| Author | Messages | |
ramstryke
Posts:20
 | | 03/18/2008 7:29 AM |
| Hey folks,
I'm trying to think if there are any ties that require
DHCP services in an AD environment to be run on
Windows. Is there such requirement or recommendation?
I can see why DNS may be best suited to remain on
Windows machines (ADI, DDNS, secure, etc pls correct
me if I'm wrong), but how about DHCP services?
Aside from secure DNS updates from a Win DHCP server
for non-capable registering systems, what am I missing
here?
Thanks for your wisdom!
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| neilruston
Posts:164
| | 03/18/2008 7:45 AM |
| Previous threads have discussed the appliance solutions available in
this space and other full address management systems, such as QIP.
My personal response is this (random dump!):
- Assess your requirements
- Can your requirements be met by a non-Windows solution?
- DNS and DHCP are (in the main) standard, RFC defined components
- Most of us used DNS and DHCP on non-Windows systems years ago (and
perhaps didn't realise!)
- Many of us have DNS and/or DHCP running on non-Windows systems today
- It can be done 
- You may find your TCO increases as you increase the number of
components / solutions
- Conversely, you may find you have internal DNS and DHCP expertise
outside the Windows arena anyway
- Some solutions are quite 'black box' IMO and you're at the mercy of
the vendor to support / maintain
As usual 'it depends' and 'I don't know anything about your environment'
. . .
neil
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of RMS
Sent: 18 March 2008 11:27
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Non-Windows DHCP in AD environment
Hey folks,
I'm trying to think if there are any ties that require
DHCP services in an AD environment to be run on
Windows. Is there such requirement or recommendation?
I can see why DNS may be best suited to remain on
Windows machines (ADI, DDNS, secure, etc pls correct
me if I'm wrong), but how about DHCP services?
Aside from secure DNS updates from a Win DHCP server
for non-capable registering systems, what am I missing
here?
Thanks for your wisdom!
________________________________________________________________________
____________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.
This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| laurarobinson
Posts:96
| | 03/18/2008 8:05 AM |
| Depends if you're planning to use NAP in WS08 with DHCP enforcement.
Laura
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of RMS
Sent: Tuesday, March 18, 2008 7:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Non-Windows DHCP in AD environment
Hey folks,
I'm trying to think if there are any ties that require
DHCP services in an AD environment to be run on
Windows. Is there such requirement or recommendation?
I can see why DNS may be best suited to remain on
Windows machines (ADI, DDNS, secure, etc pls correct
me if I'm wrong), but how about DHCP services?
Aside from secure DNS updates from a Win DHCP server
for non-capable registering systems, what am I missing
here?
Thanks for your wisdom!
____________________________________________________________________________
________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1331 - Release Date: 3/16/2008
10:34 AM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1331 - Release Date: 3/16/2008
10:34 AM
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ramstryke
Posts:20
| | 03/18/2008 8:20 AM |
| No NAP plans at least not MS's flavor. Our biggest
thing is that we have a large mixed platform base and
we're looking to perform some non standard activities
for DHCP that the normal Windows DHCP can't provide.
Namely IP control for one.
I'm just trying to gather advice if there are caveats
on the AD/Windows infrastructure side of things. At
least just for DHCP at this time. I would imagine
moving DNS is more involved than DHCP.
Thanks!
--- "Laura A. Robinson" <laurarobinson@verizon.net>
wrote:
> Depends if you're planning to use NAP in WS08 with
> DHCP enforcement.
>
> Laura
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of RMS
> Sent: Tuesday, March 18, 2008 7:27 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Non-Windows DHCP in AD
> environment
>
> Hey folks,
>
> I'm trying to think if there are any ties that
> require
> DHCP services in an AD environment to be run on
> Windows. Is there such requirement or
> recommendation?
> I can see why DNS may be best suited to remain on
> Windows machines (ADI, DDNS, secure, etc pls correct
> me if I'm wrong), but how about DHCP services?
>
> Aside from secure DNS updates from a Win DHCP server
> for non-capable registering systems, what am I
> missing
> here?
>
> Thanks for your wisdom!
>
>
>
>
>
____________________________________________________________________________
> ________
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search.
>
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
> Release Date: 3/16/2008
> 10:34 AM
>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
> Release Date: 3/16/2008
> 10:34 AM
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| miller4
Posts:13
| | 03/18/2008 8:25 AM |
| We use open source DHCP running on a Red Hat Linux box with no problems
at all. We like the flexibility and control of which MAC addresses will
be serviced.
The AD member workstations simply register their IP numbers in the AD
integrated DDNS. It doesn't matter how the IP numbers were assigned.
Michael J. Miller
Computing Services
College of Veterinary Medicine
University of Illinois at Urbana-Champaign
_________________________________________________________________
RMS wrote:
> No NAP plans at least not MS's flavor. Our biggest
> thing is that we have a large mixed platform base and
> we're looking to perform some non standard activities
> for DHCP that the normal Windows DHCP can't provide.
> Namely IP control for one.
>
> I'm just trying to gather advice if there are caveats
> on the AD/Windows infrastructure side of things. At
> least just for DHCP at this time. I would imagine
> moving DNS is more involved than DHCP.
>
> Thanks!
