RE: [ActiveDir] Default Domain

[Brian Desmond]

My personal recommendation from when I was in the desktop support business ghosting thousands of workstations a year is not to use GhostWalker and instead to use sysprep and some handy _vbscript_s as necessary.   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Glenn Sent: Saturday, May 06, 2006 1:01 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Default Domain   Joe,   Yes we are.  In the past Ghost had some problems doing a large lab - basically after the process we would get a blinking screen and would have to reghost.  We just updated our Ghost version and that is one of the things we are testing currently.   Thanks again everyone.   Paul   On 5/5/06, joe <[EMAIL PROTECTED]> wrote: Oh BTW, are you changing the SIDs on the workstations after you finish the ghost process?   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm        From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Paul Glenn Sent: Friday, May 05, 2006 3:42 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Default Domain   Al,   We are accomplishing this by Ghost.  We push out a configuration that tells it the domain and OU to join.  The rights are associated with the Ghost Console user that gets installed.  After the workstations join and reboot it's getting all the AD domains on campus via the DNS server (I'm assuming).  there are actually 3 domains and the local workstation that show up in the drop down menu.   BTW, if you all ever need a Ghost question answered, we have one of the best guys in the world for those!   Paul   On 5/5/06, Al Mulnick <[EMAIL PROTECTED]> wrote: Of course, it makes supporting non-windows clients a different challenge :) Paul, what method are you using to join the workstation to the domain? It sounds like the domains are being enumerated at initial logon as if it has no list when it joins. Could be something in the process or something else, but figured I'd ask. al On 5/5/06, Paul Glenn < [EMAIL PROTECTED]> wrote: > > > > On 5/5/06, joe < [EMAIL PROTECTED]> wrote: > > > > > > Welcome. > > > > I am not sure if you can set a domain by default for the initial logon. If > you could, I would expect it to be to some of the reg entries maintained in > the HKLM\software\microsoft\windows nt\currentversion\winlogon portion of > the registry. > > That is exactly the key we have found what little information we have.  No > matter what you set for defaultdomainname or altdefaultdomainname it's the > same thing. > > > > > > > > > You could step around that by telling people to use UPNs for logon instead > of SAM Names. That would mean you would use something like > [EMAIL PROTECTED] instead of something\PGlenn. That is the direction > the auth is going so if you are starting fresh now, might as well start that > way. Then the domain dropdown is a moot point. It also means you can dork > with the domain's almost to your heart's content and never have to worry > about telling the users their new domain, it will just work because the UPN > does not have to match the Domain structure. > > We would like, if possible, to stay away from this because of the way we > have the students logging on now.  Currently they don't have to use any > context for their Netware logins.  A far cry from the days they had to put > in .pglenn.uxx.student.usr.uky  The direction our university is leaning is > to do everything via LDAP lookups.  We are doing this because we have 2 > major AD domains and on major eDirectory.  Account information is handles by > Novell's Identity Manager. > > > > > > > > > > > > > I am curious about the direction to move as you state it as "the Novell > business model", what specifically is pushing this change? With Novell > embracing Open Source I would expect schools and the like to be more, not > less, interested in it. Also I am curious why not a move to say BSD or > Linux. If anywhere that stuff works well en masse it is in school > environments because they are so closed and geographically small. > > > > > > Going open source is great for many things.  However, after many years or > struggling with different vendors and their lack of support for anything > that is not Windows, open source wasn't that appealing.  Our vendors include > made dicipline specific software who don't want to support anything else and > hardware vendors that support others things when they get around to it - and > example of the latter being the horrible tech support from Tivoli after > loosing about 2 terabytes of data (took them 6 months to get it resolved). > Using Netware OES or eDirectory on SUsE were other options I had.  After > wieghing several things - most importantly my learning curve for such a move > to either one given the time table - I chose AD.  This will allow us to put > out images without a non-native client.  This also pleases my VP, who really > wants me to move toward AD. > > > Paul -- *********************************************************************** "I've got a fever and the only prescription is more cowbell."    --Christopher Walken *********************************************************************** -- *********************************************************************** "I've got a fever and the only prescription is more cowbell."    --Christopher Walken ***********************************************************************