I've
been expecting a schema virus for some time.
-----Original Message-----OK, now you’re frightening me...
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Rick Boza
Sent: Thursday, October 28, 2004 5:13 PM
To: ActiveDir List
Subject: Re: [ActiveDir] FW: Exchange 2003 on DC
On 10/28/04 7:03 PM, "Robert Rutherford" <[EMAIL PROTECTED]> wrote:
*Rob snuggles up close to SBS2003 and puts his arm around her*
*He whispers *.... 'It's OK... you may not be the most secure system but I still think your kinda sexy'
From: [EMAIL PROTECTED] on behalf of joe
Sent: Thu 28/10/2004 23:20
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] FW: Exchange 2003 on DC
Ack, you said SBS... <as joe scurries back to the light...>
I await the day that someone writes a bad virus that targets Domain Controllers. I figure that the SBS machines will be the first to get hit with something like that since there are sooooo many vectors to the security bastion on that product.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Thursday, October 28, 2004 5:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] FW: Exchange 2003 on DC
Um, SBS users don't have a choice...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, October 28, 2004 3:44 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] FW: Exchange 2003 on DC
Don't install Exchange on a Domain Controller, even you Michael B. Smith
Article ID : 994678345
Last Review : October 28, 2004
Revision : 1.0
This article was previously published under Q994678345
SYMPTOMS
In a Windows 2000 domain some people like to install Exchange on a Domain Controller. They also like to use them for file and print as well or for other not authentication/authorization services. They sometimes find they run into security and/or stability issues.
CAUSE
This behavior occurs typically occurs when because they installed products on a domain controller which is supposed to be the bastion of your enterprise security, not handling menial services such as exchange and file sharing et alii.
RESOLUTION
To resolve this problem, remove the non authentication/authorization related services from the domain controller.
STATUS
Microsoft has confirmed that this is a problem in the real world. This problem was first corrected when people started treating the DCs like a KDC and not a regular server.
APPLIES TO
All versions of Windows that run as Domain Controllers
:o)
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Wednesday, October 20, 2004 7:53 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] FW: Exchange 2003 on DC
I've run across a couple of KB articles regarding the issues of promoting/demoting a DC under Exchange 2003 (on the same box). Shame on me, I didn't bookmark them.
Does anyone have those handy? My google-fu is not up-to-par today apparently...the one's I've found (plus summary) are:
822179 - don't change DC status after Exchange is installed
305504 - impact of making DC a GC with Exchange installed
305065 - impact of removing a GC from a DC with Exchange installed
829361 - long shut down time on a DC when Exchange is installed
822575 - DS2MB stops running when DC status is removed and Exchange is installed
The only one I've found that directly affects the search I'm on is the last (822575).
Thanks,
M
=======================================================================
Scanned for virus infection by Messagelabs
=======================================================================