>
> --- "Laura A. Robinson" <laurarobinson@verizon.net>
> wrote:
>
>
>> Depends if you're planning to use NAP in WS08 with
>> DHCP enforcement.
>>
>> Laura
>>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org
>> [mailto:ActiveDir-owner@mail.activedir.org] On
>> Behalf Of RMS
>> Sent: Tuesday, March 18, 2008 7:27 AM
>> To: ActiveDir@mail.activedir.org
>> Subject: [ActiveDir] Non-Windows DHCP in AD
>> environment
>>
>> Hey folks,
>>
>> I'm trying to think if there are any ties that
>> require
>> DHCP services in an AD environment to be run on
>> Windows. Is there such requirement or
>> recommendation?
>> I can see why DNS may be best suited to remain on
>> Windows machines (ADI, DDNS, secure, etc pls correct
>> me if I'm wrong), but how about DHCP services?
>>
>> Aside from secure DNS updates from a Win DHCP server
>> for non-capable registering systems, what am I
>> missing
>> here?
>>
>> Thanks for your wisdom!
>>
>>
>>
>>
>>
>>
> ____________________________________________________________________________
>
>> ________
>> Looking for last minute shopping deals?
>> Find them fast with Yahoo! Search.
>>
>>
> http://tools.search.yahoo.com/newsearch/category.php?category=shopping
>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive:
>> http://www.activedir.org/ma/default.aspx
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
>> Release Date: 3/16/2008
>> 10:34 AM
>>
>>
>> No virus found in this outgoing message.
>> Checked by AVG.
>> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
>> Release Date: 3/16/2008
>> 10:34 AM
>>
>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive:
>> http://www.activedir.org/ma/default.aspx
>>
>>
>
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| amulnick
Posts:143
| | 03/19/2008 8:01 PM |
| Yep, both will work just fine as a separate entity as long as they are able
to support the requirements (most current do) of AD.
Some of the things you give up - Active Directory integration on the server
side. If you wanted to let DHCP register for you, that's best done with the
ADI version. If you want the client security that goes along with the ADI
version of DNS, then you'll be without it with a third party. If you wanted
to take advantage of the replication engine that ADI can use (Active
Directory replication) then you'll give that up if you use a third party
system.
Otherwise, the only other thing that comes to mind that I've run into is
that if you use a non-Microsoft DHCP or DNS and need a specific feature that
Microsoft needs, then you'll have a new vendor in the mix and in your
critical path. Not a show-stopper by any means but something to consider
for your environment.
I ran into that with QIP several years back. The client had QIP and wanted
to use it (it costs money, so you may as well use it right?) but it had a
few "flaws" and also would only run on a lower rev of Windows. Upgrading
was a hassle because it required a different vendor to be involved vs.
getting it from Microsoft who had already tested their own stuff against the
upgrade (and needed it).
Personally, I have no qualms about using either soultion or mixing them up
when necessary.
On Tue, Mar 18, 2008 at 8:25 AM, Michael Miller <miller4@uiuc.edu> wrote:
> We use open source DHCP running on a Red Hat Linux box with no problems
> at all. We like the flexibility and control of which MAC addresses will
> be serviced.
>
> The AD member workstations simply register their IP numbers in the AD
> integrated DDNS. It doesn't matter how the IP numbers were assigned.
>
>
> Michael J. Miller
>
> Computing Services
> College of Veterinary Medicine
> University of Illinois at Urbana-Champaign
> _________________________________________________________________
>
>
>
> RMS wrote:
> > No NAP plans at least not MS's flavor. Our biggest
> > thing is that we have a large mixed platform base and
> > we're looking to perform some non standard activities
> > for DHCP that the normal Windows DHCP can't provide.
> > Namely IP control for one.
> >
> > I'm just trying to gather advice if there are caveats
> > on the AD/Windows infrastructure side of things. At
> > least just for DHCP at this time. I would imagine
> > moving DNS is more involved than DHCP.
> >
> > Thanks!
> >
> > --- "Laura A. Robinson" <laurarobinson@verizon.net>
> > wrote:
> >
> >
> >> Depends if you're planning to use NAP in WS08 with
> >> DHCP enforcement.
> >>
> >> Laura
> >>
> >> -----Original Message-----
> >> From: ActiveDir-owner@mail.activedir.org
> >> [mailto:ActiveDir-owner@mail.activedir.org] On
> >> Behalf Of RMS
> >> Sent: Tuesday, March 18, 2008 7:27 AM
> >> To: ActiveDir@mail.activedir.org
> >> Subject: [ActiveDir] Non-Windows DHCP in AD
> >> environment
> >>
> >> Hey folks,
> >>
> >> I'm trying to think if there are any ties that
> >> require
> >> DHCP services in an AD environment to be run on
> >> Windows. Is there such requirement or
> >> recommendation?
> >> I can see why DNS may be best suited to remain on
> >> Windows machines (ADI, DDNS, secure, etc pls correct
> >> me if I'm wrong), but how about DHCP services?
> >>
> >> Aside from secure DNS updates from a Win DHCP server
> >> for non-capable registering systems, what am I
> >> missing
> >> here?
> >>
> >> Thanks for your wisdom!
> >>
> >>
> >>
> >>
> >>
> >>
> >
> ____________________________________________________________________________
> >
> >> ________
> >> Looking for last minute shopping deals?
