Hi,
I have 2 GC and 7 domain controllers, I made 2 GC so that if I had to
take any one of them offline the other will be functional and the
network will be ok, what happens is that if any of them goes offline,
the network goes down, (includeing email service exchange).
Any thing I should have done
rough and ready response :)
1. Client logons, Exchange GAL lookups and various other components require a
GC to be available, ideally in the same site.
2. Why are only 2 of the 7 DCs also GCs?
Given that you are experiencing issues, I'd be inclined to 'upgrade' the
remaining 5 DCs to GC status
Thanks for teh reply :)
I will tell you, because now I have to maintain 2 servers (the GCs)
online 24/7 I can't take one offline for maitenance for a second cause
the network goes down, imagine if I upgrade the other 5, then I will
have to keep 7 servers alive 24/7!!!
I configure the
I don't agree with the below at all, to be candid. I would rather have 7
servers, knowing I can lose 1 or 2 without issue, rather than working round the
clock to keep 2 servers up all the time. To me, that's the beauty of systems
like AD, where the system is distributed and self resilient. You
Suffering = users loose connectivity to their mailbox (the Outlook
shows a message saying Trying to connect to your exchange server),
users can't use their home directories on the servers, users not being
able to print, basically users goes offline, waiting for the GC to be
online, now this I
How many sites do you have configured in your AD?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of rubix cube
Sent: dinsdag 5 juli 2005 10:34
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GC
Suffering = users loose connectivity to their
One site and all servers in that one site.
On 7/5/05, Rops, Arjan [EMAIL PROTECTED] wrote:
How many sites do you have configured in your AD?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of rubix cube
Sent: dinsdag 5 juli 2005 10:34
To:
Do you have defined DC's for Exchange in your Exchange System Manager.
If so is there a reason?
Mark
-Original Message-
From: rubix cube [EMAIL PROTECTED]
Date: Tue, 5 Jul 2005 11:33:50
To:ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GC
Suffering = users loose connectivity to
I have Automatically discover servers, and so all my DCs are listed
there, is that a bad thing!
On 7/5/05, Mark Parris [EMAIL PROTECTED] wrote:
Do you have defined DC's for Exchange in your Exchange System Manager.
If so is there a reason?
Mark
-Original Message-
From: rubix
sounds like typical Outlook client issues to me - not really a GC or a
Network problem.
afaik, Outlook 2k/XP was basically not smart enough to failover to
another GC when the one it selected goes down. It does receive a list
from the Exchange Server, but it requires a restart to connect to
I also don't agree with what you are saying concerning the maintenance
of the GCs.
If you only have 1 domain in the forest there is NO OVERHEAD in making
all DCs GCs. The size of your DIT will not grow in size because there
are no other domains. For its own and single domain the GCs will use
Hi,
Have u checked your dns configuration ? Such as SRV records available for your
second GC in the format _ldap._tcp.gc._msdcs.DnsForestName ? Maybe, your
clients can not find the second GC dû to a lack or pb with dns records
(A,SRV,etc..).
Check if u use Ipsec/Firewall that could prevent
seems very good but I have 1 domain but I have 15 VLANs, not all
domain controllers accessible by all VLANs, if I set all the domain
controllers to GC will that cause a problem?
the 2 that I chose to set as GCs are accessible from all VLANs.
thanks.
r.c.
On 7/5/05, Almeida Pinto, Jorge de
a SP for windows you mean or a SP for outlook?
because if for windows I can afford rolling it out.
Thanks
r.c.
On 7/5/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote:
sounds like typical Outlook client issues to me - not really a GC or a
Network problem.
afaik, Outlook 2k/XP was basically
They can access it, they have problem only when it goes offline.
On 7/5/05, TIROA YANN [EMAIL PROTECTED] wrote:
Hi,
Have u checked your dns configuration ? Such as SRV records available for
your second GC in the format _ldap._tcp.gc._msdcs.DnsForestName ? Maybe,
your clients can not find
To check your outlook 2003 connection status, hold down CTRL and right click on
the outlook icon in the system tray. Select connection status from the newly
revealed option. You can then select reconnect if you have issues.
