RE: [ActiveDir] best practice?

Thu, 05 May 2005 10:20:48 -0700

If you restored a current member server to a previous image, you will possibly run into issues with the computer account password and SPNs (depends on the services installed).
 
For adding new members, I completely agree with imaging them as standalones and then joining the domain after the duplication.
 
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta Nathaniel V Contr NASIC/SCNA
Sent: Thursday, May 05, 2005 12:56 PM
To: [email protected]
Subject: RE: [ActiveDir] best practice?

We are talking about two distinct things.  You are talking about imaging to build servers.  I was talking about Disaster Recovery to regenerate pre-existing servers.  I think it bad to use a image of a domain member to create more domain members.  It is true that changing the SID would resolve the issue with security descriptors, but metadata in AD may need to be synchronized as well.  I do not know how this would play out since they are just member servers, but name change and SID change may not be the end of the list of object synchronization that needs to take place when imaging domain members.  I think I would only use an image to restore a pre-existing member or an image of a non-member and then join it to the domain.
 
Nathaniel

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop
Sent: Thursday, May 05, 2005 12:47 PM
To: [email protected]
Subject: Re: [ActiveDir] best practice?

When I was installing two servers in a cluster (member servers) I simply installed the os in one on mirrored disks, took out one of the disks and put it in the second server. Regenerated the two mirros, changed the name and SID on the second one and then installed the cluster service on both. It hasn't given any problems but at the time the HP engineer didn't like it but gave me no concrete reason. Is this practise OK and are imaging techniques just issues with DCs?

Peter Jessop

Reply via email to