Great stuff. Thanks.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Free, Bob [mailto:r...@pge.com]
Sent: Tuesday, February 09, 2010 8:04 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Th
Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Whoa. They've done some serious updating to those articles in the last couple
of months. I've not seen those mentioned in any of the other lists I read -
where did you get those Bob? From your PFE or TAM? Or someplace more public
m: Ken Schaefer [...@adopenstatic.com]
Sent: Tuesday, February 09, 2010 5:11 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
I think Brian means that environments that already have problems (e.g. in
replication) may experience issues when you propagate schema changes, or
e MVP
http://TheEssentialExchange.com
-Original Message-
From: Free, Bob [mailto:r...@pge.com]
Sent: Tuesday, February 09, 2010 5:07 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
>I'm assuming you mean multiple domains/forests/trusts?
It *could* h
2010 2:55 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Can you expand on that? I don’t see how a schema change in itself causes
problems. I'm assuming you mean multiple domains/forests/trusts?
(Our site is W2K3 D/FFL - One domain/forest, lots of pretty W2K
: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Can you expand on that? I don’t see how a schema change in itself causes
problems. I'm assuming you mean multiple domains/forests/trusts?
(Our site is W2K3 D/FFL - One domain/forest, lots of pretty W2K3 boxes :)
---
d.com]
Sent: 08 February 2010 19:00
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Sort of. I've seen this cause issues in large (and messy) customer environments
before.
Thanks,
Brian Desmond
br...@briandesmond.com
c – 312.731.3132
> -Original Message-
gt; To: NT System Admin Issues
> Subject: RE: Adding 2008 DC's... (revisited)
>
> Nit picker. :-)
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Brian Desmon
Nit picker. :-)
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-Original Message-
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Monday, February 08, 2010 12:55 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revi
d.com
c – 312.731.3132
> -Original Message-
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Monday, February 08, 2010 8:04 AM
> To: NT System Admin Issues
> Subject: RE: Adding 2008 DC's... (revisited)
>
> Adprep adds the schema changes.
&g
Ok! Thanks Michael. (trawling through this stuff can sometimes cloud the mind)
-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: 08 February 2010 14:04
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Adprep adds the schema ch
Admin Issues
Subject: RE: Adding 2008 DC's... (revisited)
Hi all,
(Apologies for the long unwieldy sentences!)
(D/FL = Domain/Forest Functional Level)
I just wondered if anyone can confirm that the AD DS updates/Schema changes and
features are all performed during the Adprep before you in
ing info/requirements to start moving to W2K8. First stage is to
get one W2K8 DC in...
Thanks
Neal
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: 27 January 2010 06:16
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
The particular issue Bob noted is o
January 25, 2010 5:05 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Hi from a lurker :)
Can I just thank you guys for this heads and your post Bob... Im tasked with
investigating a 2003>2008 domain raise this year and this is an awesome
starting poi
mer
Senior Technical Support Officer
UWIC, Cardiff, Wales...
___
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: 09 January 2010 02:55
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
It
27;
_
From: David Lum [mailto:david@nwea.org]
Sent: Friday, January 08, 2010 11:00 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Yeah, intellectually I get that. It's frustrating to me because it goes from
someone who actually _likes_ to pay atte
8 Jan 2010 08:00:05
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Yeah, intellectually I get that. It's frustrating to me because it goes from
someone who actually_likes_ to pay attention to that stuff to a team that
couldn't care less about it and will do the minim
Issues
Subject: RE: Adding 2008 DC's...
Michael- I'm probably further in your debt than the other way around :)
One thing this conversation did stir up in my addled old brain that is actually
germane to the "what happens when I flip the bit" question is that when you
switch D
iday, January 08, 2010 3:35 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Thanks Bob!
Let me buy you one (or a few) at TEC...
From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, January 08, 2010 6:22 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's..
Thanks Bob!
Let me buy you one (or a few) at TEC...
From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, January 08, 2010 6:22 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
> I haven't seen anything documented about raising the DFL/FFL causing security
> cha
.@umn.edu]
Sent: Friday, January 08, 2010 6:29 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
I haven't seen anything documented about raising the DFL/FFL causing
security changes. Do you have anything about this that you can share?
I have seen the 2008 DCs remov
TGIF…I think.
