Also this was extremely popular in NT4 days in large orgs and there are a lot of people that still design that way. In general, I have no problem with using localgroups on servers. If you use an intelligent ACLing system and take the time to set it up you can configure things so you could bring back permissions just as fast with local or domain groups. Even better, you could rebuild without even being connected to the domain if you absolutely need to (say DR exercise and the domains weren't read yet). I also used this design for a warm failover system that had two servers. One server was for production 100% and the other was for QA and sat in another (untrusted) domain but got daily (sometimes hourly if in quarter or year end) backups sent to it of production. If production server dropped it was a simple matter of dropping the machine from the QA domain and stuffing into production and repointing the app directory on the server to the production bins and data. All ACLing and everything else was handled since it was all local. Could switch over in a pinch in something like 10 minutes. Even if the data had to be rebuilt from scratch I had build scripts for the entire structure that could put it all back and the ACLs in minutes and then the data just needed to be flowed in. Lots of different strategies. All have pros and cons. If the kerb ticket issues keep getting worse, who knows, everyone may be jumping to local groups so they can shed some fat out of their kerb certs. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade Sent: Thursday, May 18, 2006 4:54 PM To: [email protected] Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice because you want something to work if no domain is available, perhaps -----Original Message----- From: [EMAIL PROTECTED] on behalf of Abouelnasr, Jerry Sent: Thu 18/05/2006 21:16 To: [email protected] Cc: Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice What's a reason for using a local group or account on a file server? _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wade Sent: Thursday, May 18, 2006 11:42 AM To: [email protected] Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice I said "may" not "typically". There are reasons for using local accounts (or groups)... -----Original Message----- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Thu 18/05/2006 19:29 To: [email protected] Cc: Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice >>>....but then you may have issues with the permissions on the second drive if you get a different SID on the re-build.... On a file server? Do you typically use local file server accounts for your permissioning? Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com <http://www.readymaids.com> - we know IT www.akomolafe.com <http://www.akomolafe.com> Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Dave Wade Sent: Thu 5/18/2006 11:12 AM To: [email protected] Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice These days I am much more curious as to the benifits of RAID5? It slows the I/O down. It can really crawl if you loose a drive and the server has to rebuild the missing volume? As for multiple partitions, I can't actually see any real advantage on a file server. You can easily move the files to any drive and just re-share the folders. I guess it does make for an easier wipe and build, but then you may have issues with the permissions on the second drive if you get a different SID on the re-build. -----Original Message----- From: [EMAIL PROTECTED] on behalf of Timothy Foster Sent: Thu 18/05/2006 18:28 To: [email protected] Cc: Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice Thanks, Brian. That makes sense. So if I have a 4 disk array on a single backplane, and given that I want the benefits of RAID 5, is there any argument for configuring more than one partition on the array? I realize that this is potentially too much of an open-ended question, but I'm curious :-). The basic premise is that this server would be a workhorse domain member/file server. Would one partition - C: - combined with carefully configured share and NTFS permissions provide adequate security? Or is it better to put the OS on C: and the shares on D: ? Or does the benefit of partitions lie somewhere else - for example, if I wanted to wipe C: and reinstall the OS without touching D: ? (I'm not sure if I like this idea, but as I mentioned, I'm curious...). Thanks, Tim ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, May 18, 2006 12:53 PM To: [email protected] Subject: RE: [ActiveDir] [OT] RAID 5 Best Practice Tim- It doesn't really matter. The RAID controller has no idea about the partition table. It just presents a LUN to the OS and the OS writes to it. Thanks, Brian Desmond [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> c - 312.731.3132 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy Foster Sent: Thursday, May 18, 2006 12:19 PM To: [email protected] Subject: [ActiveDir] [OT] RAID 5 Best Practice Using a RAID controller's configuration utility I can build and initialize a RAID 5 container. When installing the OS, I can, if I choose, create a partition. Is this a good or bad idea? In other words, if I partition RAID 5 container during the OS install will it make any difference if I ever need to replace a drive and rebuild the array? Will the partition table be recognized during the rebuild? Thanks for your input. Tim ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<attachment: winmail.dat>>
