| Author | Messages | |
SWD
Posts:0
 | | 10/03/2005 10:49 AM |
| | Message body was not found. | | | |
| listmail
Posts:454
| | 10/04/2005 11:56 AM |
| Vista is the client OS. I don't believe they have named
Longhorn Server yet.I am voting for something like Windows Server 5.4.0 or
something like that. I realize that the marketing group would have something to
say about it but I figure the best thing from them is if they pronounced their
thoughts from the bottom of Lake Washington. People don't install servers
because they have cool names.
The
biggest non-NDA pieces that I have heard announced in conferences or seen on the
web already is the Read Only DC to limit security exposure for WAN
deployments, restartable AD that can be stopped/started as necessary,
DA/Admin separation so that you can have an Admin on a DC that "can't" achieve
Domain-wide DA level rights, and DCs running on Server Foundation or now its
called Server Core which is a GUI-challenged Windows Server.
I can
also say that there are a myriad of GUI updates for the Admin tools though I
can't state specifics. BJ Whalen who was involved with the GPMC project has been
brought in to work on admin experience and anyone who has worked with GPOs with
and without GPMC know that he really helped out.
All in
all, there is some very cool stuff and MS has really been listening to the
community on what they want and need. I know that this list is watched for ideas
and such and has been the source of DCRs internally. So if you have ideas, spout
them here, they will most certainly be heard. They may not make Longhorn as it
is getting a bit late to add major changes but your ideas could make it into a
later rev.
joe
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven
WoodSent: Monday, October 03, 2005 3:46 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Active Directory
wish list
Hi,
With Windows Vista on it's way what's on
people's wish list as far as Active Directory is concerned? Also are
there any big enhancements due?
Thanks
Steven | | | |
| CKaiser
Posts:2
| | 10/05/2005 1:48 AM |
| I'd also like to see the ability to run DCs for multiple domains on the
same server. SMBs with limited resources balk at having to buy
additional server hardware for redundancy on multiple domains,
especially when the AD load on the DCs is minimal. This feature sounds
like an offshoot of your list below. If you can run AD as a service, it
might not be that hard to allow multiple domains similar to multiple
websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years
ago. I hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named
> Longhorn Server yet.I am voting for something like Windows
> Server 5.4.0 or something like that. I realize that the
> marketing group would have something to say about it but I
> figure the best thing from them is if they pronounced their
> thoughts from the bottom of Lake Washington. People don't
> install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in
> conferences or seen on the web already is the Read Only DC to
> limit security exposure for WAN deployments, restartable AD
> that can be stopped/started as necessary, DA/Admin separation
> so that you can have an Admin on a DC that "can't" achieve
> Domain-wide DA level rights, and DCs running on Server
> Foundation or now its called Server Core which is a
> GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the
> Admin tools though I can't state specifics. BJ Whalen who was
> involved with the GPMC project has been brought in to work on
> admin experience and anyone who has worked with GPOs with and
> without GPMC know that he really helped out.
>
> All in all, there is some very cool stuff and MS has really
> been listening to the community on what they want and need. I
> know that this list is watched for ideas and such and has
> been the source of DCRs internally. So if you have ideas,
> spout them here, they will most certainly be heard. They may
> not make Longhorn as it is getting a bit late to add major
> changes but your ideas could make it into a later rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list
> as far as Active Directory is concerned? Also are there any
> big enhancements due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:454
| | 10/05/2005 2:51 AM |
| Yeah I can say that it isn't in Longhorn. As the dev guys put it, this is a
tough one. It wouldn't just be a nobrainer if they had separate instances of
AD, there are just tons of other things involved that make it extremely
difficult. It was something that was brought up in the summit though, not
sure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due to the
fact that VS is available and can run DCs. Also the Server Core DCs helps
here as well as the DCs will have a smaller footprint. If folks are NOT in
agreement with that assessment, definitely speak up, it is too late for
Longhorn but possibly the opportunity exists to convince them for BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the same
server. SMBs with limited resources balk at having to buy additional server
hardware for redundancy on multiple domains, especially when the AD load on
the DCs is minimal. This feature sounds like an offshoot of your list below.
If you can run AD as a service, it might not be that hard to allow multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001335
Posts:0
| | 10/05/2005 5:11 AM |
| You can. It's called Microsoft Virtual Server.
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 6:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the same
server. SMBs with limited resources balk at having to buy additional server
hardware for redundancy on multiple domains, especially when the AD load on
the DCs is minimal. This feature sounds like an offshoot of your list below.