> >> Find them fast with Yahoo! Search.
> >>
> >>
> > http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> >
> >> List info : http://www.activedir.org/List.aspx
> >> List FAQ : http://www.activedir.org/ListFAQ.aspx
> >> List archive:
> >> http://www.activedir.org/ma/default.aspx
> >>
> >> No virus found in this incoming message.
> >> Checked by AVG.
> >> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
> >> Release Date: 3/16/2008
> >> 10:34 AM
> >>
> >>
> >> No virus found in this outgoing message.
> >> Checked by AVG.
> >> Version: 7.5.519 / Virus Database: 269.21.7/1331 -
> >> Release Date: 3/16/2008
> >> 10:34 AM
> >>
> >>
> >> List info : http://www.activedir.org/List.aspx
> >> List FAQ : http://www.activedir.org/ListFAQ.aspx
> >> List archive:
> >> http://www.activedir.org/ma/default.aspx
> >>
> >>
> >
> >
> >
> >
> ____________________________________________________________________________________
> > Never miss a thing. Make Yahoo your home page.
> > http://www.yahoo.com/r/hs
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.activedir.org/ma/default.aspx
> >
> >
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
| | | |
| laurarobinson
Posts:96
| | 03/19/2008 8:46 PM |
| QIP. <hiss…rattle…hiss>
Laura
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
I ran into that with QIP several years back. The client had QIP and wanted to use it (it costs money, so you may as well use it right?) but it had a few "flaws" and also would only run on a lower rev of Windows. Upgrading was a hassle because it required a different vendor to be involved vs. getting it from Microsoft who had already tested their own stuff against the upgrade (and needed it).
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008 8:10 AM
| | | |
| amulnick
Posts:143
| | 03/20/2008 3:25 PM |
| | Wimp.
On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson <
laurarobinson@verizon.net> wrote:
> QIP. <hiss…rattle…hiss>
>
>
>
> Laura
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Al Mulnick
>
>
>
> I ran into that with QIP several years back. The client had QIP and
> wanted to use it (it costs money, so you may as well use it right?) but it
> had a few "flaws" and also would only run on a lower rev of Windows.
> Upgrading was a hassle because it required a different vendor to be involved
> vs. getting it from Microsoft who had already tested their own stuff against
> the upgrade (and needed it).
>
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008
> 8:10 AM
>
>
| | | |
| JackP
Posts:40
| | 03/20/2008 3:30 PM |
| QIP...worst thing since the bubonic plague (at least he plague did what it
was supposed to do).
"Laura A. Robinson" <laurarobinson@verizon.net>
Sent by: ActiveDir-owner@mail.activedir.org
03/19/2008 08:44 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] Non-Windows DHCP in AD environment
QIP. <hiss?rattle?hiss>
Laura
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
I ran into that with QIP several years back. The client had QIP and
wanted to use it (it costs money, so you may as well use it right?) but it
had a few "flaws" and also would only run on a lower rev of Windows.
Upgrading was a hassle because it required a different vendor to be
involved vs. getting it from Microsoft who had already tested their own
stuff against the upgrade (and needed it).
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008
8:10 AM
| | | |
| jw1
Posts:0
| | 03/20/2008 3:30 PM |
| Back when I was a DNS/DHCP/IPAM admin we didn’t HAVE QIP. We had NetID. And we had to walk uphill BOTH ways in the snow just to create a new scope or zone. And then the java server would crash and we’d have to walk back downhill to restart it…
Then AD was discovered and we quickly clustered DHCP and installed DNS into the ultra-secure empty root domain.
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
Sent: Thursday, March 20, 2008 2:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Non-Windows DHCP in AD environment
Wimp.
On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson <laurarobinson@verizon.net> wrote:
QIP. <hiss…rattle…hiss>
Laura
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
I ran into that with QIP several years back. The client had QIP and wanted to use it (it costs money, so you may as well use it right?) but it had a few "flaws" and also would only run on a lower rev of Windows. Upgrading was a hassle because it required a different vendor to be involved vs.
getting it from Microsoft who had already tested their own stuff against the upgrade (and needed it).
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008 8:10 AM
| | | |
| laurarobinson
Posts:96
| | 03/20/2008 3:55 PM |
| Nah, just technotard-software averse. ;-)
Laura
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
Sent: Thursday, March 20, 2008 3:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Non-Windows DHCP in AD environment
Wimp.
On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson <HYPERLINK "mailto:laurarobinson@verizon.net"laurarobinson@verizon.net> wrote:
QIP. <hiss…rattle…hiss>
Laura
From: HYPERLINK "mailto:ActiveDir-owner@mail.activedir.org" \nActiveDir-owner@mail.activedir.org [mailto:HYPERLINK "mailto:ActiveDir-owner@mail.activedir.org" \nActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
I ran into that with QIP several years back. The client had QIP and wanted to use it (it costs money, so you may as well use it right?) but it had a few "flaws" and also would only run on a lower rev of Windows. Upgrading was a hassle because it required a different vendor to be involved vs. getting it from Microsoft who had already tested their own stuff against the upgrade (and needed it).
