| Author | Messages | |
Brad.Smith@xxxx.yyy
 | | 09/26/2005 2:01 AM |
| Hello
All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a handful
of users authenticate to that DC as a pilot. I want to repeat this about
10 times over my largest sites (where different applications and downlevel
client exist) to assess the changes in behaviour before taking the plunge with
the remaining clients. Most subnets in this exercise cater for over
500 clients, and I want to find the easiest way to re-direct 5 clients to the
W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. | | | |
| ZJORZ
Posts:100
| | 09/26/2005 2:30 AM |
| Hi,
You cannot tell which user
authenticates to which DC. Clients determine their authenticating DC querying DC
for a SRV RR. With SRV RRs you designate a weight factor and a priority factor.
By default the weight is set to 100 and the priority is set to
0.
SRV RRs with the same priority
are treated as equal and are load balanced by DNS (round robin if enabled -
which by default is in w2k/w2k3).
SRV RRs with a lower priority
value are used first before using SRV RRS with higher values
SRV RRs with higher weight
values are used more frequent than SRV RRs with lower values. If you have SRV RR
with weight = 50 and another with weight = 100. The SRV RR with weight = 100
will be used twice as more as the SRV RR with weight = 50
The only way I can think of
right now to designate a certain DC to users is to create a separate AD site,
place that W2K3 DC in it and assign existing AD subnets to that site where the
new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3
as a DC for authentication
Don't forget that you must
update the schema first before you introduce w2k3 DCs. Downlevel clients are not
AD site aware. You can make them site aware by installing the
DSClient.
For more info on what you are
asking see:
MS-KBQ314649_W2K3 ADPREP Command
Causes Mangled Attributes in W2K Forests That Contain E2K
Servers
MS-KBQ325379_How to Upgrade
Windows 2000 Domain Controllers to Windows Server 2003
MS-KBQ555040_Common Mistakes
When Upgrade Windows 2000 Domain To Windows 2003
MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from
completing in Windows 2000
MS-KBQ555038_How to
enable Windows 98-ME-NT clients to logon to Windows 2003 based
Domains
Cheers,
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith,
BradSent: Monday, September 26, 2005 16:00To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 2003 DC Deployment
Question.
Hello
All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a handful
of users authenticate to that DC as a pilot. I want to repeat this about
10 times over my largest sites (where different applications and downlevel
client exist) to assess the changes in behaviour before taking the plunge with
the remaining clients. Most subnets in this exercise cater for over
500 clients, and I want to find the easiest way to re-direct 5 clients to the
W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are
confidential and copyright protected. If you are not the addressee, any
dissemination of this communication is strictly prohibited. Unless otherwise
expressly agreed in writing, nothing stated in this communication shall be
legally binding.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
| Brad.Smith@xxxx.yyy
| | 09/26/2005 2:42 AM |
| Jorge,
Thanks for the links. I have already got my schema upgrades done, but your
comments light up another possible option. What if I weighted the new DC with a
really low SRV weight such as 5. Would this mean that a very small number
of clients would authenticate against it, or would each client weigh up 100 Vs 5
and choose the 100?
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: 26 September 2005 15:29To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 2003 DC
Deployment Question.
Hi,
You cannot tell which user
authenticates to which DC. Clients determine their authenticating DC querying DC
for a SRV RR. With SRV RRs you designate a weight factor and a priority factor.
By default the weight is set to 100 and the priority is set to
0.
SRV RRs with the same priority
are treated as equal and are load balanced by DNS (round robin if enabled -
which by default is in w2k/w2k3).
SRV RRs with a lower priority
value are used first before using SRV RRS with higher values
SRV RRs with higher weight
values are used more frequent than SRV RRs with lower values. If you have SRV RR
with weight = 50 and another with weight = 100. The SRV RR with weight = 100
will be used twice as more as the SRV RR with weight = 50
The only way I can think of
right now to designate a certain DC to users is to create a separate AD site,
place that W2K3 DC in it and assign existing AD subnets to that site where the
new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3
as a DC for authentication
Don't forget that you must
update the schema first before you introduce w2k3 DCs. Downlevel clients are not
AD site aware. You can make them site aware by installing the
DSClient.
For more info on what you are
asking see:
MS-KBQ314649_W2K3 ADPREP Command
Causes Mangled Attributes in W2K Forests That Contain E2K
Servers
MS-KBQ325379_How to Upgrade
Windows 2000 Domain Controllers to Windows Server 2003
MS-KBQ555040_Common Mistakes
When Upgrade Windows 2000 Domain To Windows 2003
MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from
completing in Windows 2000
MS-KBQ555038_How to
enable Windows 98-ME-NT clients to logon to Windows 2003 based
Domains
Cheers,
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith,
BradSent: Monday, September 26, 2005 16:00To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 2003 DC Deployment
Question.