If you can run AD as a service, it might not be that hard to allow multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| milburnr
Posts:0
| | 10/05/2005 5:48 AM |
| I think the biggest reason people want to be able to run multiple
domains on one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install a
minimum of 2 for a domain. We have a forest root and 2 child domains
model, and it takes us 6 servers to run that - for basically 2
directories and fewer than 5000 users. That seems like a waste of
hardware in some situations - especially if you have multiple orgs that
you run. The parallel might be for a web hosting company to have 2 full
web servers for each domain they host - in case 1 goes down, they still
have a second. VS is an answer, yes, although you still need a full
server license for each VM. The thing with domains is you don't want to
only have 1 online copy of the directory. MS didn't seem too convinced
there was a good reason to have an online second server - they cited
backups as a good solution to the issue. In a big org the cost of an
additional server to provide redundancy is negligible, but is having an
online copy (second DC) really the BEST way to do this? And it doesn't
help SBS users, since they can (correct me if I'm wrong) only have 1 DC.
I realize it may be the best way we have with W2K3, but how could the
issue of redundancy be addressed with AD differently than having 2 DCs
minimum per domain? Anyone have any ideas?
Rich
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 9:20 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
is a
tough one. It wouldn't just be a nobrainer if they had separate
instances of
AD, there are just tons of other things involved that make it extremely
difficult. It was something that was brought up in the summit though,
not
sure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due to
the
fact that VS is available and can run DCs. Also the Server Core DCs
helps
here as well as the DCs will have a smaller footprint. If folks are NOT
in
agreement with that assessment, definitely speak up, it is too late for
Longhorn but possibly the opportunity exists to convince them for
BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the
same
server. SMBs with limited resources balk at having to buy additional
server
hardware for redundancy on multiple domains, especially when the AD load
on
the DCs is minimal. This feature sounds like an offshoot of your list
below.
If you can run AD as a service, it might not be that hard to allow
multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years
ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.
This information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal law.
Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent to
or from this e-mail address may be stored on the Applebee's International, Inc.
e-mail system.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bdesmond
Posts:366
| | 10/05/2005 6:13 AM |
| SBS can have multiple DCs. The FSMOs just have to stay on the SBS box. They
can't have more than one domain in their forest because the trust
functionality is shutdown.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rich Milburn
Sent: Wednesday, October 05, 2005 1:48 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I think the biggest reason people want to be able to run multiple domains on
one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install a minimum
of 2 for a domain. We have a forest root and 2 child domains model, and it
takes us 6 servers to run that - for basically 2 directories and fewer than
5000 users. That seems like a waste of hardware in some situations -
especially if you have multiple orgs that you run. The parallel might be
for a web hosting company to have 2 full web servers for each domain they
host - in case 1 goes down, they still have a second. VS is an answer, yes,
although you still need a full server license for each VM. The thing with
domains is you don't want to only have 1 online copy of the directory. MS
didn't seem too convinced there was a good reason to have an online second
server - they cited backups as a good solution to the issue. In a big org
the cost of an additional server to provide redundancy is negligible, but is
having an online copy (second DC) really the BEST way to do this? And it
doesn't help SBS users, since they can (correct me if I'm wrong) only have 1
DC.
I realize it may be the best way we have with W2K3, but how could the issue
of redundancy be addressed with AD differently than having 2 DCs minimum per
domain? Anyone have any ideas?
Rich
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 9:20 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Yeah I can say that it isn't in Longhorn. As the dev guys put it, this is a
tough one. It wouldn't just be a nobrainer if they had separate instances of
AD, there are just tons of other things involved that make it extremely
difficult. It was something that was brought up in the summit though, not
sure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due to the
fact that VS is available and can run DCs. Also the Server Core DCs helps
here as well as the DCs will have a smaller footprint. If folks are NOT in
agreement with that assessment, definitely speak up, it is too late for
Longhorn but possibly the opportunity exists to convince them for BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the same
server. SMBs with limited resources balk at having to buy additional server
hardware for redundancy on multiple domains, especially when the AD load on
the DCs is minimal. This feature sounds like an offshoot of your list below.
If you can run AD as a service, it might not be that hard to allow multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or
any attachments.