>
> *David Lum** **// *SYSTEMS ENGINEER BUT MAYBE SHOULD BE HELP DESK TECH
>
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025
> *// *(Cell) 503.267.9764
>
>
>
>
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Th
: RE: Adding 2008 DC's...
Yeah, intellectually I get that. It's frustrating to me because it goes
from someone who actually _likes_ to pay attention to that stuff to a
team that couldn't care less about it and will do the minimum necessary
to roll it out, they'll do it
de, that blows.
>
>
>
> Carefully document your “I told you so’s” for when it explodes
> spectacularly!
>
>
>
> -sc
>
>
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Friday, January 08, 2010 9:16 AM
>
> *To:* NT System Admin Issues
>
, January 08, 2010 8:29 AM
To: NT System Admin Issues
Subject: Re: Adding 2008 DC's...
Was there any explanation as to why they chose the other team to handle this
particular task? If not, I would discuss it with one of the decision makers
before thinking the worst. It sounds like you
d actually get proficient at one of ‘em.
>
>
>
> *From:* Kim Longenbaugh [mailto:k...@colonialsavings.com]
> *Sent:* Friday, January 08, 2010 6:23 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Adding 2008 DC's...
>
>
>
> Not demoted, just a vi
ay, January 08, 2010 6:23 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Not demoted, just a victim of political maneuvering, or a decision by some PHB
that hasn't reset his Etch-a-Sketch lately.
From: David Lum [mailto:david@nwea
Dude, that blows.
Carefully document your "I told you so's" for when it explodes
spectacularly!
-sc
From: David Lum [mailto:david@nwea.org]
Sent: Friday, January 08, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
Amazing, after a m
the support back.
-Mike
From: bounce-8784996-8243...@lyris.sunbelt-software.com
[mailto:bounce-8784996-8243...@lyris.sunbelt-software.com] On Behalf Of Michael
B. Smith
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
It removes a number
ce-8784996-8243...@lyris.sunbelt-software.com
[mailto:bounce-8784996-8243...@lyris.sunbelt-software.com] On Behalf Of
Michael B. Smith
Sent: Thursday, January 07, 2010 12:51 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
It removes a number of "obsolete" security
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, January 07, 2010 10:51 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
It removes a number of "obsolete" security options.
I quote the word "obsolete" because some older/insecure
lto:mich...@smithcons.com]
Sent: Thursday, January 07, 2010 10:51 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
It removes a number of "obsolete" security options.
I quote the word "obsolete" because some older/insecure products depend on
them. Older ver
"CAS" that allowed a single
sign-on to Apache/IIS/and Windows by actually doing a man-in-the-middle attack!
It depended on this too.
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, January 07, 2010 1:36 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
>From what I've read changing the functional level to 2008 doesn't really "do"
>anything I particular anyway, right?
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, January 07, 2010 9:09 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC
Agreed. 2008 R2 is the plan actually, but from my org's perspective going to
2008 or 2008 R2 is the same level of change.
Dave
From: Tim Vander Kooi [mailto:tvanderk...@expl.com]
Sent: Thursday, January 07, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
I
It is a significant change... but a very safe one, IMO.
If you aren't doing anything specifically custom that might barf on
seeing NEW schema attributes show up, this is a non-impact operation.
-sc
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, January 07, 2010 12:00 PM
To
Sent: Thursday, January 07, 2010 12:12 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...
The only issue I've had so far is when there are legacy unix/linux clients
authenticating to AD using samba. We have some older storage appliances that
are out of support that wo
The only issue I've had so far is when there are legacy unix/linux clients
authenticating to AD using samba. We have some older storage appliances that
are out of support that wont authenticate after upgrading a single DC to 2008.
-mb
From: David Lum [mailto:david@nwea.org]
Sent: Thursday,
You have to run the schema upgrade, but nothing says that you ever have to bump
the domain functional level or the forest functional level.
I've done this for a number of customers, with no ill effect.
I'd recommend you roll out 2008 or 2008 R2. It'll save you work in the future.
From: David Lu
I am curious why you would only go to Server 2008 and not 2008 R2? If you are
going to begin your migration of AD to a newer version why not go to the latest
one available instead of remaining a couple of years behind?
Having at least one DC at 2008 R2 will also make more of the "better together"
40 matches
Mail list logo