Hello
All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a handful
of users authenticate to that DC as a pilot. I want to repeat this about
10 times over my largest sites (where different applications and downlevel
client exist) to assess the changes in behaviour before taking the plunge with
the remaining clients. Most subnets in this exercise cater for over
500 clients, and I want to find the easiest way to re-direct 5 clients to the
W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are
confidential and copyright protected. If you are not the addressee, any
dissemination of this communication is strictly prohibited. Unless otherwise
expressly agreed in writing, nothing stated in this communication shall be
legally binding.
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you.
This message has been
scanned for viruses by MailControl | | | |
| bdesmond
Posts:366
| | 09/26/2005 2:51 AM |
| You can use 32 bit subnets if you want to designate half a dozen IPs or
something in that site.
That said, why not just put one DC in general deployment at a couple of
these sites and let it burn in for a bit? That™s the only way you™re
going to get an accurate picture.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: Monday, September 26, 2005
10:29 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 2003 DC
Deployment Question.
Hi,
You
cannot tell which user authenticates to which DC. Clients determine their
authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight
factor and a priority factor. By default the weight is set to 100 and the
priority is set to 0.
SRV RRs
with the same priority are treated as equal and are load balanced by DNS (round
robin if enabled - which by default is in w2k/w2k3).
SRV RRs
with a lower priority value are used first before using SRV RRS with higher
values
SRV RRs
with higher weight values are used more frequent than SRV RRs with lower
values. If you have SRV RR with weight = 50 and another with weight = 100. The
SRV RR with weight = 100 will be used twice as more as the SRV RR with weight =
50
The only
way I can think of right now to designate a certain DC to users is to create a
separate AD site, place that W2K3 DC in it and assign existing AD subnets to
that site where the new w2k3 DC is. This way the clients/servers on those
subnets will use the w2k3 as a DC for authentication
Don't
forget that you must update the schema first before you introduce w2k3 DCs.
Downlevel clients are not AD site aware. You can make them site aware by
installing the DSClient.
For more
info on what you are asking see:
MS-KBQ314649_W2K3
ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K
Servers
MS-KBQ325379_How
to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
MS-KBQ555040_Common
Mistakes When Upgrade Windows 2000 Domain To Windows 2003
MS-KBQ887426_Incorrect
Schema extension for OS X prevents ForestPrep from completing in Windows 2000
MS-KBQ555038_How
to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains
Cheers,
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith, Brad
Sent: Monday, September 26, 2005
16:00
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] 2003 DC
Deployment Question.
Hello All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a
handful of users authenticate to that DC as a pilot. I want to repeat
this about 10 times over my largest sites (where different applications and
downlevel client exist) to assess the changes in behaviour before taking the
plunge with the remaining clients. Most subnets in this exercise
cater for over 500 clients, and I want to find the easiest way to re-direct 5
clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed in
writing, nothing stated in this communication shall be legally binding.
This e-mail and any attachment is for
authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other party. If
you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you. | | | |
| PeterJ
Posts:5
| | 09/26/2005 2:55 AM |
| IIRC you can do this with a reg hack that
forces the machine to a certain DC. Problem is the machine will not look elsewhere
if that DC is not available AFAIK.
Regards
Peter Johnson
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith, Brad
Sent: 26 September 2005 16:41
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 2003 DC
Deployment Question.
Jorge, Thanks for the links. I have
already got my schema upgrades done, but your comments light up another
possible option. What if I weighted the new DC with a really low SRV weight
such as 5. Would this mean that a very small number of clients would authenticate
against it, or would each client weigh up 100 Vs 5 and choose the 100?
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: 26 September 2005 15:29
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] 2003 DC
Deployment Question.
Hi,
You
cannot tell which user authenticates to which DC. Clients determine their
authenticating DC querying DC for a SRV RR. With SRV RRs you designate a weight
factor and a priority factor. By default the weight is set to 100 and the
priority is set to 0.
SRV RRs
with the same priority are treated as equal and are load balanced by DNS (round
robin if enabled - which by default is in w2k/w2k3).
SRV RRs
with a lower priority value are used first before using SRV RRS with higher
values
SRV RRs
with higher weight values are used more frequent than SRV RRs with lower
values. If you have SRV RR with weight = 50 and another with weight = 100. The
SRV RR with weight = 100 will be used twice as more as the SRV RR with weight =
50
The only
way I can think of right now to designate a certain DC to users is to create a
separate AD site, place that W2K3 DC in it and assign existing AD subnets to
that site where the new w2k3 DC is. This way the clients/servers on those
subnets will use the w2k3 as a DC for authentication
Don't
forget that you must update the schema first before you introduce w2k3 DCs.
Downlevel clients are not AD site aware. You can make them site aware by installing
the DSClient.