This information is strictly confidential and may be subject to
attorney-client privilege. This message is intended only for the use of the
named addressee. If you are not the intended recipient of this message,
unauthorized forwarding, printing, copying, distribution, or using such
information is strictly prohibited and may be unlawful. If you have received
this in error, you should kindly notify the sender by reply e-mail and
immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal
law.
Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent
to or from this e-mail address may be stored on the Applebee's
International, Inc.
e-mail system.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| sbradcpa
Posts:317
| | 10/05/2005 6:25 AM |
| As a representative of the SBS community there is not a day that goes by
that the 'can we cluster SBS' or 'can I have a hot server' doesn't come
up. [if you have SA you can have a cold server]
With 9/11, with Katrina, with the potential for earthquakes in
California ... honestly... the answer for any small business should not
be 'well hope your backup is good... you have tested it right?'
Conversely I would argue the home user needs to be better protected than
they are now. [but that's way OT] I think the fault tolerance for
small firms is being a bit pushed to the asp/hosted services model in
the marketplace even though us control freaks aren't always fond of that.
Actually we 'can' have additional domain controllers..just that the SBS
has to hold the FSMO roles and be the PDC. By the time you reconfigure
that additional DC to take over the FSMO roles...maybe your time is
better spent fixing the PDC, ya know?
Is there a good story for small firms to have redundancy, fault
tolerance without a fat checkbook?
Nope, I would argue...not really.....right now imaging is the only way.
And in that instance.. you probably want to stay with a single DC and
not suffer the wrath of Brett and ghosting your DCs.
A recent whitepaper on the subject of the 'myths' of SBS:
http://msmvps.com/bradley/archive/2005/10/04/68986.aspx
http://msmvps.com/bradley/archive/2005/10/05/69035.aspx
I still would argue that virtualization needs to be done WAY more than
we are doing now...but that's just my wacko thoughts.
Rich Milburn wrote:
I think the biggest reason people want to be able to run multiple
domains on one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install a
minimum of 2 for a domain. We have a forest root and 2 child domains
model, and it takes us 6 servers to run that - for basically 2
directories and fewer than 5000 users. That seems like a waste of
hardware in some situations - especially if you have multiple orgs that
you run. The parallel might be for a web hosting company to have 2 full
web servers for each domain they host - in case 1 goes down, they still
have a second. VS is an answer, yes, although you still need a full
server license for each VM. The thing with domains is you don't want to
only have 1 online copy of the directory. MS didn't seem too convinced
there was a good reason to have an online second server - they cited
backups as a good solution to the issue. In a big org the cost of an
additional server to provide redundancy is negligible, but is having an
online copy (second DC) really the BEST way to do this? And it doesn't
help SBS users, since they can (correct me if I'm wrong) only have 1 DC.
I realize it may be the best way we have with W2K3, but how could the
issue of redundancy be addressed with AD differently than having 2 DCs
minimum per domain? Anyone have any ideas?
Rich
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 9:20 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
is a
tough one. It wouldn't just be a nobrainer if they had separate
instances of
AD, there are just tons of other things involved that make it extremely
difficult. It was something that was brought up in the summit though,
not
sure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due to
the
fact that VS is available and can run DCs. Also the Server Core DCs
helps
here as well as the DCs will have a smaller footprint. If folks are NOT
in
agreement with that assessment, definitely speak up, it is too late for
Longhorn but possibly the opportunity exists to convince them for
BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the
same
server. SMBs with limited resources balk at having to buy additional
server
hardware for redundancy on multiple domains, especially when the AD load
on
the DCs is minimal. This feature sounds like an offshoot of your list
below.
If you can run AD as a service, it might not be that hard to allow
multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years
ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 4:25 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Vista is the client OS. I don't believe they have named Longhorn
Server yet.I am voting for something like Windows Server 5.4.0 or
something like that. I realize that the marketing group would have
something to say about it but I figure the best thing from them is if
they pronounced their thoughts from the bottom of Lake Washington.
People don't install servers because they have cool names.
The biggest non-NDA pieces that I have heard announced in conferences
or seen on the web already is the Read Only DC to limit security
exposure for WAN deployments, restartable AD that can be
stopped/started as necessary, DA/Admin separation so that you can have
an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
DCs running on Server Foundation or now its called Server Core which
is a GUI-challenged Windows Server.
I can also say that there are a myriad of GUI updates for the Admin
tools though I can't state specifics. BJ Whalen who was involved with
the GPMC project has been brought in to work on admin experience and
anyone who has worked with GPOs with and without GPMC know that he
really helped out.
