| Author | Messages | |
AD00000364
Posts:0
 | | 07/12/2006 10:43 AM |
| Hi,
First posting to this list but I've lurked quite a while and I've been very impressed by
the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs. Basically I want
to run backups over a separate GbE and as my servers have dual inbuilt NICs this
seems an obvious route to take. I know there are some issues with DNS (I have
a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows"
------------------------------------------------------------------------Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx, if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.------------------------------------------------------------------------ | | | |
| amulnick
Posts:163
| | 07/12/2006 1:35 AM |
| When you test this, as the others have mentioned, be sure to test the recoverability and the gotchas that come along with bringing up a recovered DC on a multi-homed machine. You'll want to have that documented and thouroughly tested so as not to have to deal with that when under pressure. You may also want to consider an alternative backup method that doesn't require a dedicated network to the DC's.
Just some random thoughts and my $.04 (USD) worth.
Al
On 7/12/06, Jeff Green wrote:
Hi Guys,
Many thanks to all that have responded (and so quickly !)
Points / clarifications / additional Qs
a) DNS multihomed issues
Yes, found that in the MS KB about not "registering this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP settings blank on the second NIC.
b) Browser Issues
Several things in MS KB about this and fixes (including hacking a registry if I remember correctly)
But would Browser issues affect AD operations - I'm talking about replication issues here ?
c) Currently running W2K SP4 + rollups on all DCs - but moving to W2K3.
Sorry should have stated this.
d) Backup
Using BackupExec, which allows binding of remote agents to specific NICs
Have I got everything covered - I can't believe this is an unusual configuration ?
Many Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff GreenSent: 12 July 2006 11:43
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs. Basically I want to run backups over a separate GbE and as my servers have dual inbuilt NICs this
seems an obvious route to take. I know there are some issues with DNS (I have a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
--- Jeff Green Network Support Manager SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows" ------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ ------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| robertrutherford5
Posts:0
| | 07/12/2006 1:55 AM |
| I guess that is very true... on reflection I was using the
separate connection situation on satellite sites, where the DC did have backup
exec loaded.. I hear you *gasp*
Cheers
Robert
RutherfordQuoStar
Solutions Limited
The
Enterprise PavilionFern
BarrowWallisdownPooleDorsetBH12 5HH
T:
+44
(0) 8456
440 331
F:
+44
(0) 8456 440 332
M:
+44
(0) 7974
249 494
E:
robert.rutherford@xxxxxxxxxxx
W:
www.quostar.com
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al
MulnickSent: 12 July 2006 14:36To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Multihomed
Domain Controllers
Personally, I've never used that configuration for a DC. Since being
bit in the nt4.0 days (before that really, but hate to show the age :) I've had
architectural reasons to not do that. Since AD is made up of a
multi-master fabric, I have had no reason at all to require an isolated network
dedicated to backups. I get the feeling in your case it's just a nice to
have vs. a requirement since you have the hardware and figure why not put it to
use. You'd be a rare exception if the size of the dit is large enough to
require such a configuration. Saying that, is it possible? Most
likley. Will it be difficult when/if you call for support for some other
issue to explain to the engineer that you have a mutli-homed DC? Most
likely. Does it break the "keep it as simple as possible while meeting the
requirements?" rule? Most likley.
When you test this, as the others have mentioned, be sure to test the
recoverability and the gotchas that come along with bringing up a recovered DC
on a multi-homed machine. You'll want to have that documented and
thouroughly tested so as not to have to deal with that when under
pressure. You may also want to consider an alternative backup method that
doesn't require a dedicated network to the DC's.
Just some random thoughts and my $.04 (USD) worth.
Al
On 7/12/06, Jeff
Green Jeff_Green@xxxxxxxxxxxxx>
wrote:
Hi
Guys,
Many thanks to all that have responded
(and so quickly !)
Points /
clarifications / additional Qs
a) DNS multihomed
issues
Yes, found that in the MS KB about not
"registering this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP
settings blank on the second NIC.
b) Browser Issues
Several things in MS KB about this and
fixes (including hacking a registry if I remember
correctly)
But would Browser issues affect AD
operations - I'm talking about replication issues here ?
c) Currently running W2K SP4 + rollups
on all DCs - but moving to W2K3.
Sorry
should have stated this.
d) Backup
Using
BackupExec, which allows binding of remote agents to specific
NICs
Have I got
everything covered - I can't believe this is an unusual configuration
?
