He didn't reboot the DC, he rebooted the firewall - in spite of the fact that I asked him to call our on-call extension here in the States, which generates a page to the on-call cell phone.
I'm not sure of his stance on MSFT vs. Linux, except that he definitely prefers the latter. Still, you haven't brought up any technical reasons why not. There may be further issues, and I'll keep looking around for a day or two. Kurt On Sun, Feb 21, 2010 at 12:59, Jon Harris <[email protected]> wrote: > Do you really want someone to control what and where the clients look to for > information? Do you trust this person to keep their hands off of the > network? If you say yes leave them be if you don't or if this person just > is one to the type that all things Linux is good and all things Microsoft is > bad then I would use the hammer and make sure you document the reason why > you are doing it. I suspect this person since they have(by our own > statement) shut down the DC because things were not right is going to cause > you issues more so down the road with retaining control of DHCP. > > All clients know to look for the DHCP server for a lot of information > including IP address for the DNS and AD servers. > > Jon > > On Sun, Feb 21, 2010 at 2:51 PM, Kurt Buff <[email protected]> wrote: >> >> Nobody from IT has been to this overseas office in my 8 years at this >> company. We've shipped servers and this admin has set them in the rack >> and hooked them up. >> >> By now, the political situation has gotten to be such that it would be >> thoroughly resented if I went to correct things, such as locking away >> the servers - even if it were just the DC and Exchange server. >> >> It's extremely unlikely that we'd get a second DC in the overseas >> offices, and one should be sufficient, because if they lost both the >> DC and the WAN or VPN at the same time, they'd likely have bigger >> problems. >> >> On Sun, Feb 21, 2010 at 11:43, Davies,Matt <[email protected]> >> wrote: >> > Kurt, >> > >> > For remote offices, we have always made sure that we have 2 DC's both >> > with DHCP, although only if they are in a secure location with restricted >> > physical access, we have done this mainly for redundancy, we have looked at >> > running DHCP from a centralised location, but even in this day and age, wan >> > links or VPNs can sometimes be unreliable. This way if the WAN or VPN is >> > down then the users can still logon and still browse the internet. >> > >> > Cheers >> > >> > Matt >> > >> > >> > -----Original Message----- >> > From: Kurt Buff [mailto:[email protected]] >> > Sent: 21 February 2010 18:34 >> > To: NT System Admin Issues >> > Subject: DHCP in Win2k3 R2 domain >> > >> > All, >> > >> > Actually, the issue isn't really that, it's the part time admin in one >> > of our overseas offices. He's running DHCP on a linux box, and handing >> > out DNS/WINS entries pointing to the AD servers. >> > >> > I've got DHCP set up on the DC in their office, but haven't turned it on >> > yet. >> > >> > He's balking because he want to control the handing out of addresses >> > in his environment. Yes, I've taken away a large portion of his former >> > set of control, but he can set up new users (including their >> > mailboxes, etc.) and workstations, and he is an admin on the file >> > server and the ERP box in their office, but little else - he doesn't >> > have access to the DC with WINS/DNS, nor the firewall (though he has >> > pulled the plug on it when "it wasn't working right", without calling >> > me, which really pissed me off.) >> > >> > I could just turn on DHCP on the DC, and let those two machines fight >> > it out, with the resulting chaos that would ensue, but I don't think >> > that's terribly smart. >> > >> > I could just use the management hammer and tell him to turn the linux >> > service off "because I said so" but that seems less than optimal as >> > well. >> > >> > The servers are set up with static addresses, so that bit is not an >> > issue. >> > >> > Can anyone point me to KB articles or other documentation on running >> > DHCP that bolsters the case for centralizing it with AD? >> > >> > OTOH, if there's no compelling reason for doing so, I'd like to hear >> > that as well, though I think that having network infrastructure >> > services served out of the same platform, and manageable by the HQ >> > would be a good thing. >> > >> > Kurt >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> > _____________________________________________________________ >> > This e-mail (including all attachments) is confidential and may be >> > privileged. >> > It is for the exclusive use of the addressee only. If you are not the >> > addressee, >> > you are hereby notified that any dissemination of this communication is >> > strictly >> > prohibited. If you have received this communication in error, please >> > erase all >> > copies of the message and its attachments and notify us immediately at >> > [email protected] . Thank You. >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