All in all, there is some very cool stuff and MS has really been
listening to the community on what they want and need. I know that
this list is watched for ideas and such and has been the source of
DCRs internally. So if you have ideas, spout them here, they will most
certainly be heard. They may not make Longhorn as it is getting a bit
late to add major changes but your ideas could make it into a later
rev.
joe
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
Sent: Monday, October 03, 2005 3:46 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Active Directory wish list
Hi,
With Windows Vista on it's way what's on people's wish list as far as
Active Directory is concerned? Also are there any big enhancements
due?
Thanks
Steven
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.
This information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal law.
Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent to
or from this e-mail address may be stored on the Applebee's International, Inc.
e-mail system.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| milburnr
Posts:0
| | 10/05/2005 7:27 AM |
| I kinda like the idea of running a DC in a VS machine, and having an
online realtime copy of it somewhere in addition to incremental
backups... and you should be able to bring up the vhd on any box, not
just one with similar hardware, and without having to go through Laura's
7 step DR plan :) (reference thread [ActiveDir] AD Restore Problem)
But can you have a VSS-type remote copy of your DC session vhd file?
(Forgive me if I bring up topics that were adequately addressed during
my hiatus in Windows Desktop Deployment World...)
------------------------------------------------------------------------
---
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
------------------------------------------------------------------------
---
"I am always doing that which I can not do, in order that I may learn
how to do it." - Pablo Picasso
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 05, 2005 1:12 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Active Directory wish list
As a representative of the SBS community there is not a day that goes by
that the 'can we cluster SBS' or 'can I have a hot server' doesn't come
up. [if you have SA you can have a cold server]
With 9/11, with Katrina, with the potential for earthquakes in
California ... honestly... the answer for any small business should not
be 'well hope your backup is good... you have tested it right?'
Conversely I would argue the home user needs to be better protected than
they are now. [but that's way OT] I think the fault tolerance for
small firms is being a bit pushed to the asp/hosted services model in
the marketplace even though us control freaks aren't always fond of
that.
Actually we 'can' have additional domain controllers..just that the SBS
has to hold the FSMO roles and be the PDC. By the time you reconfigure
that additional DC to take over the FSMO roles...maybe your time is
better spent fixing the PDC, ya know?
Is there a good story for small firms to have redundancy, fault
tolerance without a fat checkbook?
Nope, I would argue...not really.....right now imaging is the only way.
And in that instance.. you probably want to stay with a single DC and
not suffer the wrath of Brett and ghosting your DCs.
A recent whitepaper on the subject of the 'myths' of SBS:
http://msmvps.com/bradley/archive/2005/10/04/68986.aspx
http://msmvps.com/bradley/archive/2005/10/05/69035.aspx
I still would argue that virtualization needs to be done WAY more than
we are doing now...but that's just my wacko thoughts.
Rich Milburn wrote:
>I think the biggest reason people want to be able to run multiple
>domains on one server is the same reason practically no one (except for
>SBS) installs just one DC, and the same reason we always install a
>minimum of 2 for a domain. We have a forest root and 2 child domains
>model, and it takes us 6 servers to run that - for basically 2
>directories and fewer than 5000 users. That seems like a waste of
>hardware in some situations - especially if you have multiple orgs that
>you run. The parallel might be for a web hosting company to have 2
full
>web servers for each domain they host - in case 1 goes down, they still
>have a second. VS is an answer, yes, although you still need a full
>server license for each VM. The thing with domains is you don't want
to
>only have 1 online copy of the directory. MS didn't seem too convinced
>there was a good reason to have an online second server - they cited
>backups as a good solution to the issue. In a big org the cost of an
>additional server to provide redundancy is negligible, but is having an
>online copy (second DC) really the BEST way to do this? And it doesn't
>help SBS users, since they can (correct me if I'm wrong) only have 1
DC.
>I realize it may be the best way we have with W2K3, but how could the
>issue of redundancy be addressed with AD differently than having 2 DCs
>minimum per domain? Anyone have any ideas?
>
>Rich
>
>
>-----Original Message-----
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
>Sent: Tuesday, October 04, 2005 9:20 PM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: RE: [ActiveDir] Active Directory wish list
>
>Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
>is a
>tough one. It wouldn't just be a nobrainer if they had separate
>instances of
>AD, there are just tons of other things involved that make it extremely
>difficult. It was something that was brought up in the summit though,
>not
>sure how much I can say around it other than no, it won't be there.