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008 8:10 AM
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008 8:10 AM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008 8:10 AM
| | | |
| listmail
Posts:494
| | 03/21/2008 10:34 AM |
| I worked in a very large environment and we used QIP, I had no issues with
it once we were configured. Then we didn't run it either, we had DNS/DHCP
experts (true experts, not people who knew how to click on the DNS DHCP
Management MMC Icons) but this is important in all areas of IT management
and often screwed up. We also didn't run QIP on Windows, it was on a unix
flavor which may have had a lot to do with its stability, etc.
I think one of the things we all really liked about it was a the ability to
truly delegate the security to update various portions of it and handle it
through a nice interface. Something that to my knowledge is absolutely and
completely lacking in the MSFT toolbox. Also people in the MSFT world still
seem to think that a single DNS zone of say NorthAmerica.Domain.Com is a
good thing and do it because that is the actual AD domain name for that
region even if it is 100,000+ people and even more machines... People like
to bitch about WINS and then go and design flat DNS "hierarchies"... Happy
Friday.
My biggest complaint I recall was not having scavenging on but I spent an
afternoon and wrote a perl script that did the scavenging and never checked
again to see if they turned QIP's scavenging on.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Laura A. Robinson
Sent: Thursday, March 20, 2008 3:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Non-Windows DHCP in AD environment
Nah, just technotard-software averse. ;-)
Laura
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
Sent: Thursday, March 20, 2008 3:21 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Non-Windows DHCP in AD environment
Wimp.
On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson
<laurarobinson@verizon.net> wrote:
QIP. <hiss.rattle.hiss>
Laura
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
I ran into that with QIP several years back. The client had QIP and wanted
to use it (it costs money, so you may as well use it right?) but it had a
few "flaws" and also would only run on a lower rev of Windows. Upgrading
was a hassle because it required a different vendor to be involved vs.
getting it from Microsoft who had already tested their own stuff against the
upgrade (and needed it).
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008
8:10 AM
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008
8:10 AM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.7/1333 - Release Date: 3/18/2008
8:10 AM
| | | |
| ramstryke
Posts:20
| | 03/21/2008 10:54 AM |
| Thanks for all the replies folks! I guess it depends
on what we're trying to accomplish, but it seems that
consensus is that it can be done and there is no
problem with using a non-win DHCP system.
With that said, joe's email brings up another
interesting question I have. My apologies as I
totally go OT..
The part where joe describes one domain
"NorthAmerica.Domain.Com" and one DNS zone. Please
forgive my total newbness when I ask, isn't it
generally one DNS zone per domain, at least by general
default? Say you do have a domain that is 100K+
devices, aren't you limited to one DNS zone
inherently? Or am I completely missing the point and
there are other options?
Thanks again all!
--- joe <listmail@joeware.net> wrote:
> I worked in a very large environment and we used
> QIP, I had no issues with
> it once we were configured. Then we didn't run it
> either, we had DNS/DHCP
> experts (true experts, not people who knew how to
> click on the DNS DHCP
> Management MMC Icons) but this is important in all
> areas of IT management
> and often screwed up. We also didn't run QIP on
> Windows, it was on a unix
> flavor which may have had a lot to do with its
> stability, etc.
>
> I think one of the things we all really liked about
> it was a the ability to
> truly delegate the security to update various
> portions of it and handle it
> through a nice interface. Something that to my
> knowledge is absolutely and
> completely lacking in the MSFT toolbox. Also people
> in the MSFT world still
> seem to think that a single DNS zone of say
> NorthAmerica.Domain.Com is a
> good thing and do it because that is the actual AD
> domain name for that
> region even if it is 100,000+ people and even more
> machines... People like
> to bitch about WINS and then go and design flat DNS
> "hierarchies"... Happy
> Friday.
>
> My biggest complaint I recall was not having
> scavenging on but I spent an
> afternoon and wrote a perl script that did the
> scavenging and never checked
> again to see if they turned QIP's scavenging on.
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> _____
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Laura A. Robinson
> Sent: Thursday, March 20, 2008 3:51 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Non-Windows DHCP in AD
> environment
>
>
>
> Nah, just technotard-software averse. ;-)
>
>
>
> Laura
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Al Mulnick
> Sent: Thursday, March 20, 2008 3:21 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Non-Windows DHCP in AD
> environment
>
>
>
> Wimp.
>
> On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson
> <laurarobinson@verizon.net> wrote:
>
> QIP. <hiss.rattle.hiss>
>
>
>
> Laura
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Al Mulnick
>
>
>
> I ran into that with QIP several years back. The
> client had QIP and wanted
> to use it (it costs money, so you may as well use it
> right?) but it had a
> few "flaws" and also would only run on a lower rev
> of Windows. Upgrading
> was a hassle because it required a different vendor
> to be involved vs.
> getting it from Microsoft who had already tested
> their own stuff against the
> upgrade (and needed it).
>
>
>
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG.
>
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
>
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| bdesmond
Posts:414
| | 03/21/2008 10:59 AM |
| You can do different dns namespaces so your PCs might be in:
pc1.atlanta.northamerica.domain.com
pc2.chicago.northamerica.domain.com
or
pc1.atlanta.someotherdomain.com
etc
and still just have AD be northamerica.domain.com
--brian
On Fri, Mar 21, 2008 at 10:49 AM, RMS <ramstryke@yahoo.com> wrote:
> Thanks for all the replies folks! I guess it depends
> on what we're trying to accomplish, but it seems that
> consensus is that it can be done and there is no
> problem with using a non-win DHCP system.
