Glen covers lingering objects nicely as well on 2 of his plethora of 5 blog articles :)
http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx http://blogs.technet.com/b/glennl/archive/2007/10/04/so-you-want-to-clean-up-your-forest-of-lingering-objects-before-you-set-your-forest-to-strict-but-you-have-windows-2000-dcs-in-the-forest.aspx From: David Lum [mailto:[email protected]] Sent: Friday, November 09, 2012 11:00 AM To: NT System Admin Issues Subject: RE: Standing up 2K8DC - finally. Opinions? EventID 1988 in the Directory Service event log, correct? DC's are clear on that point. From: Webster [mailto:[email protected]] Sent: Thursday, November 08, 2012 1:20 PM To: NT System Admin Issues Subject: RE: Standing up 2K8DC - finally. Opinions? I have only seen this at two customers in the 12 years I have been working with AD but don't forget to check for Lingering Objects. Lingering Objects can really foul up replication between DCs. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Free, Bob [mailto:[email protected]] Subject: RE: Standing up 2K8DC - finally. Opinions? What Glen suggests is putting your new DC in an isolated test AD site and having your apps test against it. Most apps that have site affinity generally won't know it's there and if you have stuff that's hardcoded you can control it to some extent. It also hopefully covers the very valid point Carl made about when you remove that last down-level DC. I know that I want sign-off from the major LOB apps that use AD for AuthN/AuthZ on a major upgrade. In some environments that might not be such a big deal. I don't want to be the guy who broke SAP or CC&B here :) Hopefully you have all the crypto and AuthN type stuff covered with your GPOS so you know what is going on there and the vast majority of things should just work. That is what I've usually heard bite people with upgrades; something like storage, SAMBA, TACACS, databases etc. broke because the security was upgraded. You are already way ahead of that curve because you are aware of it and are configuring it the way you want it. Again don't forget 8-d. That stuff probably all needs attention. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin PG&E is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
