Couple of thoughts on this... 1. MS recommends if possible to have your SUS server be a dedicated box. May not be possible in your case but, if so, I would not run SUS and therefore IIS on a DC.
2. I wouldn't recommend that you patch your DC's automatically without a lot of planning/testing. I get very paranoid about patching DC's and normally manually do this. Of course in a large environment with 100's of DC's an automatic patch mechanism is probably a requirement. 3. If you are going to use SUS to patch your DC and workstations, I would create a separate GP for the DC. This will at least move the time of the reboot to a different time than the workstations. Bad things may happen when you have your DC reboot right when all of your workstations are rebooting. -Stuart P.S. SUS is way cool and we are now using it to patch 2000 workstations and about 100 servers... Well worth the minimal time investment to get it running. -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 2:02 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] moving DC I wouldn't recommend that you move the DC out of the Domain Controllers OU. It would mean that the Default Domain Controllers Policy would no longer be applied to that DC. Not a good thing. There may well be other problems associated with such a move. You can link GPOs to any number of different OUs. If you really want the DCs to get the new policy, why not link it to the Domain Controllers OU in addition to your new OU? I don't know what's in the policy, but I would recommend that you test it thoroughly before applying it directly to the Domain Controllers OU. Tony ---------- Original Message ---------------------------------- Wrom: MBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQH Reply-To: [EMAIL PROTECTED] Date: Tue, 23 Dec 2003 09:24:52 +0400 Hi I have created a new OU (name:sus clients) in my AD and moved all my computers there to setup a grp policy which gets the updates from the SUS server loaded in my DC. Everything goes well. But, one computer that has been left is my DC computer under ou "DomainController". Can I move this computer also to the other OU? Would that affect? On the other hand, I could apply the same policy to the ou in question, but, I wanted to maintain only one OU for this purpose. Also, once I move the DC to this OU, my DC would also be applied of all patches. Thanks Md ILyas ________________________________ Conares Metal Supply Ltd p.o.box 2854, dubai, uae tel +9714 8835 111 - Extn.212 fax +9714 8836 611 mob +97150 6550 894 _______________________________ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