Many Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff
GreenSent: 12 July 2006 11:43
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed Domain
Controllers
Hi,
First posting to this list
but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having
multihomed DCs. Basically I want to run
backups over a separate GbE and as my servers have dual inbuilt NICs this
seems an obvious route to take. I know
there are some issues with DNS (I have a
DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many
Thanks,
--- Jeff
Green Network Support Manager
SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios
... She dreams of flowers in a field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and may
contain confidential, privileged and non-disclosable information. If the
recipient of this email is not the addressee, such recipient is strictly
prohibited from reading, photocopying, distribution or otherwise using this
email or its contents in any way. Please notify the Sapiens (UK) Ltd.
Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx , if you have received this
email in error.Disclaimer: The views, opinions and guidelines
contained in this confidential e-mail are those of the originating author and
may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
------------------------------------------------------------------------
Confidentiality Note: The information contained in this
email and document(s) attached are for the exclusive use of the addressee and
may contain confidential, privileged and non-disclosable information. If the
recipient of this email is not the addressee, such recipient is strictly
prohibited from reading, photocopying, distribution or otherwise using this
email or its contents in any way. Please notify the Sapiens (UK) Ltd.
Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx , if you have received this
email in error.Disclaimer: The views, opinions and guidelines
contained in this confidential e-mail are those of the originating author and
may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| sbradcpa
Posts:496
| | 07/12/2006 2:00 AM |
| | Message body was not found. | | | |
| kevinbrunson
Posts:75
| | 07/12/2006 2:13 AM |
| The one gotcha I have seen (only once
though), was that somehow multihoming a 2000 DC corrupted a couple of registry
keys. I think KB 888048 appeared a few days after the 8 hour phone call with
MS. Basically the dc no longer had a DNS name. Needless to say that caused
problems. But as long as you know which registry keys to change if it goes
bad, you should be fine. I have seen a multitude of multihomed domain
controllers since with no issues.
Kevin Brunson
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff Green
Sent: Wednesday, July 12, 2006
5:43 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed
Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've been very
impressed by
the
quality of replies by the gurus.
My
question is regarding the advisability of having multihomed DCs. Basically I
want
to run
backups over a separate GbE and as my servers have dual inbuilt NICs this
seems
an obvious route to take. I know there are some issues with DNS (I have
a DNS
integrated AD).
Would
this cause replication problems, etc ?
Any
other "gotchas" ?
Many Thanks,
---
Jeff
Green
Network
Support Manager
SAPIENS
(UK)
Ltd
t: +44
(0)1895 464228 f: +44 (0)1895 463098
"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this email in
error.
Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| amulnick
Posts:163
| | 07/12/2006 2:21 AM |
| Satellite links? Permanent ones? Or mobile? ;-)
On 7/12/06, Robert Rutherford wrote:
I guess that is very true... on reflection I was using the separate connection situation on satellite sites, where the DC did have backup exec loaded.. I hear you *gasp*
Cheers
Robert Rutherford
QuoStar Solutions Limited
The Enterprise PavilionFern BarrowWallisdownPooleDorsetBH12 5HH
T:
+44 (0) 8456 440 331
F:
+44 (0) 8456 440 332
M:
+44 (0) 7974 249 494
E:
robert.rutherford@xxxxxxxxxxx
W:
www.quostar.com
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al MulnickSent:
12 July 2006 14:36
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
Personally, I've never used that configuration for a DC. Since being bit in the nt4.0 days (before that really, but hate to show the age :) I've had architectural reasons to not do that. Since AD is made up of a multi-master fabric, I have had no reason at all to require an isolated network dedicated to backups. I get the feeling in your case it's just a nice to have vs. a requirement since you have the hardware and figure why not put it to use. You'd be a rare exception if the size of the dit is large enough to require such a configuration. Saying that, is it possible? Most likley. Will it be difficult when/if you call for support for some other issue to explain to the engineer that you have a mutli-homed DC? Most likely. Does it break the "keep it as simple as possible while meeting the requirements?" rule? Most likley.
When you test this, as the others have mentioned, be sure to test the recoverability and the gotchas that come along with bringing up a recovered DC on a multi-homed machine. You'll want to have that documented and thouroughly tested so as not to have to deal with that when under pressure. You may also want to consider an alternative backup method that doesn't require a dedicated network to the DC's.
Just some random thoughts and my $.04 (USD) worth.
Al
On 7/12/06, Jeff Green wrote:
Hi Guys,
Many thanks to all that have responded (and so quickly !)
Points / clarifications / additional Qs
a) DNS multihomed issues
Yes, found that in the MS KB about not "registering this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP settings blank on the second NIC.
b) Browser Issues
Several things in MS KB about this and fixes (including hacking a registry if I remember correctly)
But would Browser issues affect AD operations - I'm talking about replication issues here ?
c) Currently running W2K SP4 + rollups on all DCs - but moving to W2K3.
Sorry should have stated this.
d) Backup
Using BackupExec, which allows binding of remote agents to specific NICs
Have I got everything covered - I can't believe this is an unusual configuration ?