>
> With that said, joe's email brings up another
> interesting question I have. My apologies as I
> totally go OT..
>
> The part where joe describes one domain
> "NorthAmerica.Domain.Com <http://northamerica.domain.com/>" and one DNS
> zone. Please
> forgive my total newbness when I ask, isn't it
> generally one DNS zone per domain, at least by general
> default? Say you do have a domain that is 100K+
> devices, aren't you limited to one DNS zone
> inherently? Or am I completely missing the point and
> there are other options?
>
> Thanks again all!
>
>
>
> --- joe <listmail@joeware.net> wrote:
>
> > I worked in a very large environment and we used
> > QIP, I had no issues with
> > it once we were configured. Then we didn't run it
> > either, we had DNS/DHCP
> > experts (true experts, not people who knew how to
> > click on the DNS DHCP
> > Management MMC Icons) but this is important in all
> > areas of IT management
> > and often screwed up. We also didn't run QIP on
> > Windows, it was on a unix
> > flavor which may have had a lot to do with its
> > stability, etc.
> >
> > I think one of the things we all really liked about
> > it was a the ability to
> > truly delegate the security to update various
> > portions of it and handle it
> > through a nice interface. Something that to my
> > knowledge is absolutely and
> > completely lacking in the MSFT toolbox. Also people
> > in the MSFT world still
> > seem to think that a single DNS zone of say
> > NorthAmerica.Domain.Com <http://northamerica.domain.com/> is a
> > good thing and do it because that is the actual AD
> > domain name for that
> > region even if it is 100,000+ people and even more
> > machines... People like
> > to bitch about WINS and then go and design flat DNS
> > "hierarchies"... Happy
> > Friday.
> >
> > My biggest complaint I recall was not having
> > scavenging on but I spent an
> > afternoon and wrote a perl script that did the
> > scavenging and never checked
> > again to see if they turned QIP's scavenging on.
> >
> > joe
> >
> >
> > --
> > O'Reilly Active Directory Third Edition -
> > http://www.joeware.net/win/ad3e.htm
> >
> >
> >
> > _____
> >
> > From: ActiveDir-owner@mail.activedir.org
> > [mailto:ActiveDir-owner@mail.activedir.org] On
> > Behalf Of Laura A. Robinson
> > Sent: Thursday, March 20, 2008 3:51 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Non-Windows DHCP in AD
> > environment
> >
> >
> >
> > Nah, just technotard-software averse. ;-)
> >
> >
> >
> > Laura
> >
> >
> >
> > From: ActiveDir-owner@mail.activedir.org
> > [mailto:ActiveDir-owner@mail.activedir.org] On
> > Behalf Of Al Mulnick
> > Sent: Thursday, March 20, 2008 3:21 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: Re: [ActiveDir] Non-Windows DHCP in AD
> > environment
> >
> >
> >
> > Wimp.
> >
> > On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson
> > <laurarobinson@verizon.net> wrote:
> >
> > QIP. <hiss.rattle.hiss>
> >
> >
> >
> > Laura
> >
> >
> >
> > From: ActiveDir-owner@mail.activedir.org
> > [mailto:ActiveDir-owner@mail.activedir.org] On
> > Behalf Of Al Mulnick
> >
> >
> >
> > I ran into that with QIP several years back. The
> > client had QIP and wanted
> > to use it (it costs money, so you may as well use it
> > right?) but it had a
> > few "flaws" and also would only run on a lower rev
> > of Windows. Upgrading
> > was a hassle because it required a different vendor
> > to be involved vs.
> > getting it from Microsoft who had already tested
> > their own stuff against the
> > upgrade (and needed it).
> >
> >
> >
> >
> >
> >
> >
> > No virus found in this outgoing message.
> > Checked by AVG.
> >
> > Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> > Release Date: 3/18/2008
> > 8:10 AM
> >
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG.
> > Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> > Release Date: 3/18/2008
> > 8:10 AM
> >
> >
> > No virus found in this outgoing message.
> > Checked by AVG.
> > Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> > Release Date: 3/18/2008
> > 8:10 AM
> >
> >
> >
>
>
>
>
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| TG
Posts:101
| | 03/21/2008 11:14 AM |
| Return Receipt
Your RE: [ActiveDir] Non-Windows DHCP in AD environment
document:
was tony.gordon@hewitt.com
received
by:
at: 03/21/2008 10:10:48 AM
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ramstryke
Posts:20
| | 03/21/2008 11:14 AM |
| Hmm.. I think I understand that. Please bear with me
while I try to hash this out.. How about the
logistics?
When machines join the northamerica.domain.com domain,
wont they pull domain's name
"northamerica.domain.com"?
Would having them use a different DNS space, yet same
actual AD domain require some other intervention?
--- Brian Desmond <brian@briandesmond.com> wrote:
> You can do different dns namespaces so your PCs
> might be in:
>
> pc1.atlanta.northamerica.domain.com
> pc2.chicago.northamerica.domain.com
>
> or
>
> pc1.atlanta.someotherdomain.com
>
> etc
>
> and still just have AD be northamerica.domain.com
>
> --brian
>
> On Fri, Mar 21, 2008 at 10:49 AM, RMS
> <ramstryke@yahoo.com> wrote:
>
> > Thanks for all the replies folks! I guess it
> depends
> > on what we're trying to accomplish, but it seems
> that
> > consensus is that it can be done and there is no
> > problem with using a non-win DHCP system.
