I kinda like the idea of running a DC in a VS machine, and having an online realtime copy of it somewhere in addition to incremental backups... and you should be able to bring up the vhd on any box, not just one with similar hardware, and without having to go through Laura's 7 step DR plan :) (reference thread [ActiveDir] AD Restore Problem)
But can you have a VSS-type remote copy of your DC session vhd file? (Forgive me if I bring up topics that were adequately addressed during my hiatus in Windows Desktop Deployment World...) ------------------------------------------------------------------------ --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ------------------------------------------------------------------------ --- "I am always doing that which I can not do, in order that I may learn how to do it." - Pablo Picasso -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, October 05, 2005 1:12 PM To: [email protected] Subject: Re: [ActiveDir] Active Directory wish list As a representative of the SBS community there is not a day that goes by that the 'can we cluster SBS' or 'can I have a hot server' doesn't come up. [if you have SA you can have a cold server] With 9/11, with Katrina, with the potential for earthquakes in California ... honestly... the answer for any small business should not be 'well hope your backup is good... you have tested it right?' Conversely I would argue the home user needs to be better protected than they are now. [but that's way OT] I think the fault tolerance for small firms is being a bit pushed to the asp/hosted services model in the marketplace even though us control freaks aren't always fond of that. Actually we 'can' have additional domain controllers..just that the SBS has to hold the FSMO roles and be the PDC. By the time you reconfigure that additional DC to take over the FSMO roles...maybe your time is better spent fixing the PDC, ya know? Is there a good story for small firms to have redundancy, fault tolerance without a fat checkbook? Nope, I would argue...not really.....right now imaging is the only way. And in that instance.. you probably want to stay with a single DC and not suffer the wrath of Brett and ghosting your DCs. A recent whitepaper on the subject of the 'myths' of SBS: http://msmvps.com/bradley/archive/2005/10/04/68986.aspx http://msmvps.com/bradley/archive/2005/10/05/69035.aspx I still would argue that virtualization needs to be done WAY more than we are doing now...but that's just my wacko thoughts. Rich Milburn wrote: >I think the biggest reason people want to be able to run multiple >domains on one server is the same reason practically no one (except for >SBS) installs just one DC, and the same reason we always install a >minimum of 2 for a domain. We have a forest root and 2 child domains >model, and it takes us 6 servers to run that - for basically 2 >directories and fewer than 5000 users. That seems like a waste of >hardware in some situations - especially if you have multiple orgs that >you run. The parallel might be for a web hosting company to have 2 full >web servers for each domain they host - in case 1 goes down, they still >have a second. VS is an answer, yes, although you still need a full >server license for each VM. The thing with domains is you don't want to >only have 1 online copy of the directory. MS didn't seem too convinced >there was a good reason to have an online second server - they cited >backups as a good solution to the issue. In a big org the cost of an >additional server to provide redundancy is negligible, but is having an >online copy (second DC) really the BEST way to do this? And it doesn't >help SBS users, since they can (correct me if I'm wrong) only have 1 DC. >I realize it may be the best way we have with W2K3, but how could the >issue of redundancy be addressed with AD differently than having 2 DCs >minimum per domain? Anyone have any ideas? > >Rich > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Tuesday, October 04, 2005 9:20 PM >To: [email protected] >Subject: RE: [ActiveDir] Active Directory wish list > >Yeah I can say that it isn't in Longhorn. As the dev guys put it, this >is a >tough one. It wouldn't just be a nobrainer if they had separate >instances of >AD, there are just tons of other things involved that make it extremely >difficult. It was something that was brought up in the summit though, >not >sure how much I can say around it other than no, it won't be there. > >MS feels the focus of this is dramatically reduced now as well due to >the >fact that VS is available and can run DCs. Also the Server Core DCs >helps >here as well as the DCs will have a smaller footprint. If folks are NOT >in >agreement with that assessment, definitely speak up, it is too late for >Longhorn but possibly the opportunity exists to convince them for >BlackComb. > > joe > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser >Sent: Tuesday, October 04, 2005 9:37 PM >To: [email protected] >Subject: RE: [ActiveDir] Active Directory wish list > >I'd also like to see the ability to run DCs for multiple domains on the >same >server. SMBs with limited resources balk at having to buy additional >server >hardware for redundancy on multiple domains, especially when the AD load >on >the DCs is minimal. This feature sounds like an offshoot of your list >below. >If you can run AD as a service, it might not be that hard to allow >multiple >domains similar to multiple websites/DBs on one server... > >I remember discussing this with Stuart Kwan at DEC a couple of years >ago. I >hope it makes it into the mix... > >********************** >Charlie Kaiser >W2K3 MCSA/MCSE/Security, CCNA >Systems Engineer >Essex Credit / Brickwalk >510 595 5083 >********************** > > > > >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of joe >>Sent: Tuesday, October 04, 2005 4:25 PM >>To: [email protected] >>Subject: RE: [ActiveDir] Active Directory wish list >> >>Vista is the client OS. I don't believe they have named Longhorn >>Server yet.I am voting for something like Windows Server 5.4.0 or >>something like that. I realize that the marketing group would have >>something to say about it but I figure the best thing from them is if >>they pronounced their thoughts from the bottom of Lake Washington. >>People don't install servers because they have cool names. >> >>The biggest non-NDA pieces that I have heard announced in conferences >>or seen on the web already is the Read Only DC to limit security >>exposure for WAN deployments, restartable AD that can be >>stopped/started as necessary, DA/Admin separation so that you can have >> >> > > > >>an Admin on a DC that "can't" achieve Domain-wide DA level rights, and >> >> > > > >>DCs running on Server Foundation or now its called Server Core which >>is a GUI-challenged Windows Server. >> >>I can also say that there are a myriad of GUI updates for the Admin >>tools though I can't state specifics. BJ Whalen who was involved with >>the GPMC project has been brought in to work on admin experience and >>anyone who has worked with GPOs with and without GPMC know that he >>really helped out. >> >>All in all, there is some very cool stuff and MS has really been >>listening to the community on what they want and need. I know that >>this list is watched for ideas and such and has been the source of >>DCRs internally. So if you have ideas, spout them here, they will most >> >> > > > >>certainly be heard. They may not make Longhorn as it is getting a bit >>late to add major changes but your ideas could make it into a later >>rev. >> >> >> joe >> >> >>________________________________ >> >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of Steven Wood >>Sent: Monday, October 03, 2005 3:46 PM >>To: [email protected] >>Subject: [ActiveDir] Active Directory wish list >> >> >>Hi, >> >>With Windows Vista on it's way what's on people's wish list as far as >>Active Directory is concerned? Also are there any big enhancements >>due? >> >>Thanks >>Steven >> >> >> >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / >CONFIDENTIAL INFORMATION may be contained in this message or any attachments. >This information is strictly confidential and may be subject to attorney-client >privilege. This message is intended only for the use of the named addressee. If >you are not the intended recipient of this message, unauthorized forwarding, >printing, copying, distribution, or using such information is strictly >prohibited and may be unlawful. If you have received this in error, you should >kindly notify the sender by reply e-mail and immediately destroy this message. >Unauthorized interception of this e-mail is a violation of federal criminal law. >Applebee's International, Inc. reserves the right to monitor and review the >content of all messages sent to and from this e-mail address. Messages sent to >or from this e-mail address may be stored on the Applebee's International, Inc. >e-mail system. >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
