Hi Jorge, So going back to my original question does a NT4 box running the dsclient have the ability to find an LDAP server (or a DC) to get info from AD. ( It's obvious that 9x clients can not since they can not join a domain and NT 4 systems can ).
Jose :-) ------------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida Pinto Sent: Wednesday, May 11, 2005 10:34 AM To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management >> however I just was not sure if it had the ability to query SRV records looking for the nearest DC to the subnet that it is on This is still NOT POSSIBLE in current implementations of AD to find a DC according to the cost of the site links To find an LDAP server (or a DC) to get info from AD: * If a client does not know which AD site it belongs to (e.g. joining a domain) it will query for: _ldap._tcp.dc_msdcs.<domain>.<domain> * If a client does know which AD site it belongs to it will query for: _ldap._tcp.<site name>._sites.dc_msdcs.<domain>.<domain> * If a client does know which AD site it belongs to it will query for: _ldap._tcp.<site name>._sites.dc_msdcs.<domain>.<domain> AND if those DCs are unavailable then it will query for: _ldap._tcp.dc_msdcs.<domain>.<domain> Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, May 11, 2005 19:10 To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management Hi Jorge, Good suggestion. I was thinking about suggesting that he use the dsclient ( I have never really worked with it ) however I just was not sure if it had the ability to query SRV records looking for the nearest DC to the subnet that it is on. Jose -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jorge de Almeida Pinto Sent: Wednesday, May 11, 2005 10:01 AM To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management Or install the latest DSCLIENT for the 9x and NT systems! QUOTE ############################ Site awareness - This includes the ability to log on to the domain controller that is closest to the client in the network and the ability to change passwords on any Windows 2000/2003-based domain controller, instead of the primary domain controller (PDC). In order to benefit from this new functionality the computer object where the Client extension is installed must exist in a Windows 2000/2003 domain. Note: Active Directory Client for Windows NT4.0 does not change the NT4.0 WinLogon change password behavior. The WinLogon change password still contacts the PDC. However, Active Directory Client extension provides necessary APIs to change the password to any Windows 2000 based domain controller. ############################ See http://www.petri.co.il/dsclient_for_win98_nt.htm for more! #JORGE# -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, May 11, 2005 18:31 To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management There you go, that is your problem. Your NT 4 systems and 9x systems are all going across the wire to the PDC emulator for authentication. Upgrading your clients to Windows 2000 or XP should solve your issue ( As long as your sites are defined with the correct cost). Jose Medeiros MCP+I, MCSE, NT4 MCT Former Vice President NTEA www.ntea.net www.sfntug.org www.tvnug.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian Desmond Sent: Tuesday, May 10, 2005 9:20 PM To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management No this is a 2000 Native forest (3xdomain) with all 2003 DCs. clients contacting the domain are almost entirely NT class I think. Exactly what hte story is on 9x is unclear to me though there are tens of thousnads of them. Same with NT4 though less I think. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 c - 312.731.3132 ________________________________ From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Tue 5/10/2005 7:52 PM To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management Hi Brain, I was at Robert Half International working on their deployment of 400 2003 AD controllers to their remote offices world wide a few monts back and have not seen the problems that you have. I am assuming that your locations currently run a NT 4 BDC and your Active Directory domain is in mixed mode? Have you created separate sites in AD and defined the cost for each site? Can I also ask what type of clients ( Windows 98, NT4 2000, Mac, XP ) your running? Regards, Jose Medeiros --------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian Desmond Sent: Tuesday, May 10, 2005 5:44 PM To: [email protected] Subject: [ActiveDir] Site/Subnet Management Hi all, Wondering what strategies you all use for managing sites & subnets in your AD environment. Mine is fluid in this regard. There are roughly 650 physical locations with 2 subnets per. The number of locations is fluctual in terms of add/drop. Currently we have just a small handful of AD sites, and save for a couple dozen subnets, they all go in one big happy site. We're moving towards putting DCs at remote locations and thus they're going to start getting their own sites. The current system is fairly manual - I start seeing netlogon warnings about # of no site connections, email the WAN guy and get his subnet/location spreadsheet, and then i mangle it a bit into a CSV. I delete all the existing subnets. Run my vbscript which recreates them all according to the CSV. This is all well and good I guess but it's an annoying system. Anybody got anything better? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