> >
> > With that said, joe's email brings up another
> > interesting question I have. My apologies as I
> > totally go OT..
> >
> > The part where joe describes one domain
> > "NorthAmerica.Domain.Com
> <http://northamerica.domain.com/>" and one DNS
> > zone. Please
> > forgive my total newbness when I ask, isn't it
> > generally one DNS zone per domain, at least by
> general
> > default? Say you do have a domain that is 100K+
> > devices, aren't you limited to one DNS zone
> > inherently? Or am I completely missing the point
> and
> > there are other options?
> >
> > Thanks again all!
> >
> >
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| listmail
Posts:494
| | 03/21/2008 11:40 AM |
| There is a checkbox on the machines that says something like "Change Primary
DNS suffix when domain membership changes" that is by default checked, you
can uncheckit. There is also a reg key you can dork with which is what this
key ties to, don't recall what it is off the top of my head though.
But as Brian indicated, you can have a disjoint namespace where the machines
are not in the same zone as the name of the AD Domain. Having several
hundred thousand machines in a single zone is generally silly IMO as would
be rare that one group of admins manage all of them.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of RMS
Sent: Friday, March 21, 2008 11:12 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Non-Windows DHCP in AD environment
Hmm.. I think I understand that. Please bear with me
while I try to hash this out.. How about the
logistics?
When machines join the northamerica.domain.com domain,
wont they pull domain's name
"northamerica.domain.com"?
Would having them use a different DNS space, yet same
actual AD domain require some other intervention?
--- Brian Desmond <brian@briandesmond.com> wrote:
> You can do different dns namespaces so your PCs
> might be in:
>
> pc1.atlanta.northamerica.domain.com
> pc2.chicago.northamerica.domain.com
>
> or
>
> pc1.atlanta.someotherdomain.com
>
> etc
>
> and still just have AD be northamerica.domain.com
>
> --brian
>
> On Fri, Mar 21, 2008 at 10:49 AM, RMS
> <ramstryke@yahoo.com> wrote:
>
> > Thanks for all the replies folks! I guess it
> depends
> > on what we're trying to accomplish, but it seems
> that
> > consensus is that it can be done and there is no
> > problem with using a non-win DHCP system.
> >
> > With that said, joe's email brings up another
> > interesting question I have. My apologies as I
> > totally go OT..
> >
> > The part where joe describes one domain
> > "NorthAmerica.Domain.Com
> <http://northamerica.domain.com/>" and one DNS
> > zone. Please
> > forgive my total newbness when I ask, isn't it
> > generally one DNS zone per domain, at least by
> general
> > default? Say you do have a domain that is 100K+
> > devices, aren't you limited to one DNS zone
> > inherently? Or am I completely missing the point
> and
> > there are other options?
> >
> > Thanks again all!
> >
> >
____________________________________________________________________________
________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| laurarobinson
Posts:96
| | 03/21/2008 11:40 AM |
| By general default, most people build one DNS zone per domain, I'd wager,
but that doesn't mean it's a requirement of DNS that it be that way. There
is an art to DNS design, IMO, and Joe is accurate (of course) in his beef
with MSFT DNS that it doesn't easily expose (or in some aspects, support)
some of the more artful approaches to DNS design.
One of the things about Microsoft's DNS implementation is that it was
introduced as the de facto name resolution mechanism for AD without there
being a large pool of administrators/architects who were skilled in DNS at
the time of its release. Most of the people who built MS-DNS in the early
days of AD were people who had previously worked with WINS as their primary
name resolution mechanism, and DNS had been left to "the UNIX guys". This
lack of industry experience with DNS in the pool of Windows administrators
meant that over the years of the evolution of AD and MS-DNS, the DNS
implementation became wizarded to the nth degree. Microsoft receives a HUGE
number of support calls because of misconfigured DNS, so their design
decisions have often been around making it easier to implement a functional
default than around offering guidance or exposure to more complicated
hierarchical designs.
However, to answer your base question, no, it is not a requirement that a
single AD domain be represented by a single DNS zone. You could have an AD
domain called "northamerica.company.com" with that domain being represented
by, for example, separate DNS zones such as:
Newyork.northeast.northamerica.company.com
Chicago.midwest.northamerica.company.com
Dallas.southwest.northamerica.company.com
Seattle.northwest.northamerica.company.com
Research.development.internal
Big.muckety.mucks
Problem.children.corp
Northamerica.company.com
There is no requirement that a machine's DNS suffix match the name of the AD
domain of which it is a member, btw. However, the simple reality is,
implementing something other than the default requires a solid knowledge of
DNS that too many people lack, which brings us back to design/guidance
decisions made that produce a functional default rather than
exposing/encouraging design options that, in all likelihood, many people
would muck up.