-Original Message-
From: Grillenmeier, Guido [EMAIL PROTECTED]
So you have a hub location and 15 branch offices. As long as the hub can
reach ALL the branch offices and the branch offices can reach the hub
there will be no problem as all communication/replication will go
through the hub
Cheers,
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
I don't understand how this can work in one site :)
If all DC/GCs are defined in the same site, then clients may be 'offered' any
of these DCs from a DNS perspective, since they are all 'equal'.
You appear to several odd environmental issues which need to be addressed
before attacking the
I would question the below, given that the poster has just _1_ site defined.
:)
neil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: 05 July 2005 10:38
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GC
So you
As I understand sites are used if you have a remote site and you want
to replicate AD traffic, this is not my case and so I have 1 site.
I have a backbone main switches which I create the VLANs on and setup
filters on these VLANs so which IP ranges can access which servers and
resources, I have 15
Have u checked that all DCs/GCs were in the Exchange Sytem Manager ? Your
organisation - your Administrative Group - Servers - Your server.
And right-click Your Server and go to Directory Acces Tab and check that if
all your DCs/GCs are in automatically detection - sorry, i have french OS :(
All,
Hopefully a quick
one this evening. We are currently insourcing or DNS function from another
organisation (yes, an external org manages our DNS system - not integrated with
our AD environment - long story).
We are running a 2k
domain, and the current plan is to introduce 2 member
Sites can also be used to control replication traffic between a set of
well connected computers (how it replicates and when it replicates and
which clients authenticate to which DCs) A set of well connected
computers could be a location but even a VLAN. The latter is a solution
if you only allow
can the AD Integrated Zones be
used by a member server running DNS
No, it must be on DCs.
Are there any known issues...
The
biggest thing I can think of is security and replication of the zone info. You
can't have secure updates when the zone isn't integrated.
From: [EMAIL
To be integrated, it must run on a DC.
FWIW, have you considered a different type of cutover that doesn't require so
much downtime? I don't know the specifics of the environment, but often a zone
transfer and reconfiguration of the clients is all it takes. Newer clients
likely wouldn't
This configuration kind of scares me. The question that keeps bubbling to
the surface is why why why why?
Sites are used to define well connected networks. This is both for
replication and for resource location services by clients looking for
resources. It sounds like you have a case where all
This might be helpful for this situation:
Background: if you'd like some more information on legacyExDN there's some nice
information about it here:
http://blogs.technet.com/exchange/archive/2004/03/24/95451.aspx
As for this particular issue:
1) You do realize that recovery of messages is
AD Integrated DNS zones are only possible
on DCs and that is the preferred way as these zones have more benefits like
replicating the information through AD instead of doing zone transfers, secure
(preferred) and non-secure secure updates. Every DN/DNS server with AD-I zones
and dynamic
Thanks James, but I had multiple links set up for this with three different
DC's. The odd thing is that it really wasn't an issue until recently.
On 6/29/05 12:09 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hi Mark
Are the other DCs replicating with anybody else? Has the updated
Thanks, that's what I am going to try today!
Mark
On 6/29/05 11:59 PM, Dibs [EMAIL PROTECTED] wrote:
Go for metadatacleanup using ntdsutil.
Check http://petri.co.il
thx
Dibendoo Das
Fluent Systems,
India
--- Mark Orlando [EMAIL PROTECTED] wrote:
I have a DC, which used to have
Thanks, that is what I will try today!
Mark
On 6/29/05 12:23 PM, Mark Parris [EMAIL PROTECTED] wrote:
Mark,
Sat on a train at the moment, but look for the MS article on how to clean up
DC metadata. This should resolve the replication issues.
Mark
-Original Message-
From: Mark
Title: Re: [ActiveDir] Can't get rid of old DC in Sites and Services
I will give it a shot.
Thanks,
Mark
On 6/29/05 12:19 PM, Almeida Pinto, Jorge de [EMAIL PROTECTED] wrote:
Do a metadata cleanup
See Q216498
Cheers,
#JORGE#
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Title: RE: [ActiveDir] LegacyExchangeDN
Not sure if I would use the word respect but I certainly
would be along for the ride with effort and knowledge and hard work required.
