|
Active Directory will do it all: Blue Screen, Watson,
Slow, Stop, ReStart, Takeover and break NDS, Send funny packets (QoS/MSDiffServ)
to break your router, cause incompatibilities with you 9X and NT pre 2000 boxes,
absorb all memory, reduce server performance, obsolete working hardware, pretend
to work with your Kerberos security servers and more.
I have been looking hard at ADS. It does hold a lot of
promise as an infrastructure, but when is service pack 2 coming
out?
-V
Disclaimer - Win2000 Release Candidate 1 seems very
stable before you turn on the ADS stuff, Kerberos, or any non MS
programs.
----- Original Message -----
Sent: Monday, September 20, 1999 10:16
AM
Subject: RE: [IMail Forum] DataBase
We're just finding in educational settings that the
LAN spans the whole campus. A mobile student, laptop in hand, logs in from
dorm room to classroom to library. There's no logical reason to divide them
into separate domains, and logistical problems with doing such. And we'll make
it even more messy with Macintosh a popular educational platform. (our user
profiles and home directories are on a Mac server, even for our NT accounts!)
Reserve is a smaller institution than my former employer, Kent State, but KSU
was running into similar troubles with folks wanting access to their dorm
printer, department data store, and the library resources from any of these
locations....
I
don't pretend to have the answer to directory tree / domain architecture, but
I'm always wondering if I've got the best setup I can have, and always
interested in opinions. Thanks for the insight.
--Cal Frye, Western Reserve Academy, Hudson, Ohio
As
far as the user limitation of NT, why, if I have 20000 students, should I
have to place them in more than a single domain? Domain structure should
reflect organization structure and resource allocation, not arbitrary or
performance limitations. NDS has been shown to scale to over a billion
objects (users, servers, printers, etc), and NT has lots of catching up to
do.
The point is that NT domain system was designed to network access - and
administration.
I'm not sure it's a good thing to manage 20000 students' network
access as ONE organizational structure. Simply put, a domain should
cover a LAN, and several domains should take care of a WAN.
Looking from another standpoint: as an ISP, you have tens of
thousands email accounts. But not *all* those people should logon
to the LOCAL network where the mail server is located (I know it's not
really the case, because IMail uses local NT SAM, but the limitations of
this approach appear here too, because you're putting too much people into
the server's security context).
I'm not saying NT domain is good or bad. I just don't think
it was designed for this purpose.
OTOH, Win2k Active Directory claims to do it all...
:-)
Cheers,
Ricardo Freire, MCP
|