For more
info on what you are asking see:
MS-KBQ314649_W2K3
ADPREP Command Causes Mangled Attributes in W2K Forests That Contain E2K
Servers
MS-KBQ325379_How
to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
MS-KBQ555040_Common
Mistakes When Upgrade Windows 2000 Domain To Windows 2003
MS-KBQ887426_Incorrect
Schema extension for OS X prevents ForestPrep from completing in Windows 2000
MS-KBQ555038_How
to enable Windows 98-ME-NT clients to logon to Windows 2003 based Domains
Cheers,
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith, Brad
Sent: Monday, September 26, 2005
16:00
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] 2003 DC
Deployment Question.
Hello All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a
handful of users authenticate to that DC as a pilot. I want to repeat
this about 10 times over my largest sites (where different applications and
downlevel client exist) to assess the changes in behaviour before taking the
plunge with the remaining clients. Most subnets in this exercise
cater for over 500 clients, and I want to find the easiest way to re-direct 5
clients to the W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed in
writing, nothing stated in this communication shall be legally binding.
This e-mail and any attachment is for
authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other party. If
you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
This message has been scanned for
viruses by MailControl | | | |
| ZJORZ
Posts:100
| | 09/26/2005 3:06 AM |
| As I know of the clients do not
choose anything. It is the DNS server that makes the choices for the client and
after that the client receives a list of servers in a certain order to
consult.
That is also a way to do it.
Setting the weight of the W2K3 DCs to 5 and letting the W2K DCs stick
to 100 means the W2K DCs will used for 20 times more than the W2K3 DCs.
However you still cannot control which client uses the w2k3 DC. To see which
client uses which DC you could "enhance" your loginscript and let the client
write its %COMPUTERNAME% and %LOGONSERVER% to some central log file. If I
remember correctly windows 95/98 don't know about the %LOGONSERVER% variable. Or
you could turn on account logon events on the DC.
For more info about DC selection
see:
http://www.windowsitpro.com/Articles/ArticleID/37935/37935.html (by
Gil KirkPatrick)
Cheers,
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith,
BradSent: Monday, September 26, 2005 16:41To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 2003 DC
Deployment Question.
Jorge,
Thanks for the links. I have already got my schema upgrades done, but your
comments light up another possible option. What if I weighted the new DC with a
really low SRV weight such as 5. Would this mean that a very small number
of clients would authenticate against it, or would each client weigh up 100 Vs 5
and choose the 100?
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: 26 September 2005 15:29To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] 2003 DC
Deployment Question.
Hi,
You cannot tell which user
authenticates to which DC. Clients determine their authenticating DC querying DC
for a SRV RR. With SRV RRs you designate a weight factor and a priority factor.
By default the weight is set to 100 and the priority is set to
0.
SRV RRs with the same priority
are treated as equal and are load balanced by DNS (round robin if enabled -
which by default is in w2k/w2k3).
SRV RRs with a lower priority
value are used first before using SRV RRS with higher values
SRV RRs with higher weight
values are used more frequent than SRV RRs with lower values. If you have SRV RR
with weight = 50 and another with weight = 100. The SRV RR with weight = 100
will be used twice as more as the SRV RR with weight = 50
The only way I can think of
right now to designate a certain DC to users is to create a separate AD site,
place that W2K3 DC in it and assign existing AD subnets to that site where the
new w2k3 DC is. This way the clients/servers on those subnets will use the w2k3
as a DC for authentication
Don't forget that you must
update the schema first before you introduce w2k3 DCs. Downlevel clients are not
AD site aware. You can make them site aware by installing the
DSClient.
For more info on what you are
asking see:
MS-KBQ314649_W2K3 ADPREP Command
Causes Mangled Attributes in W2K Forests That Contain E2K
Servers
MS-KBQ325379_How to Upgrade
Windows 2000 Domain Controllers to Windows Server 2003
MS-KBQ555040_Common Mistakes
When Upgrade Windows 2000 Domain To Windows 2003
MS-KBQ887426_Incorrect Schema extension for OS X prevents ForestPrep from
completing in Windows 2000
MS-KBQ555038_How to
enable Windows 98-ME-NT clients to logon to Windows 2003 based
Domains
Cheers,
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Smith,
BradSent: Monday, September 26, 2005 16:00To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] 2003 DC Deployment
Question.
Hello
All,
I have a number of large sites all running
W2K DC's. I want to migrate them to W2K3 and want to do it bit by
bit. I want to deploy the first W2K3 DC to a site, and have only a handful
of users authenticate to that DC as a pilot. I want to repeat this about
10 times over my largest sites (where different applications and downlevel
client exist) to assess the changes in behaviour before taking the plunge with
the remaining clients. Most subnets in this exercise cater for over
500 clients, and I want to find the easiest way to re-direct 5 clients to the
W2K3 DC's. All clients are W2K SP4 and use DHCP.
TIA for your help.
Brad
This email and any attached files are
confidential and copyright protected. If you are not the addressee, any
dissemination of this communication is strictly prohibited. Unless otherwise
expressly agreed in writing, nothing stated in this communication shall be
legally binding.
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you.
This message has been
scanned for viruses by MailControl | | | |
|
|