Many Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff GreenSent: 12 July 2006 11:43
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs. Basically I want to run backups over a separate GbE and as my servers have dual inbuilt NICs this
seems an obvious route to take. I know there are some issues with DNS (I have a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
--- Jeff Green Network Support Manager SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of flowers in a field of sunny bungalows" ------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ ------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and may contain confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distribution or otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail immediately at networksupport@xxxxxxxxxxxxx
, if you have received this email in error.Disclaimer: The views, opinions and guidelines contained in this confidential e-mail are those of the originating author and may not be representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| AD000001356
Posts:0
| | 07/12/2006 2:37 AM |
| Couple of points. Most have probably been
covered, or read by you:
Clearly label the NICs, e.g. LAN00 and
BACKUP00.
Adjust the binding order so that LAN00 is above
BACKUP00.
If you don't require NetBT, disable it on
BACKUP00 (BackupExec will most likely not like you if you disable
this).
Forget about the Advanced TCP/IP DNS option
"Don't register in DNS". There is a hotfix, and it's supposed to be in
SP1, but I'm still seeing A records registered in DNS in my lab when I don't
want them in there, so use the necessary registry key
DisableDynamicUpdate on the NIC BACKUP00.
Only have a gateway on LAN00
Bind the BackupExec agent to BACKUP00
only.
If the backup LAN is routed, define persistent
routes in the routing table.
Brower operations won't affect AD. If you
have bad entries in DNS, that will cause issues so check DNS.
OS Shouldn't matter. I've implemented
multi-homed systems many times in the past, and have been messing around with
NLB and LDAP on DCs (in Unicast mode -requires a second NIC) over the last
couple of days without any issues. DNS is the main issue. There
can be some issues with NetBT/ WINS, but I personally wouldn't use LMHOSTS or
WINS on the BACKUP00 NIC.
That's a few points based on what I'm doing in
the lab. Main thing is to test your configuration. In the last place
I worked we used a dedicated backup LAN. No issues worth noting (in other
words it worked and I don't remember any issues), and that was a mixed NT 4, 2k
and k3 environment.
Dedicated systems management LANs are also a good
idea, e.g. iLO, etc.
--Paul
----- Original Message -----
From:
Jeff
Green
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, July 12, 2006 1:03
PM
Subject: RE: [ActiveDir] Multihomed
Domain Controllers
Hi Guys,
Many thanks to all that have responded
(and so quickly !)
Points / clarifications / additional
Qs
a) DNS multihomed
issues
Yes, found that in the MS KB about not
"registering this connection in DNS" on the second NIC.
Also leave the gateway / DNS TCP/IP
settings blank on the second NIC.
b) Browser
Issues
Several things in MS KB about this and
fixes (including hacking a registry if I remember
correctly)
But would Browser issues affect AD
operations - I'm talking about replication issues here ?
c) Currently running
W2K SP4 + rollups on all DCs - but moving to W2K3.
Sorry
should have stated this.
d)
Backup
Using BackupExec, which allows binding of remote agents to specific
NICs
Have I got everything covered - I can't believe this is
an unusual configuration ?
Many Thanks
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff
GreenSent: 12 July 2006 11:43To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Multihomed Domain
Controllers
Hi,
First posting to this list
but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having
multihomed DCs. Basically I want to run
backups over a separate GbE and as my servers have dual inbuilt NICs
this seems an obvious route to take. I know
there are some issues with DNS (I have a
DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many
Thanks,
--- Jeff
Green Network Support Manager
SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios
... She dreams of flowers in a field of sunny bungalows"
------------------------------------------------------------------------Confidentiality
Note: The information contained in this email and document(s) attached are for
the exclusive use of the addressee and may contain confidential, privileged
and non-disclosable information. If the recipient of this email is not the
addressee, such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.Disclaimer: The views, opinions and guidelines
contained in this confidential e-mail are those of the originating author and
may not be representative of Sapiens (UK)
Ltd.------------------------------------------------------------------------
------------------------------------------------------------------------Confidentiality
Note: The information contained in this email and document(s) attached are for
the exclusive use of the addressee and may contain confidential, privileged
and non-disclosable information. If the recipient of this email is not the
addressee, such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.Please notify the Sapiens (UK) Ltd. Systems Administrator via
e-mail immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.Disclaimer: The views, opinions and guidelines
contained in this confidential e-mail are those of the originating author and
may not be representative of Sapiens (UK)
Ltd.------------------------------------------------------------------------ | | | |
| solinear@xxxx.yyy
| | 07/12/2006 2:53 AM |
| The one gotcha I have seen (only once
though), was that somehow multihoming a 2000 DC corrupted a couple of registry
keys. I think KB 888048 appeared a few days after the 8 hour phone call with
MS. Basically the dc no longer had a DNS name. Needless to say that caused
problems. But as long as you know which registry keys to change if it goes
bad, you should be fine. I have seen a multitude of multihomed domain
controllers since with no issues.
