RE: [ActiveDir] best practice?

[McLeod, Scotty]

I have almost always chosen to go with allowing the new ‘image’ on the machines to reset and reuse the existing AD computer object as the process of doing so does reset all the information such as description, OS version etc. The one area where some care needs to be taken is the ownership of the computer accounts themselves from when they were originally created. Someone will have specific permissions based on them either creating the object or from being delegated those permissions by the person who did create the object so if you do not want to continue to have the possibly of old permissions to your workstations to continue this could be a good opportunity to begin again. Or you could script the removal of all the ‘per user’ computer object permissions which I know some companies do on a regular basis. Scotty   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shukovsky Jr Sent: 04 May 2005 14:38 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] best practice?   You stated: * When distributing restore the image.... SYSPREP runs.... Enter a computername (if it an existing previous computername reset the computer account in AD), join to domain et voila   Computer names will be existing. My original question was do I remove from domain then image and rejoin or image and reset account.   Are you saying to image, reset account then rejoin, and will this work given the site structure? ----- Original Message ----- From: "Jorge de Almeida Pinto" <[EMAIL PROTECTED]> To: <ActiveDir@mail.activedir.org> Sent: Wednesday, May 04, 2005 9:10 AM Subject: RE: [ActiveDir] best practice?   > OK, let me rephrase that... "don't even think cloning DCs or backing up DCs > using tools similar to ghost THAT ARE NOT AD AWARE in production > environments (at least ghost versions 8 and lower are not AD aware... Not > sure if ghost 9 is AD aware) > > New departmental standards... So you want to create a new image to > "distribute" to the current HW? > > * Choose one hardware model to create the image > * Install the OS and configure accordingly > * Add drivers for the other HW models you have in your ORG > * Use the Deployment tools (especially SYSPREP) > * Create an image of the configuration while it is not joined to the domain > * When distributing restore the image.... SYSPREP runs.... Enter a > computername (if it an existing previous computername reset the computer > account in AD), join to domain et voila > > The quick and dirty explanation ;-) > > #JORGE# > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shukovsky Jr > Sent: Wednesday, May 04, 2005 14:50 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] best practice? > > I was talking about pc's. The reason for reimage is for new departmental > standards ( look and feel ). I do not have luxury of SMS. Yes, same domain, > same hardware, same name, just new image. I am having issues with removing, > pushing new image and rejoining. Some seem to work and others are coming up > disabled?? Just wanted to ask if anyone is familiar or knows better way. > > BUT....as for DC's. I do "image" dc's using Symantec Livestate Recovery ( > formerly PowerQuest V2i ). It works wonderfully. I primarily use for > backups. I have not had to recover a server in production ( and hope I do > not have to ) but I have in lab 10+ times and servers are as clean as ever. > You should take a look. > > ----- Original Message ----- > From: "Jorge de Almeida Pinto" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Wednesday, May 04, 2005 2:55 AM > Subject: RE: [ActiveDir] best practice? > > > > In his mail he is talking about DOMAIN MEMBERS and not DCs. If he is > talking > > about DCs I agree with Brett -> don't image DCs... Don't even think about > > it! > > > > Concerning imaging DOMAIN MEMBERS and rejoining... > > I'm not sure what you want to acchieve...why do you want to rejoin the > > computers? Same domain? Other domain? Same HW, Other HW? > > > > Cheers, > > #JORGE# > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley > > Sent: Wednesday, May 04, 2005 03:08 > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] best practice? > > > > Never, ever, EVER image a Win2k or Win2k3 Domain Controller ... or ADAM > > server.  I don't know about memebers, just adding knowledge about DCs, as > I > > don't think I've ever mentioned it here before. > > > > Cheers, > > -Brett Shirley [msft] > > > > as is, caveat emtpor, status quo, etc > > > > > > > > On Tue, 3 May 2005, John Shukovsky Jr wrote: > > > > > Hello all, > > > > > > Question, you want to re-image pc's  that are domain members. You want > to > > immediately rejoin domain using same name. Site is single W2k DC/GC on 3 > > hour replication cycle with fsmo holders. > > > > > > Should you remove from domain, image and rejoin or just image rejoin and > > reset computer account? Would either of these ways work given site setup? > > > > > > Any input appreciated. > > > > > > John Shukovsky Jr > > > Network Administrator > > > NJ Department of Human Services > > > 609-861-6031 > > > > > > > > > This E-mail, including any attachments, may be intended solely for the > > > personal and confidential use of the sender and recipient(s) named > > > above. This message may include advisory, consultative and/or > > > deliberative material and, as such, would be privileged and > > > confidential and not a public document. Any Information in this e-mail > > > identifying a client of the Department of Human Services is > > > confidential. If you have received this e-mail in error, you must not > > > review, transmit, convert to hard copy, copy, use or disseminate this > > > e-mail or any attachments to it and you must delete this message. You > are > > requested to notify the sender by return e-mail. > > > > > > > List info   : http://www.activedir.org/List.aspx > > List FAQ    : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > List info   : http://www.activedir.org/List.aspx > > List FAQ    : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > This E-mail, including any attachments, may be intended solely for the > personal > and confidential use of the sender and recipient(s) named above. This > message > may include advisory, consultative and/or deliberative material and, as > such, > would be privileged and confidential and not a public document. Any > Information > in this e-mail identifying a client of the Department of Human Services is > confidential. If you have received this e-mail in error, you must not > review, > transmit, convert to hard copy, copy, use or disseminate this e-mail or any > attachments to it and you must delete this message. You are requested to > notify > the sender by return e-mail. > List info   : http://www.activedir.org/List.aspx > List FAQ    : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. > List info   : http://www.activedir.org/List.aspx > List FAQ    : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient(s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the Department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail.