|
Seems that there was a little talk about
Longhorn. Was anything said about an interim version of Windows before
Longhorn? i.e. Windows 2005..6..7… From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe DEC was indeed cool. I am not under NDA
for it that I am aware of. In fact I would expect Gil would like to hear people
chattering about the conference as it will drive more people to it. And again,
I don't do many conferences but this one is exceptionally good in terms of
anything I have been to. I heard a lot of chattering along the same lines and
that it was especially considerably better than the big MS conferences that
focus on all MS techs instead of just AD. So instead of AD being one topic of
hundreds it is THE topic. And honestly, this deserves to be THE topic. Why? Because
AD is the corner stone of your security if you are using it for your
authentication/authorization. So why specifically was DEC cool? First
and foremost, I met a lot of people in person that I had previously chatted in
email and newsgroups with. That was very nice. Now everyone knows what I look
like and probably wonder how a guy 5' 2" and 105 lbs like me can be so
wicked and opinionated in email yet not utter a peep in person. Some of the
folks I met from this list are Gil Kirkpatrick, Guido "The Killer UG
Pimp", Robbie Allen, Todd Myrick, Hunter Coleman, Stuart Fuller, Alan
Isham and several others. Also got a chance to talk to and more importantly
listen to some of the MS folks such as Stuart Kwan, Paul Rich, Andreas
Luther, Sanjay Tandon, Robert DeLuca, and others. This face to face
chatter is invaluable. There was one cool session where there
were three teams broken out to solve three AD issues. These were some evil
little issues Gil dreamt up to see if people could work through them. Simple
configuration issues gone bad. I sat and watched Stuart lead a team working on
one of the problems. It was entertaining. I didn't sign up as I didn't think
solving a problem would be that much fun, heck I do that every day at work, why
go to a conference and do it in the evening, especially while drinking... I was
wrong however, it ended up being great fun. Interesting watching different
people troubleshoot issues. The presentations were generally quite
informative. Alan Isham had a great presentation on object lifetimes. This is a
topic that everyone really needs to start paying attention to. A lot of folks
are finishing up the get your ass into AD stage. Now they need to get AD
cleaned up. It brought up for myself and my manager (who was also there) the
whole idea of really having to have a known defined owner for EVERY object
in AD and if we don't know who it is, it is us. This is not what we liked to
think previously but I think we don't really have a choice in the matter
because the clutter mostly impacts us. The other Intel presentation (by John
Dunlop I think - don't have my DEC cheat book here with me) was about using
Virtual Server for restoring a forest. It was interesting as it was very close
to what we have been looking at and I have previously discussed here on the
list. Glad to see someone else thinking that way which lends credence to our
thoughts and direction. They had an interesting twist for getting all of the
DCs at all of the sites back up and running quickly via spinning up a backup VS
DC on every machine and then slowly going through rebuilding back to the
original physical setup. Overall there was a considerable amount of talk about
DR and lag/hot sites and data restoration. It seems to be a big topic on
everyone's mind. There was a presentation by the US Army
which basically made me glad I wasn't trying to deploy in that environment. I
thought my environment was big and complex and politically charged and
underfunded... At least my people are mostly not carrying weapons. There was a presentation by Wook Lee from
HP (the Compaq side originally) which I can only say was... well you had to be
there. Let's just say he wore a faux Forest Ranger hat and had Smokey the Bear
slides and Burma Shave jingles. If that doesn't entice you into wanting to see
his presentation, well you are just not alive I guess. :op I also
spoke with Wook Sunday night at the reception for an hour or so and that was
also quite entertaining and informative. Wook has seen some issues that I
wouldn't ever want to see. One of the side benefits of fully deploying beta and
RC code is what I would call it. Guido had a good presentation on forest
trust stuff. Had a couple of DLG vs UG jabs in there for me which I
appreciated. Several folks recognized them as such as well. It is all in good
fun and keeps life interesting. :op He ended up using a joeware tool (sectok)
in one of the slides to illustrate something so that was good too... push the
use of joeware for effective admining and information discovery. :o) It was interesting to hear from Andreas
concerning the direction of MIIS. Apparently it is being driven towards being
your one stop provisioning system. Sounds like AutoGroup is going to be
completely bundled into that versus off on its own. AutoGroup, if you are
unaware, is the AutoDL replacement that handled security/dl group memberships
with subscriptions and such. I think it was pretty clear from several people I
was talking to that group management is also on the minds of many people. One
point on that that I found interesting was the idea that several folks seemed
to be using 80/20 rules for assigning group memberships by departments or
roles... i.e. if 80%+ of the folks needed, everyone in that dept or role got
it... That flies in the face of my least privilege mantra I repeat 100 times
every night before going to sleep. I think that may be one of the other issues
with Role based security. The first major one using a one role one group
mentality and assigning perms to that group all over the place versus the
resource based security ideology of having one group for each resource and then
assigning people or role groups to the resource permission groups. I am much
more into wanting the nesting than having a group and wondering where all the
places I (or anyone else in the company) assigned perms to it. Stuart's information in the keynote and a
couple of points through the conference were especially interesting concerning
possible enhancements in Longhorn Server. I hope to hear more at the So some of the items are 1. Caching Domain Controllers - basically
a DC that did credential caching for a site. It didn't cache admin password
info so it couldn't be compromised and used to gain access back into the
forest. I liked this idea and asked that it not just work for a single domain,
but any domain in the forest. 2. Multiple domain hosting from a single
DC. 3. Ability to stop/start Active Directory
on the fly as a normal service. 4. Domain Controllers not being dependent
upon NTFRS. 6. Logging for directory changes in
general, not changes on specific DCs. 7. Ability to have multiple
password/lockout/complexity policies per domain 8. Role based security built into the
product 9. Better Undelete/Undo functionality 10. Increased ease of use for
authentication/authorization of non-MS OSs 11. Simple setup WAN site DCs... I.E. Not
the normal DC build process, sort of like easy bake DCs. 12. Allowing people to admin hardware/OS
without being able to touch AD. Ok those are the ones I remember and
actually they may be warped so I really hope Gil posts the real list. Also I
would hope he posts the results from the conference as I think that would also
be good for everyone to see. Again, overall, it was a really good
conference. Its good to get people together talking like that. I had great fun
and I can't recall how many times I heard "Oh, you are THAT joe"
which made me generally ask, is that a good thing or a bad thing? It always
seemed to be a good thing and overall people seemed to indicate that I was
helpful to them which made me happy. Gil was talking to me
about presenting at a future DEC. I have no clue what I would present,
anyone have ideas on things they would like to hear out of me in that forum?
About the only thing I can think of would be to sit there responding to
ActiveDir Org posts in front of everyone and discuss my thoughts while
responding. My recommendations for future DECs were to
have it someplace warm in the cold months (D.C. was kind of on the cool side),
white boards in conference rooms for ad hoc chat sessions, keep the bars open
all night (at least a cooler with beer) in the conference rooms so people
didn't have to go find other bars and disturb the conversations, keep
everything at very technical level. Oh yeah, there was one big huge issue with
the DEC... I didn't see one single rubber chicken. joe ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan "BTW, if you didn't go to the
Directory Experts Conference, you missed a good time. NetPro did a good job and
there was a lot of good discussions. Plus some of the stuff Stuart was talking
about was pretty darn cool. " Firstly, just rub it in.....
Secondly, are you under NDA? Cut loose with some specifics, man! Rick Kingslan
MCSE, MCSA, MCT, CISSP |
- RE: [ActiveDir] DEC Chatter - Was something else... Bernard, Aric