Kevin Brunson
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Jeff Green
Sent: Wednesday, July 12, 2006
5:43 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multihomed
Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've been very
impressed by
the
quality of replies by the gurus.
My
question is regarding the advisability of having multihomed DCs. Basically I
want
to run
backups over a separate GbE and as my servers have dual inbuilt NICs this
seems
an obvious route to take. I know there are some issues with DNS (I have
a DNS
integrated AD).
Would
this cause replication problems, etc ?
Any
other "gotchas" ?
Many Thanks,
---
Jeff
Green
Network
Support Manager
SAPIENS
(UK)
Ltd
t: +44
(0)1895 464228 f: +44 (0)1895 463098
"I
dream of hover cars and old transistor radios ... She dreams of flowers in a
field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain
confidential, privileged and non-disclosable information. If the recipient of
this email is not the addressee, such recipient is strictly prohibited from
reading, photocopying, distribution or otherwise using this email or its
contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this email in
error.
Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of
Sapiens (UK) Ltd.
------------------------------------------------------------------------ | | | |
| sbradcpa
Posts:496
| | 07/12/2006 3:40 AM |
| In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
You might want to then create entries in the host file on the backup
server so that you guarantee that the backup server always uses the
right network connection.
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
Rutherford
*Sent:* 12 July 2006 12:57
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
No issues, if you...
Go to the TCP/IP settings of the backup network card, click advanced,
goto the DNS tab and untick register the connection in DNS.
Cheers,
Rob
*Robert Rutherford*
*QuoStar Solutions Limited*
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
*T:*
+44 (0) 8456 440 331
*F:*
+44 (0) 8456 440 332
*M:*
+44 (0) 7974 249 494
*E: *
robert.rutherford@xxxxxxxxxxx
*W: *
www.quostar.com
------------------------------------------------------------------------
**From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
*Sent:* 12 July 2006 11:43
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've
been very impressed by
the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs.
Basically I want
to run backups over a separate GbE and as my servers have dual inbuilt
NICs this
seems an obvious route to take. I know there are some issues with DNS
(I have
a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of
flowers in a field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and
may contain confidential, privileged and non-disclosable information.
If the recipient of this email is not the addressee, such recipient is
strictly prohibited from reading, photocopying, distribution or
otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may not be
representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| AD000001600
Posts:0
| | 07/12/2006 3:59 AM |
| So how many DC's do you have? What is your DIT size like to warrant
going through all this trouble? Are there other applications that you
need to backup on the DC's that are requiring full backups of all your
DC's. With most environments getting the system state from a DC/GC in
each domain should be enough to allow you to do whatever authoritative
restores that you need. Now if you have other apps that you need to do a
large data backups of then this may be required. Yes you can do
multiple nic's on DC's and quite a few organizations do however it
definitely would not fall under best practices for Domain Controllers.
Kurt Falde
Premier Field Engineer
Northeast Region
Microsoft Corporation
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
>
------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS.
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
>
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
>
> robert.rutherford@xxxxxxxxxxx
>
> *W: *
>
>
>
> www.quostar.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
------------------------------------------------------------------------
>
>
>
>
>
> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
> First posting to this list but I've lurked quite a while and I've
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs.
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt
> NICs this
> seems an obvious route to take. I know there are some issues with DNS
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows"
>
>
>
------------------------------------------------------------------------
> Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx, if you have received this
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this
> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.
>
------------------------------------------------------------------------
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| listmail
Posts:824
| | 07/12/2006 4:12 AM |
| But I hope we still have the option of doing so... I use the hosts file on
a regular basis to redirect the localhost name to the machine's IP instead
of to 127.blah and then stick in route statements so all locally directed
traffic bounces out to a router and back so I can look at the network traces
of the traffic.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
Do not read this worthless blog entry on Defending Security Infrastructures
- http://blog.joeware.net/2006/07/11/445/ --- I'm serious, you will learn
absolutely nothing about Defending Security Infrastructures.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 11:41 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
> ------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS.
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
>
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
>
> robert.rutherford@xxxxxxxxxxx
>
> *W: *
>
>
>
> www.quostar.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
>
>
> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
> First posting to this list but I've lurked quite a while and I've
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs.
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt
> NICs this
> seems an obvious route to take. I know there are some issues with DNS
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows"
>
>
> ------------------------------------------------------------------------
> Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx, if you have received this
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this
> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.