:o)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
MulnickSent: Tuesday, July 05, 2005 9:48
Is ADSizer still the best tool to do capacity planning for AD? Or
does anyone have an nice Excel spreadsheet that would also be
applicable to Windows 2003?
TIA
-Eric
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
The ADSizer is still the 'first shot, best guess' tool for the newer
technologist working with AD. Given 3 - 6 mos. of experience with AD, one
should be able to determine for themselves what 'Best Practices' for their
given environment should be.
The basic problem with the ADSizer, as I see it,
I have a question about a patching strategy for Domain controllers. We
have a single forest single domain, 4 dc's, when patching for security
patches should we do all the DC's at once, or do half of them or should
we introduce a test lab or lastly a latent replicated production site
with a dc in
Title: Re: [ActiveDir] Can't get rid of old DC in Sites and Services
I find that ADSI.MMC works best. Right click and
delete.
-Z.V.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
OrlandoSent: Tuesday, July 05, 2005 10:14 AMTo: Active
Directory Mailing ListSubject:
That's a a bit like using invisible paint, you can't see it but it's still
there.
-Original Message-
From: Za Vue [EMAIL PROTECTED]
Date: Tue, 5 Jul 2005 13:49:37
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Can't get rid of old DC in Sites and Services
I find that
Hi Murray,
In our environment I utilize WSUS by Microsoft.
I've created a WSUS Pilot Group and placed several servers in it, one of
them being a DC. When MS releases new patches, they are reviewed then
approved for the Pilot Group first. After the servers in the Pilot Group
have the update
How about: (and maybe not in this order)
1) Install a test environment - test patches before implementation
2) Patch half after compatibility and performance, then patch the others
within 48 hrs. (less, if you're feeling comfortable or the patch is of a
very critical and high risk category)
3)
I've been wondering about this same thing. I was just recently promoted
to server administrator of about 30 servers. What would be the easiest
way to make sure a patch doesn't interfere with Exchange, SQL, IIS, etc?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Good point, and one that I should mention. One strategy that many smaller
shops do take is that they are not really in a position to do all of the
levels of testing usually required to detect and mitigate any regression
issues that might come up in specific systems.
Therefore, what I've done in
I run a small shop (~40 servers) and I have a testlab set up. A couple
of DCs, a mail server, a few other things. Built from old desktops and
VMs. I migrated all our user accounts into that lab when I built our AD,
so it was synched at the beginning, but is now out of synch. That's OK,
it helps
Hi,
Not to hijack the session or to give other good advices as Rick did :), but u
may be interested about the new WSUS (Windows Server Update Services) that MS
has released a few months ago.
U can download it at this link:
Ladies and Gentlemen,
Is it true that we can assume that [for the most part] all patches and
all hotfixes released prior to the date of a major Service Pack are
included in the Service Pack?
Thanks.
RH
_
Rocky Habeeb
Microsoft Systems Administrator
James W. Sewall
Has someone used the built in Server 2003 network load balancing cluster
solution? I have two servers that both host multiple web sites that I would
like to use this solution with. I have some questions about the
implementation of...
If you could e-mail me offline, I would like to ask a few
Great advice Charlie, thanks.
So for your test lab did you just setup a test domain? Is there any
risk of the test servers such as Exchange, SQL, etc. interfering with
the production domain?
Sorry if that's a stupid question. I'm just getting started with this
server administration stuff and
Let me restate what I just read...
Can we assume that NOT all patches and hotfixes released prior to the SP are
included in the SP.
The for the most part kind of throws off what your intent I think may have
been.
However I think it makes it an accurate statement in that *not* all
No, from experience this is not the case, the service pack is base lined to
a point in time. So patches could be dated prior to the SP's release but
actually be a post SP fix.
The footnotes usually give a clue to the status of the Hotfix.