I used to have a mantra that I would pound into people's heads- there is no
[required] one-to-one mapping of AD domains to DNS zones. However, as soon
as I'd begin my discussion of what I meant by that, people's eyes would
usually glaze over and there'd be a general response of, "that's too hard;
we'll just stick with the default config", and I began to see why Microsoft
had wizarded DNS to death and created a default configuration that I have
never used. I never, ever build AD without building DNS first, and I never
use the default configuration that the AD build process constructs if you
let it. However, I'm either a dinosaur or just stubborn, because there are a
lot of people out there who will happily let dcpromo build their DNS and
live with having 100,000 machines in the same DNS zone.
Simply put, it requires more work and knowledge to build DNS without a
one-to-one mapping of AD domain to DNS zone, so most people don't do it. The
companies where I *do* see implementations that don't follow that default
configuration are almost always shops where the UNIX guys built DNS.
Just my pennies,
Laura
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of RMS
Sent: Friday, March 21, 2008 10:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Non-Windows DHCP in AD environment
Thanks for all the replies folks! I guess it depends
on what we're trying to accomplish, but it seems that
consensus is that it can be done and there is no
problem with using a non-win DHCP system.
With that said, joe's email brings up another
interesting question I have. My apologies as I
totally go OT..
The part where joe describes one domain
"NorthAmerica.Domain.Com" and one DNS zone. Please
forgive my total newbness when I ask, isn't it
generally one DNS zone per domain, at least by general
default? Say you do have a domain that is 100K+
devices, aren't you limited to one DNS zone
inherently? Or am I completely missing the point and
there are other options?
Thanks again all!
--- joe <listmail@joeware.net> wrote:
> I worked in a very large environment and we used
> QIP, I had no issues with
> it once we were configured. Then we didn't run it
> either, we had DNS/DHCP
> experts (true experts, not people who knew how to
> click on the DNS DHCP
> Management MMC Icons) but this is important in all
> areas of IT management
> and often screwed up. We also didn't run QIP on
> Windows, it was on a unix
> flavor which may have had a lot to do with its
> stability, etc.
>
> I think one of the things we all really liked about
> it was a the ability to
> truly delegate the security to update various
> portions of it and handle it
> through a nice interface. Something that to my
> knowledge is absolutely and
> completely lacking in the MSFT toolbox. Also people
> in the MSFT world still
> seem to think that a single DNS zone of say
> NorthAmerica.Domain.Com is a
> good thing and do it because that is the actual AD
> domain name for that
> region even if it is 100,000+ people and even more
> machines... People like
> to bitch about WINS and then go and design flat DNS
> "hierarchies"... Happy
> Friday.
>
> My biggest complaint I recall was not having
> scavenging on but I spent an
> afternoon and wrote a perl script that did the
> scavenging and never checked
> again to see if they turned QIP's scavenging on.
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> _____
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Laura A. Robinson
> Sent: Thursday, March 20, 2008 3:51 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Non-Windows DHCP in AD
> environment
>
>
>
> Nah, just technotard-software averse. ;-)
>
>
>
> Laura
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Al Mulnick
> Sent: Thursday, March 20, 2008 3:21 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Non-Windows DHCP in AD
> environment
>
>
>
> Wimp.
>
> On Wed, Mar 19, 2008 at 8:43 PM, Laura A. Robinson
> <laurarobinson@verizon.net> wrote:
>
> QIP. <hiss.rattle.hiss>
>
>
>
> Laura
>
>
>
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of Al Mulnick
>
>
>
> I ran into that with QIP several years back. The
> client had QIP and wanted
> to use it (it costs money, so you may as well use it
> right?) but it had a
> few "flaws" and also would only run on a lower rev
> of Windows. Upgrading
> was a hassle because it required a different vendor
> to be involved vs.
> getting it from Microsoft who had already tested
> their own stuff against the
> upgrade (and needed it).
>
>
>
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG.
>
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.519 / Virus Database: 269.21.7/1333 -
> Release Date: 3/18/2008
> 8:10 AM
>
>
>
____________________________________________________________________________
________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008
8:10 PM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008
8:10 PM
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ramstryke
Posts:20
| | 03/21/2008 11:55 AM |
| Ahh, how would you go about automating that.
Would your everyday machine join still initially join
to northamerica.domain.com, thereby having its suffix
the same? Then I guess a GPO could come in behind it
to handle the DNS suffix change?
--- joe <listmail@joeware.net> wrote:
> There is a checkbox on the machines that says
> something like "Change Primary
> DNS suffix when domain membership changes" that is
> by default checked, you
> can uncheckit. There is also a reg key you can dork
> with which is what this
> key ties to, don't recall what it is off the top of
> my head though.
>
> But as Brian indicated, you can have a disjoint
> namespace where the machines
> are not in the same zone as the name of the AD
> Domain. Having several
> hundred thousand machines in a single zone is
> generally silly IMO as would
> be rare that one group of admins manage all of them.
>
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On
> Behalf Of RMS
> Sent: Friday, March 21, 2008 11:12 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Non-Windows DHCP in AD
> environment
>
> Hmm.. I think I understand that. Please bear with
> me
> while I try to hash this out.. How about the
> logistics?
>
> When machines join the northamerica.domain.com
> domain,
> wont they pull domain's name
> "northamerica.domain.com"?
>
> Would having them use a different DNS space, yet
> same
> actual AD domain require some other intervention?
