In my real world there are only 3 people other than myself in the whole world who have administrator level rights in AD and on DC's and have interactive logon rights to DC's who can make core level changes. This is for a global production forest comprising around 380 domain controllers and some 200k-250k users. All 4 of us are within slapping distance of each other which really helps out on the coordination. I guess there is a hole in if our building with us got blown up or eaten up in a tornado together, but overall I would say it has helped a whaleload more than it has hurt.
Four counterpoint, there is a small AD Forest in our company that isn't run by us that is for a very small group and has maybe 4-6 domain controllers but have something like 30-40 admins and they are always trying to figure out who did what that broke this that or the other thing. Overall my basic saying for AD and Domain Controllers is... Any idiot can screw it up, very very few know enough to go back in and figure out what the idiot did and bring it back from the dead or even the stage of "hurting real bad". And with those very few, you couldn't get a timeline as to how long it would take to bring it back from the dead. I gave a 3 month timeline once... 9 additional months later I was still finding things that had been screwed up. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cary, Mark Sent: Thursday, August 07, 2003 4:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea.... I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -----Original Message----- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