For example in the footer of article KB885894 you can
Should all the DC's be patched at once or patch 2 out of the 4 wait and
see, then patch the other 2 a week later
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser
Sent: Tuesday, July 05, 2005 2:12 PM
To: ActiveDir@mail.activedir.org
Subject:
You should have a test lab. When you have a production environment that you
can't afford to have go down you should always have a test lab to verify
patches and upgrades, etc. Outside of that it is usually good to designate a
dog food server or two. These are the first production servers that get
I built a separate single-domain forest (like production) with a
different name. Used Quest's fastlane migrator to migrate all the old
NT4 accounts to both our new production AD and the testlab. We aren't
big enough to warrant an isolated subnet, so there is physical
connectivity between the
No, not really. Up to the close date for inclusion INTO a SP (and there are
LOTS of factors that affect what does and doesn't make the SP) will be in
the SP.
If we assume that the close date for a given SP is D\M\, and the SP is
SPx, then any patch released after the date is either post SPx,
We use this vbs script file from Microsoft successfully called
metacleaner.vbs. I have attached the file called metacleaner.vbs.txt.
You need to rename it to metacleaner.vbs. Just type metacleaner at the
command prompt and it will show you the domain controllers it knows of.
Note the disclaimer
Return Receipt
Your RE: [ActiveDir] Can't get rid of old DC in Sites and
document: Services
wasJustin Leney/US/DCI
received
by:
at:07/05/2005 05:50:47 PM
This e-mail, and any attachment, is intended only for the person or entity to
which it is
Al,
Hmmm, that IS a pain, thanks for that.
The cutover isnt just for DNS, we are also cutting over the entire comms
infrastructure and firewalls as part of the process. We have simply allowed
two days for the whole process to take place. I'm hoping the DNS part
shoould be in place well
Thanks Jorge.
The benefits of moving
to AD-I zones will pretty much mean I will need to move DNS onto the DC's.
During the transition process, we will need to have the
DNS servers in and running a couple of months prior to the cutover. Am I correct
in saying that I can install DNS onto
We are using an AX100 EMC external device.
Thanks
Jenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, July 04, 2005 4:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Windows 2003 Shadow Copy
Jenn,
Hi,
I have a new
server with 4GB Ram and 3 (72GB) 15K drives. Wondering what the best way
to set this up would be. I was planning on doing a raid mirror on 2 of the
drives and having the 3rd by itself. any suggestions on how I should
partition / where I should install the OS / ntds files,
Nice boss my boss always wants to know if something has gone wrong ---
Who does he fire ;)
C
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: 04 July 2005 10:08 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Corrupted NTDS.dit
If
Well, he can leave the filters in place between the vlans on the routers.
They're there for a good reason maybe. But add exceptions to these ACLs to
allow traffic from the clients to any DC. We have three DCs servicing I
don't know how many vlans in one building at the CO, I'd guess in the 500+
Just RAID5 the three of them together. 1 on its own is a silly idea in a
server really if it supports raid. 15K RPM drives are going to sustain a
significant amount of iops before you see a perf hit.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
Anybody done the schema extensions to support HPQ iLO/RiLOE II
integration with AD. Im thinking about it. Were pushing out 50
380s with RiLOE II boards in the next four weeks to all over kingdom come.
If you have, hows it work from the ilo standpoint? ADUC extensions
work ok?
--brian
Jenn,
Quick check shows that the unit is designed to serve (at least in the
Windows world) as a file and print storage system for Windows 2000 and
Server 2003, as well as Exchange 2003.
Simply by that, I'd come to the conclusion that if there is a problem with
Shadow Copy functionality, there
Hi Brian,
Youll need to get a certificate for
the domain controllers to enable LDAP/SSL (636 port)
Easily done if you are using Windows CA
(not 3rd party) as the domain controllers will auto enrol the CA.
HP provides a rollout tool to mass
configure the RILO AD Integration portion
Thanks for the feedback, Freddy! I appreciate it.
We have a CA hierarchy in place so thats all ready to roll. The
boards are hot off the back of the truck, so, config is going to be part of the
imaging process.
ForestDnsZones wont work in a multidomain tree since all the riloe
stuff
66 matches
Mail list logo