>
>
>
> --- Brian Desmond <brian@briandesmond.com> wrote:
>
> > You can do different dns namespaces so your PCs
> > might be in:
> >
> > pc1.atlanta.northamerica.domain.com
> > pc2.chicago.northamerica.domain.com
> >
> > or
> >
> > pc1.atlanta.someotherdomain.com
> >
> > etc
> >
> > and still just have AD be northamerica.domain.com
> >
> > --brian
> >
> > On Fri, Mar 21, 2008 at 10:49 AM, RMS
> > <ramstryke@yahoo.com> wrote:
> >
> > > Thanks for all the replies folks! I guess it
> > depends
> > > on what we're trying to accomplish, but it seems
> > that
> > > consensus is that it can be done and there is no
> > > problem with using a non-win DHCP system.
> > >
> > > With that said, joe's email brings up another
> > > interesting question I have. My apologies as I
> > > totally go OT..
> > >
> > > The part where joe describes one domain
> > > "NorthAmerica.Domain.Com
> > <http://northamerica.domain.com/>" and one DNS
> > > zone. Please
> > > forgive my total newbness when I ask, isn't it
> > > generally one DNS zone per domain, at least by
> > general
> > > default? Say you do have a domain that is 100K+
> > > devices, aren't you limited to one DNS zone
> > > inherently? Or am I completely missing the
> point
> > and
> > > there are other options?
> > >
> > > Thanks again all!
> > >
> > >
>
>
>
>
>
____________________________________________________________________________
> ________
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search.
>
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.activedir.org/ma/default.aspx
>
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ramstryke
Posts:20
| | 03/21/2008 12:05 PM |
| I totally agree! DNS is far more complex than the
base MS tools and configuration make it out to be.
Your everyday MCSA/E suffers for that unless they go
above and beyond. They keep it wizarded to a point
where most wont care to venture off the reservation.
I guess I need most in help understanding how, on the
MS side of things this could be implemented. Having
machine domain joins not go to the actual DNS name of
the AD domain, but rather to the other chosen
namespace. I'm guessing GPOs could take care of this
by adjusting devices after the fact, but by default
are there mechanisms to facilitate this beforehand?
--- "Laura A. Robinson" <laurarobinson@verizon.net>
wrote:
> By general default, most people build one DNS zone
> per domain, I'd wager,
> but that doesn't mean it's a requirement of DNS that
> it be that way. There
> is an art to DNS design, IMO, and Joe is accurate
> (of course) in his beef
> with MSFT DNS that it doesn't easily expose (or in
> some aspects, support)
> some of the more artful approaches to DNS design.
>
> One of the things about Microsoft's DNS
> implementation is that it was
> introduced as the de facto name resolution mechanism
> for AD without there
> being a large pool of administrators/architects who
> were skilled in DNS at
> the time of its release. Most of the people who
> built MS-DNS in the early
> days of AD were people who had previously worked
> with WINS as their primary
> name resolution mechanism, and DNS had been left to
> "the UNIX guys". This
> lack of industry experience with DNS in the pool of
> Windows administrators
> meant that over the years of the evolution of AD and
> MS-DNS, the DNS
> implementation became wizarded to the nth degree.
> Microsoft receives a HUGE
> number of support calls because of misconfigured
> DNS, so their design
> decisions have often been around making it easier to
> implement a functional
> default than around offering guidance or exposure to
> more complicated
> hierarchical designs.
>
> However, to answer your base question, no, it is not
> a requirement that a
> single AD domain be represented by a single DNS
> zone. You could have an AD
> domain called "northamerica.company.com" with that
> domain being represented
> by, for example, separate DNS zones such as:
>
> Newyork.northeast.northamerica.company.com
> Chicago.midwest.northamerica.company.com
> Dallas.southwest.northamerica.company.com
> Seattle.northwest.northamerica.company.com
> Research.development.internal
> Big.muckety.mucks
> Problem.children.corp
> Northamerica.company.com
>
> There is no requirement that a machine's DNS suffix
> match the name of the AD
> domain of which it is a member, btw. However, the
> simple reality is,
> implementing something other than the default
> requires a solid knowledge of
> DNS that too many people lack, which brings us back
> to design/guidance
> decisions made that produce a functional default
> rather than
> exposing/encouraging design options that, in all
> likelihood, many people
> would muck up.
>
> I used to have a mantra that I would pound into
> people's heads- there is no
> [required] one-to-one mapping of AD domains to DNS
> zones. However, as soon
> as I'd begin my discussion of what I meant by that,
> people's eyes would
> usually glaze over and there'd be a general response
> of, "that's too hard;
> we'll just stick with the default config", and I
> began to see why Microsoft
> had wizarded DNS to death and created a default
> configuration that I have
> never used. I never, ever build AD without building
> DNS first, and I never
> use the default configuration that the AD build
> process constructs if you
> let it. However, I'm either a dinosaur or just
> stubborn, because there are a
> lot of people out there who will happily let dcpromo
> build their DNS and
> live with having 100,000 machines in the same DNS
> zone.
>
> Simply put, it requires more work and knowledge to
> build DNS without a
> one-to-one mapping of AD domain to DNS zone, so most
> people don't do it. The
> companies where I *do* see implementations that
> don't follow that default
> configuration are almost always shops where the UNIX
> guys built DNS.
>
> Just my pennies,
>
> Laura
>
>
>
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|