> ------------------------------------------------------------------------
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will
hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| deji
Posts:262
| | 07/12/2006 4:29 AM |
| Susan,
there are still valid reasons for using hosts file even in an enterprise. I believe that we went through this a couple of months ago.
NB: Not to encourage joe or anything like that. I just need to point out that my statement above may be intepreted to imply that hosts files have a role to play in the whole big "Defending Security Infrastructure" realm; for example, if your "Defending Security Infrastructure" service delivery plans does NOT include a robust "split-brain" DNS infrastructure. Of course, a "Defending Security Infrastructure" plan that does not include that is not worth the name "Defending Security Infrastructure plan" at all and does not belong in the "Defending Security Infrastructure" big black ops book.
Now I crawl back into my heavily-defended "Defending Security Infrastructure" bunker - or castle - or cave.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.com -5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Wed 7/12/2006 8:40 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
> ------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS.
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
>
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
>
> robert.rutherford@xxxxxxxxxxx
>
> *W: *
>
>
>
> www.quostar.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
>
>
> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
> First posting to this list but I've lurked quite a while and I've
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs.
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt
> NICs this
> seems an obvious route to take. I know there are some issues with DNS
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows"
>
>
> ------------------------------------------------------------------------
> Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx, if you have received this
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this
> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.
> ------------------------------------------------------------------------
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| kevinbrunson
Posts:75
| | 07/12/2006 4:59 AM |
| I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites. This guy has a great list :
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=host
s
Just cut and paste into the hosts file and you are good to go. I
scripted it for all of the servers I deal with. But I guess this is
getting pretty far OT: :)
Kevin
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 10:41 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
>
------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS.
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
>
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
>
> robert.rutherford@xxxxxxxxxxx
>
> *W: *
>
>
>
> www.quostar.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
------------------------------------------------------------------------
>
>
>
>
>
> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
> First posting to this list but I've lurked quite a while and I've
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs.
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt
> NICs this
> seems an obvious route to take. I know there are some issues with DNS
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows"
>
>
>
------------------------------------------------------------------------
> Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx, if you have received this
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this
> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.
>
------------------------------------------------------------------------
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| habr
Posts:0
| | 07/12/2006 5:28 AM |
| Could someone please tell me
what all this "Defending Security Infrastructure" stuff is about? Even
though joe said "Do not read about "Defending Security Infrastructure"" on his
blog, I went there and read all about what he wrote about "Defending Security
Infrastructure" because I literally hang off every word joe writes, and he wrote
about "Defending Security Infrastructure" and I wanted to know what his thoughts
were on"Defending Security Infrastructure". But interestingly enough, joe
didn't have much to say about "Defending Security Infrastructure" so I queried
other avenues on "Defending Security Infrastructure" and there sure is a lot on
the subject of "Defending Security Infrastructure" but I couldn't really distill
it. So now I'm going to have to keep watching the joedog blog on "Defending
Security Infrastructure", because if joe talks about "Defending Security
Infrastructure", then "Defending Security Infrastructure" is probably pretty
important.
_____________________________________________________________________
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Deji
AkomolafeSent: 12 July, 2006 12:29 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multihomed
Domain Controllers
Susan,
there are still valid reasons for using
hosts file even in an enterprise. I believe that we went through this a couple
of months ago.
NB: Not to encourage joe or anything like that. I just need to
point out that my statement above may be intepreted to imply that
hosts files have a role to play in the whole big "Defending Security
Infrastructure" realm; for example, if your "Defending
Security Infrastructure" service delivery plans does NOT include a
robust "split-brain" DNS infrastructure. Of course, a "Defending Security
Infrastructure" plan that does not include that is not worth the name
"Defending Security Infrastructure plan" at all and does not belong in
the "Defending Security Infrastructure" big black ops book.
Now I crawl back into my heavily-defended "Defending Security
Infrastructure" bunker - or castle - or cave.
Sincerely,
_____
(, / |
/)
/) /) /---|
(/_ ______ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)
(/ Microsoft MVP - Directory
Serviceswww.readymaids.com - we know ITwww.akomolafe.com -5.75,
-3.23Do you now realize that Today
is the Tomorrow you were worried about Yesterday?
-anon
From: Susan Bradley, CPA aka Ebitz - SBS Rocks
[MVP]Sent: Wed 7/12/2006 8:40 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Multihomed
Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
> You might want to then create entries in the host file on the backup
> server so that you guarantee that the backup server always uses the
> right network connection.
>
>
>
> ------------------------------------------------------------------------
>
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
> Rutherford
> *Sent:* 12 July 2006 12:57
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>
>
>
> No issues, if you...
>
>
>
> Go to the TCP/IP settings of the backup network card, click advanced,
> goto the DNS tab and untick register the connection in DNS.
