. Any additional functionality provided by an update would be optional and thus not affect application compatibility or require customers to re-certify or re-test applications. As you can see above, Microsoft states "Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack" The integration on member servers is easy and straightforward and requires no testing as nothing will be enabled. The integration on DCs and the use of several component (print connections, DFS-R, etc) demand an extension of the AD schema to version 31 so the new objects and attributes are available for "print connections", DFS-R and Unix Identity Management. Some components also demand the installation and use of the new "Microsoft .NET Framework v2".. With this in mind, and for those who want to implement R2, my opinion is to still test and plan it. Especially for the new framework and the schema update. By the way: the R2 schema update does not change the PAS. What are your thoughts on this? Cheers, #JORGE# From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 8/3/2005 11:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds fu
RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
Ouch Bad Rick. I haven't spent as much time as I would like with R2. I appreciate you pointing out the schema update, and I'll have to go look at the .ldf to get an idea of what it does. To be honest - I completely missed that. As to testing and functionality, I highly recommend that anyone looking to implement new functionality into an exitisng production environment test it. Interaction and co-operation among applications and server components is a funny thing. One should not blindly believe that just because it's a module on top of Win2k3 that it will not have any negative side effects is asking for trouble. As to DFS-R, I'd have to say that it - too, is the number one on my list of best additions that should have been there a long time ago. I see it as having the potential of solving many problems. However, I've had horrible experiences with DFS, and have high expectations for DFS-R. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, August 04, 2005 3:37 AM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Rick, I agree that R2 adds new functionalities. As we all know R2 is an updated release of the Windows Server OS and it is not mandatory. My opinion is that R2 has some new cool features and my favorite is DFS-R!!! Update Releases (http://www.microsoft.com/windowsserver2003/evaluation/overview/roadmap.mspx ) Update releases integrate the previous major release with the latest service pack, selected feature packs, and new functionality. Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack. Any additional functionality provided by an update would be optional and thus not affect application compatibility or require customers to re-certify or re-test applications. As you can see above, Microsoft states "Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack" The integration on member servers is easy and straightforward and requires no testing as nothing will be enabled. The integration on DCs and the use of several component (print connections, DFS-R, etc) demand an extension of the AD schema to version 31 so the new objects and attributes are available for "print connections", DFS-R and Unix Identity Management. Some components also demand the installation and use of the new "Microsoft .NET Framework v2".. With this in mind, and for those who want to implement R2, my opinion is to still test and plan it. Especially for the new framework and the schema update. By the way: the R2 schema update does not change the PAS. What are your thoughts on this? Cheers, #JORGE# From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 8/3/2005 11:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds functionality. Remember that Rights Management Services when run on Win2k3 really changes nothing in the way that the OS operates and communicates. Functionality of the base doesn't change. However, RMS adds functionality and has a very minor impact on AD - which is not a schema change, but a Service Point addition to allow detection and determination of what server(s) is/are running RMS. This is really what you'll see out of R2. ADFS (Active Directory Federation Services) for example, is not going to make a huge change to the underlying OS functions - nor is it going to make a big change to AD. It's going to provide a way to EXTEND AD into a Federated Service for Partner access/auth to a common AuthN mechanism (and much more - but it's not important at the moment). The important thing is that for this release - R2 is a collection of really valuable and cool enhancement that many, many customers have been asking for. However, the point is that they are plug-in modules. It's much like putting new rims, tires, a body kit, a stereo, lowering kit, and a fart can on your Honda. It's still a Honda, but you've added customized pieces to it. Think of R2 as these things for your Honda. (However, yo
RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