>
>
>
> Cheers,
>
>
>
> Rob
>
>
>
>
>
>
>
>
>
> *Robert Rutherford*
> *QuoStar Solutions Limited*
>
>
> The Enterprise Pavilion
> Fern Barrow
> Wallisdown
> Poole
> Dorset
> BH12 5HH
>
>
>
>
>
>
>
>
> *T:*
>
>
>
> +44 (0) 8456 440 331
>
> *F:*
>
>
>
> +44 (0) 8456 440 332
>
> *M:*
>
>
>
> +44 (0) 7974 249 494
>
> *E: *
>
>
>
> robert.rutherford@xxxxxxxxxxx
>
> *W: *
>
>
>
> www.quostar.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
>
>
> **From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
> *Sent:* 12 July 2006 11:43
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* [ActiveDir] Multihomed Domain Controllers
>
> Hi,
>
> First posting to this list but I've lurked quite a while and I've
> been very impressed by
> the quality of replies by the gurus.
>
> My question is regarding the advisability of having multihomed DCs.
> Basically I want
> to run backups over a separate GbE and as my servers have dual inbuilt
> NICs this
> seems an obvious route to take. I know there are some issues with DNS
> (I have
> a DNS integrated AD).
>
> Would this cause replication problems, etc ?
>
> Any other "gotchas" ?
>
>
>
> Many Thanks,
>
> ---
> Jeff Green
> Network Support Manager
> SAPIENS (UK) Ltd
> t: +44 (0)1895 464228 f: +44 (0)1895 463098
>
> "I dream of hover cars and old transistor radios ... She dreams of
> flowers in a field of sunny bungalows"
>
>
> ------------------------------------------------------------------------
> Confidentiality Note: The information contained in this email and
> document(s) attached are for the exclusive use of the addressee and
> may contain confidential, privileged and non-disclosable information.
> If the recipient of this email is not the addressee, such recipient is
> strictly prohibited from reading, photocopying, distribution or
> otherwise using this email or its contents in any way.
>
> Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
> immediately at networksupport@xxxxxxxxxxxxx, if you have received this
> email in error.
>
> Disclaimer: The views, opinions and guidelines contained in this
> confidential e-mail are those of the originating author and may not be
> representative of Sapiens (UK) Ltd.
> ------------------------------------------------------------------------
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| sbradcpa
Posts:496
| | 07/12/2006 5:45 AM |
| You surf on your servers?
My servers go to WU/MU...and maybe to Joe's blog for information on
Defending Security Infrastructure..iin fact they regularly hang out on
Joe's blog for all the information I need to know on Defending
Security Infrastructure.. in fact
http://blog.joeware.net/2006/07/11/445/ that link is the home page so
that I'm constantly reminded about Defending Security Infrastructur
..but other than that... they don't have antispyware because they don't
go anywhere to get spyware and the Enhanced IE is still on there.
Kevin Brunson wrote:
I have definitely found the hosts file to be useful on servers to keep
them from EVER getting to spyware sites. This guy has a great list :
http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=host
s
Just cut and paste into the hosts file and you are good to go. I
scripted it for all of the servers I deal with. But I guess this is
getting pretty far OT: :)
Kevin
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 10:41 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
In the year 2006.. I hope we are still not making host file entries on
servers and workstations.... :-)
Peter Johnson wrote:
You might want to then create entries in the host file on the backup
server so that you guarantee that the backup server always uses the
right network connection.
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
Rutherford
*Sent:* 12 July 2006 12:57
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
No issues, if you...
Go to the TCP/IP settings of the backup network card, click advanced,
goto the DNS tab and untick register the connection in DNS.
Cheers,
Rob
*Robert Rutherford*
*QuoStar Solutions Limited*
The Enterprise Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12 5HH
*T:*
+44 (0) 8456 440 331
*F:*
+44 (0) 8456 440 332
*M:*
+44 (0) 7974 249 494
*E: *
robert.rutherford@xxxxxxxxxxx
*W: *
www.quostar.com
------------------------------------------------------------------------
**From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
*Sent:* 12 July 2006 11:43
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* [ActiveDir] Multihomed Domain Controllers
Hi,
First posting to this list but I've lurked quite a while and I've
been very impressed by
the quality of replies by the gurus.
My question is regarding the advisability of having multihomed DCs.
Basically I want
to run backups over a separate GbE and as my servers have dual inbuilt
NICs this
seems an obvious route to take. I know there are some issues with DNS
(I have
a DNS integrated AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many Thanks,
---
Jeff Green
Network Support Manager
SAPIENS (UK) Ltd
t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ... She dreams of
flowers in a field of sunny bungalows"
------------------------------------------------------------------------
Confidentiality Note: The information contained in this email and
document(s) attached are for the exclusive use of the addressee and
may contain confidential, privileged and non-disclosable information.
If the recipient of this email is not the addressee, such recipient is
strictly prohibited from reading, photocopying, distribution or
otherwise using this email or its contents in any way.
Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this
email in error.
Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may not be
representative of Sapiens (UK) Ltd.
------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| kevinbrunson
Posts:75
| | 07/12/2006 6:35 AM |
| I only surf on the big ones. The small ones just don't catch the waves
right.
I don't even let them go to Windows Update. WSUS connections configured
through Group Policy are about as far as I want them to go to the
internet. The problem is users, and in many cases admins. I get a
server just right, go back to my office, and by the time I get back
they've already installed 15 programs ending in "zilla".
And of course no self-respecting admin can get a $150000 Citrix
infrastructure without immediately giving every STINKING user a desktop.
Forget published apps. Forget everything that made it worth investing
any money whatsoever, let's just give them a STINKING desktop. Sorry, I
guess I must have let all of my thinking about Defending Security
Infrastructure get to my head.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, July 12, 2006 12:45 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Multihomed Domain Controllers
You surf on your servers?
My servers go to WU/MU...and maybe to Joe's blog for information on
Defending Security Infrastructure..iin fact they regularly hang out on
Joe's blog for all the information I need to know on Defending
Security Infrastructure.. in fact
http://blog.joeware.net/2006/07/11/445/ that link is the home page so
that I'm constantly reminded about Defending Security Infrastructur
..but other than that... they don't have antispyware because they don't
go anywhere to get spyware and the Enhanced IE is still on there.
Kevin Brunson wrote:
>I have definitely found the hosts file to be useful on servers to keep
>them from EVER getting to spyware sites. This guy has a great list :
>http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hos
t
>s
>
>Just cut and paste into the hosts file and you are good to go. I
>scripted it for all of the servers I deal with. But I guess this is
>getting pretty far OT: :)
>Kevin
>
>-----Original Message-----
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
>CPA aka Ebitz - SBS Rocks [MVP]
>Sent: Wednesday, July 12, 2006 10:41 AM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: Re: [ActiveDir] Multihomed Domain Controllers
>
>In the year 2006.. I hope we are still not making host file entries on
>servers and workstations.... :-)
>
>Peter Johnson wrote:
>
>
>
>>You might want to then create entries in the host file on the backup
>>server so that you guarantee that the backup server always uses the
>>right network connection.
>>
>>
>>
>>
>>
>>
>-----------------------------------------------------------------------
-
>
>
>>*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Robert
>>Rutherford
>>*Sent:* 12 July 2006 12:57
>>*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>>*Subject:* RE: [ActiveDir] Multihomed Domain Controllers
>>
>>
>>
>>No issues, if you...
>>
>>
>>
>>Go to the TCP/IP settings of the backup network card, click advanced,
>>goto the DNS tab and untick register the connection in DNS.
>>
>>
>>
>>Cheers,
>>
>>
>>
>>Rob
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>*Robert Rutherford*
>>*QuoStar Solutions Limited*
>>
>>
>>The Enterprise Pavilion
>>Fern Barrow
>>Wallisdown
>>Poole
>>Dorset
>>BH12 5HH
>>
>>
>>
>>
>>
>>
>>
>>
>>*T:*
>>
>>
>>
>>+44 (0) 8456 440 331
>>
>>*F:*
>>
>>
>>
>>+44 (0) 8456 440 332
>>
>>*M:*
>>
>>
>>
>>+44 (0) 7974 249 494
>>
>>*E: *
>>
>>
>>
>>robert.rutherford@xxxxxxxxxxx
>>
>>*W: *
>>
>>
>>
>>www.quostar.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>-----------------------------------------------------------------------
-
>
>
>>
>>
>>
>>
>>**From:** ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Jeff Green
>>*Sent:* 12 July 2006 11:43
>>*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
>>*Subject:* [ActiveDir] Multihomed Domain Controllers
>>
>>Hi,
>>
>> First posting to this list but I've lurked quite a while and I've
>>
>>
>
>
>
>>been very impressed by
>>the quality of replies by the gurus.
>>
>>My question is regarding the advisability of having multihomed DCs.
>>Basically I want
>>to run backups over a separate GbE and as my servers have dual inbuilt
>>
>>
>
>
>
>>NICs this
>>seems an obvious route to take. I know there are some issues with DNS
>>(I have
>>a DNS integrated AD).
>>
>>Would this cause replication problems, etc ?
>>
>>Any other "gotchas" ?