Rick, I agree that R2 adds new functionalities. As we all know R2 is an updated release of the Windows Server OS and it is not mandatory. My opinion is that R2 has some new cool features and my favorite is DFS-R!!! Update Releases (http://www.microsoft.com/windowsserver2003/evaluation/overview/roadmap.mspx) Update releases integrate the previous major release with the latest service pack, selected feature packs, and new functionality. Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack. Any additional functionality provided by an update would be optional and thus not affect application compatibility or require customers to re-certify or re-test applications. As you can see above, Microsoft states "Because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack" The integration on member servers is easy and straightforward and requires no testing as nothing will be enabled. The integration on DCs and the use of several component (print connections, DFS-R, etc) demand an extension of the AD schema to version 31 so the new objects and attributes are available for "print connections", DFS-R and Unix Identity Management. Some components also demand the installation and use of the new "Microsoft .NET Framework v2".. With this in mind, and for those who want to implement R2, my opinion is to still test and plan it. Especially for the new framework and the schema update. By the way: the R2 schema update does not change the PAS. What are your thoughts on this? Cheers, #JORGE# From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Wed 8/3/2005 11:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds functionality. Remember that Rights Management Services when run on Win2k3 really changes nothing in the way that the OS operates and communicates. Functionality of the base doesn't change. However, RMS adds functionality and has a very minor impact on AD - which is not a schema change, but a Service Point addition to allow detection and determination of what server(s) is/are running RMS. This is really what you'll see out of R2. ADFS (Active Directory Federation Services) for example, is not going to make a huge change to the underlying OS functions - nor is it going to make a big change to AD. It's going to provide a way to EXTEND AD into a Federated Service for Partner access/auth to a common AuthN mechanism (and much more - but it's not important at the moment). The important thing is that for this release - R2 is a collection of really valuable and cool enhancement that many, many customers have been asking for. However, the point is that they are plug-in modules. It's much like putting new rims, tires, a body kit, a stereo, lowering kit, and a fart can on your Honda. It's still a Honda, but you've added customized pieces to it. Think of R2 as these things for your Honda. (However, you might want R2 much more than you want a 'fart can' or a lowering kit...) As Guido mentions - and rightfully so, the big plumbing pieces aren't coming in until LH Server. However, THOSE are really going to be worth waiting for. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, August 03, 2005 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes actually that's not the case Carlos - even after all DCs are upgraded to R2, SYSVOL is still using the legacy FRS replication mechanism. This won't change before Lonhorn. so it should stay on the list of gripes ;-) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Dienstag, 2. August 2005 23:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes * Using the new DFS-Replication mechanism in R2 for the SYSVOL This is available AFAIK if all your servers are running R2 :P Carlos Magalhaes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wel
RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
Counting down the sections until MS Marketing and Legal descend upon Rick for comparing the R2 Upgrade to a, and I quote, "Fart Can" Mr. Kingslan this is not the way we describe our products to potential customers. I will however back up the part about R2 being addon packs from what I understand as well. If you don't need these add on packs, R2 is probably not going to appeal to you. For me, the most exciting part of it is R2 AD/AM and ADAMSynch for instance. The OS level changes are the K3 SP1 changes. Sure there is a schema mod in there but that is simply to support the addons such as UNIX attributes, etc. It is always possible something could change, just like we were never going to see feature changes ever again in SPs, but I expect we won't see a change from the addon strategy for this. You will simply be getting a rerelease of the main product with SP1 and hot fixes slipped in with some additional control panel add windows component pieces. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, August 03, 2005 5:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes) Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds functionality. Remember that Rights Management Services when run on Win2k3 really changes nothing in the way that the OS operates and communicates. Functionality of the base doesn't change. However, RMS adds functionality and has a very minor impact on AD - which is not a schema change, but a Service Point addition to allow detection and determination of what server(s) is/are running RMS. This is really what you'll see out of R2. ADFS (Active Directory Federation Services) for example, is not going to make a huge change to the underlying OS functions - nor is it going to make a big change to AD. It's going to provide a way to EXTEND AD into a Federated Service for Partner access/auth to a common AuthN mechanism (and much more - but it's not important at the moment). The important thing is that for this release - R2 is a collection of really valuable and cool enhancement that many, many customers have been asking for. However, the point is that they are plug-in modules. It's much like putting new rims, tires, a body kit, a stereo, lowering kit, and a fart can on your Honda. It's still a Honda, but you've added customized pieces to it. Think of R2 as these things for your Honda. (However, you might want R2 much more than you want a 'fart can' or a lowering kit...) As Guido mentions - and rightfully so, the big plumbing pieces aren't coming in until LH Server. However, THOSE are really going to be worth waiting for. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, August 03, 2005 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes actually that's not the case Carlos - even after all DCs are upgraded to R2, SYSVOL is still using the legacy FRS replication mechanism. This won't change before Lonhorn. so it should stay on the list of gripes ;-) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Dienstag, 2. August 2005 23:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes * Using the new DFS-Replication mechanism in R2 for the SYSVOL This is available AFAIK if all your servers are running R2 :P Carlos Magalhaes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: 02 August 2005 09:59 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Biggest AD Gripes http://www.novell.com :o) Bloody NetWare bigot ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, August 02, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes A while ago I put some AD feature thoughts in a textfile not knowing what to do with them at that moment Here goes: * Active Directory thoughts: * OU = security principal * Possibility to merge Forests * "Cut and paste" a domain from one forest to another * Domain concept: * Domain controller -> directory server (not specific to a certain dom
RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
Guido (and all, really)- You bring up a good point. There seems to be some misconception and misinformation (BTW, no one here is doing the misinformation - just to be clear) around R2. When R2 is installed (or whatever this is going to be called when released - it may be just Windows Server 2003 Release 2 - or it might be something else) it is really a series of modules that ADD FUNCTIONALITY. That's key - it adds functionality. Remember that Rights Management Services when run on Win2k3 really changes nothing in the way that the OS operates and communicates. Functionality of the base doesn't change. However, RMS adds functionality and has a very minor impact on AD - which is not a schema change, but a Service Point addition to allow detection and determination of what server(s) is/are running RMS. This is really what you'll see out of R2. ADFS (Active Directory Federation Services) for example, is not going to make a huge change to the underlying OS functions - nor is it going to make a big change to AD. It's going to provide a way to EXTEND AD into a Federated Service for Partner access/auth to a common AuthN mechanism (and much more - but it's not important at the moment). The important thing is that for this release - R2 is a collection of really valuable and cool enhancement that many, many customers have been asking for. However, the point is that they are plug-in modules. It's much like putting new rims, tires, a body kit, a stereo, lowering kit, and a fart can on your Honda. It's still a Honda, but you've added customized pieces to it. Think of R2 as these things for your Honda. (However, you might want R2 much more than you want a 'fart can' or a lowering kit...) As Guido mentions - and rightfully so, the big plumbing pieces aren't coming in until LH Server. However, THOSE are really going to be worth waiting for. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, August 03, 2005 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes actually that's not the case Carlos - even after all DCs are upgraded to R2, SYSVOL is still using the legacy FRS replication mechanism. This won't change before Lonhorn. so it should stay on the list of gripes ;-) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Dienstag, 2. August 2005 23:15 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes * Using the new DFS-Replication mechanism in R2 for the SYSVOL This is available AFAIK if all your servers are running R2 :P Carlos Magalhaes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: 02 August 2005 09:59 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Biggest AD Gripes http://www.novell.com :o) Bloody NetWare bigot ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, August 02, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes A while ago I put some AD feature thoughts in a textfile not knowing what to do with them at that moment Here goes: * Active Directory thoughts: * OU = security principal * Possibility to merge Forests * "Cut and paste" a domain from one forest to another * Domain concept: * Domain controller -> directory server (not specific to a certain domain, but hosting naming contexts) * Password policies not only per domain but also per OU * Keep domain as a replication boundary but remove the flat structure (prevent context login like NDS -> Aliases?) * Multiple replication boundaries (naming contexts) per directory server * Remove domain as an entity. Forest is only entity needed * Integrate file system and possible other resources into the directory (e.g. search where security principals are used) * Permissioning TOP-DOWN and BOTTOM-UP (file system) * Delegation of Control: ability to dictate MEMBERS attribute AND the MEMBEROF attribute (so the possibility exists to dictate which users can be added to what groups) * Disabling sidhistory? * Loginscripts at container level * Using the new DFS-Replication mechanism in R2 for the SYSVOL Just some thoughts. Interesting? Cheers, #JORGE# -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, August 02, 2005 18:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Biggest AD Gripes So what are everyone's biggest AD Gripes? I am not talking about gripes about things that use AD like GPOs[1] or Exchange or NFS or anything else like that. I mean