>>
>>
>>
>> Many Thanks,
>>
>>---
>>Jeff Green
>>Network Support Manager
>>SAPIENS (UK) Ltd
>>t: +44 (0)1895 464228 f: +44 (0)1895 463098
>>
>>"I dream of hover cars and old transistor radios ... She dreams of
>>flowers in a field of sunny bungalows"
>>
>>
>>
>>
>>
>-----------------------------------------------------------------------
-
>
>
>>Confidentiality Note: The information contained in this email and
>>document(s) attached are for the exclusive use of the addressee and
>>may contain confidential, privileged and non-disclosable information.
>>If the recipient of this email is not the addressee, such recipient is
>>
>>
>
>
>
>>strictly prohibited from reading, photocopying, distribution or
>>otherwise using this email or its contents in any way.
>>
>>Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
>>immediately at networksupport@xxxxxxxxxxxxx, if you have received this
>>
>>
>
>
>
>>email in error.
>>
>>Disclaimer: The views, opinions and guidelines contained in this
>>confidential e-mail are those of the originating author and may not be
>>
>>
>
>
>
>>representative of Sapiens (UK) Ltd.
>>
>>
>>
>-----------------------------------------------------------------------
-
>
>
>
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I
will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx | | | |
| solinear@xxxx.yyy
| | 07/12/2006 8:46 AM |
| | Message body was not found. | | | |
| kevinbrunson
Posts:75
| | 07/12/2006 9:06 AM |
| Sorry, forgive me for my lack of clarity.
I was on the phone with Microsoft when I wrote that, so my head was
shrinking¦. But don™t worry, they refunded my case.
I agree with you 100%.
My rant was purely referring to the
desktop published app, not a physical workstation. I was ranting about
admins who can™t seem to understand that citrix costs more than rdp, but
that is about the only difference if every user is connecting to the citrix
desktop instead of published apps. Especially since they don™t want
to lock the users down on the citrix servers.
Wow, it™s a long way from multihomed
domain controllers to Citrix and desktops vs. thin clients.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Matt Hargraves
Sent: Wednesday, July 12, 2006
3:46 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir]
Multihomed Domain Controllers
Not so sure I agree with that. Thin clients work just fine,
require less maintenance and can be replaced in 5 minutes, vs. the 3 hour
argument that you'll get if you try replacing someone's desktop because they
saved 190000 items that have nothing to do with their job on the local hard
drive.
Then again, desktops are about as expensive nowadays as thin clients, so the
justification for thin clients isn't what it used to be. | | | |
| robertrutherford5
Posts:0
| | 07/12/2006 10:57 AM |
| No issues, if you...
Go to the TCP/IP settings of the backup network card, click
advanced, goto the DNS tab and untick register the connection in
DNS.
Cheers,
Rob
Robert
RutherfordQuoStar
Solutions Limited
The
Enterprise PavilionFern
BarrowWallisdownPooleDorsetBH12 5HH
T:
+44
(0) 8456
440 331
F:
+44
(0) 8456 440 332
M:
+44
(0) 7974
249 494
E:
robert.rutherford@xxxxxxxxxxx
W:
www.quostar.com
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Jeff GreenSent: 12 July 2006 11:43To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Multihomed Domain
Controllers
Hi,
First posting to this list
but I've lurked quite a while and I've been very impressed by the quality of replies by the gurus.
My question is regarding the advisability of having
multihomed DCs. Basically I want to run
backups over a separate GbE and as my servers have dual inbuilt NICs this
seems an obvious route to take. I know there are
some issues with DNS (I have a DNS integrated
AD).
Would this cause replication problems, etc ?
Any other "gotchas" ?
Many
Thanks,
--- Jeff
Green Network Support Manager
SAPIENS (UK) Ltd t: +44 (0)1895 464228 f: +44 (0)1895 463098
"I dream of hover cars and old transistor radios ...
She dreams of flowers in a field of sunny bungalows"
------------------------------------------------------------------------Confidentiality
Note: The information contained in this email and document(s) attached are for
the exclusive use of the addressee and may contain confidential, privileged and
non-disclosable information. If the recipient of this email is not the
addressee, such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any
way.Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail
immediately at networksupport@xxxxxxxxxxxxx, if you have received this email in
error.Disclaimer: The views, opinions and guidelines contained in this
confidential e-mail are those of the originating author and may not be
representative of Sapiens (UK)
Ltd.------------------------------------------------------------------------ | | | |
| AD00000804
Posts:0
| | 07/12/2006 11:15 AM |
| There were known issues with NT 4.0 with WINS resolution for when WINS packets were lost trying to return through the 2nd NIC using multi-homed DCs. But I've have heard that this isn't the case in Windows 2000/2003. Otherwise you are probably OK but double-check DNS as well per the other email.
Regards,
Chuck | | | |
|
|