>
>MS feels the focus of this is dramatically reduced now as well due to
>the
>fact that VS is available and can run DCs. Also the Server Core DCs
>helps
>here as well as the DCs will have a smaller footprint. If folks are NOT
>in
>agreement with that assessment, definitely speak up, it is too late for
>Longhorn but possibly the opportunity exists to convince them for
>BlackComb.
>
> joe
>
>
>
>-----Original Message-----
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
>Sent: Tuesday, October 04, 2005 9:37 PM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: RE: [ActiveDir] Active Directory wish list
>
>I'd also like to see the ability to run DCs for multiple domains on the
>same
>server. SMBs with limited resources balk at having to buy additional
>server
>hardware for redundancy on multiple domains, especially when the AD
load
>on
>the DCs is minimal. This feature sounds like an offshoot of your list
>below.
>If you can run AD as a service, it might not be that hard to allow
>multiple
>domains similar to multiple websites/DBs on one server...
>
>I remember discussing this with Stuart Kwan at DEC a couple of years
>ago. I
>hope it makes it into the mix...
>
>**********************
>Charlie Kaiser
>W2K3 MCSA/MCSE/Security, CCNA
>Systems Engineer
>Essex Credit / Brickwalk
>510 595 5083
>**********************
>
>
>
>
>>-----Original Message-----
>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
>>Sent: Tuesday, October 04, 2005 4:25 PM
>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>Subject: RE: [ActiveDir] Active Directory wish list
>>
>>Vista is the client OS. I don't believe they have named Longhorn
>>Server yet.I am voting for something like Windows Server 5.4.0 or
>>something like that. I realize that the marketing group would have
>>something to say about it but I figure the best thing from them is if
>>they pronounced their thoughts from the bottom of Lake Washington.
>>People don't install servers because they have cool names.
>>
>>The biggest non-NDA pieces that I have heard announced in conferences
>>or seen on the web already is the Read Only DC to limit security
>>exposure for WAN deployments, restartable AD that can be
>>stopped/started as necessary, DA/Admin separation so that you can have
>>
>>
>
>
>
>>an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
>>
>>
>
>
>
>>DCs running on Server Foundation or now its called Server Core which
>>is a GUI-challenged Windows Server.
>>
>>I can also say that there are a myriad of GUI updates for the Admin
>>tools though I can't state specifics. BJ Whalen who was involved with
>>the GPMC project has been brought in to work on admin experience and
>>anyone who has worked with GPOs with and without GPMC know that he
>>really helped out.
>>
>>All in all, there is some very cool stuff and MS has really been
>>listening to the community on what they want and need. I know that
>>this list is watched for ideas and such and has been the source of
>>DCRs internally. So if you have ideas, spout them here, they will most
>>
>>
>
>
>
>>certainly be heard. They may not make Longhorn as it is getting a bit
>>late to add major changes but your ideas could make it into a later
>>rev.
>>
>>
>> joe
>>
>>
>>________________________________
>>
>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
>>Sent: Monday, October 03, 2005 3:46 PM
>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>Subject: [ActiveDir] Active Directory wish list
>>
>>
>>Hi,
>>
>>With Windows Vista on it's way what's on people's wish list as far as
>>Active Directory is concerned? Also are there any big enhancements
>>due?
>>
>>Thanks
>>Steven
>>
>>
>>
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
PRIVILEGED /
>CONFIDENTIAL INFORMATION may be contained in this message or any
attachments.
>This information is strictly confidential and may be subject to
attorney-client
>privilege. This message is intended only for the use of the named
addressee. If
>you are not the intended recipient of this message, unauthorized
forwarding,
>printing, copying, distribution, or using such information is strictly
>prohibited and may be unlawful. If you have received this in error, you
should
>kindly notify the sender by reply e-mail and immediately destroy this
message.
>Unauthorized interception of this e-mail is a violation of federal
criminal law.
>Applebee's International, Inc. reserves the right to monitor and review
the
>content of all messages sent to and from this e-mail address. Messages
sent to
>or from this e-mail address may be stored on the Applebee's
International, Inc.
>e-mail system.
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.
This information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal law.
Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent to
or from this e-mail address may be stored on the Applebee's International, Inc.
e-mail system.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| prenouf
Posts:1
| | 10/05/2005 8:38 AM |
| Phil
On 10/5/05, Rich Milburn wrote:
I think the biggest reason people want to be able to run multipledomains on one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install aminimum of 2 for a domain. We have a forest root and 2 child domainsmodel, and it takes us 6 servers to run that - for basically 2directories and fewer than 5000 users. That seems like a waste of
hardware in some situations - especially if you have multiple orgs thatyou run. The parallel might be for a web hosting company to have 2 fullweb servers for each domain they host - in case 1 goes down, they still
have a second. VS is an answer, yes, although you still need a fullserver license for each VM. The thing with domains is you don't want toonly have 1 online copy of the directory. MS didn't seem too convinced
there was a good reason to have an online second server - they citedbackups as a good solution to the issue. In a big org the cost of anadditional server to provide redundancy is negligible, but is having an
online copy (second DC) really the BEST way to do this? And it doesn'thelp SBS users, since they can (correct me if I'm wrong) only have 1 DC.I realize it may be the best way we have with W2K3, but how could the
issue of redundancy be addressed with AD differently than having 2 DCsminimum per domain? Anyone have any ideas?Rich-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joeSent: Tuesday, October 04, 2005 9:20 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Active Directory wish listYeah I can say that it isn't in Longhorn. As the dev guys put it, thisis atough one. It wouldn't just be a nobrainer if they had separate
instances ofAD, there are just tons of other things involved that make it extremelydifficult. It was something that was brought up in the summit though,notsure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due tothefact that VS is available and can run DCs. Also the Server Core DCshelpshere as well as the DCs will have a smaller footprint. If folks are NOT
inagreement with that assessment, definitely speak up, it is too late forLonghorn but possibly the opportunity exists to convince them forBlackComb.joe-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Active Directory wish listI'd also like to see the ability to run DCs for multiple domains on the
sameserver. SMBs with limited resources balk at having to buy additionalserverhardware for redundancy on multiple domains, especially when the AD loadonthe DCs is minimal. This feature sounds like an offshoot of your list
below.If you can run AD as a service, it might not be that hard to allowmultipledomains similar to multiple websites/DBs on one server...I remember discussing this with Stuart Kwan at DEC a couple of years
ago. Ihope it makes it into the mix...**********************Charlie KaiserW2K3 MCSA/MCSE/Security, CCNASystems EngineerEssex Credit / Brickwalk510 595 5083**********************
> -----Original Message-----> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx
] On Behalf Of joe> Sent: Tuesday, October 04, 2005 4:25 PM> To: ActiveDir@xxxxxxxxxxxxxxxxxx> Subject: RE: [ActiveDir] Active Directory wish list
>> Vista is the client OS. I don't believe they have named Longhorn> Server yet.I am voting for something like Windows Server 5.4.0 or> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if> they pronounced their thoughts from the bottom of Lake Washington.> People don't install servers because they have cool names.
>> The biggest non-NDA pieces that I have heard announced in conferences> or seen on the web already is the Read Only DC to limit security> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.>> I can also say that there are a myriad of GUI updates for the Admin> tools though I can't state specifics. BJ Whalen who was involved with> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he> really helped out.>> All in all, there is some very cool stuff and MS has really been> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of> DCRs internally. So if you have ideas, spout them here, they will most> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later> rev.>>> joe>>> ________________________________>> From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx> Subject: [ActiveDir] Active Directory wish list>>> Hi,>> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements> due?>> Thanks> Steven>List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspxList archive:http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.This information is strictly confidential and may be subject to attorney-clientprivilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,printing, copying, distribution, or using such information is strictlyprohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.Unauthorized interception of this e-mail is a violation of federal criminal law.Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent toor from this e-mail address may be stored on the Applebee's International, Inc.e-mail system.List info :
http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| sbradcpa
Posts:317
| | 10/05/2005 9:03 AM |
| Have you guys checked out the PtoV tool on VMware?
Rich Milburn wrote:
I kinda like the idea of running a DC in a VS machine, and having an
online realtime copy of it somewhere in addition to incremental
backups... and you should be able to bring up the vhd on any box, not
just one with similar hardware, and without having to go through Laura's
7 step DR plan :) (reference thread [ActiveDir] AD Restore Problem)
But can you have a VSS-type remote copy of your DC session vhd file?
(Forgive me if I bring up topics that were adequately addressed during
my hiatus in Windows Desktop Deployment World...)
------------------------------------------------------------------------
---
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
------------------------------------------------------------------------
---
"I am always doing that which I can not do, in order that I may learn
how to do it." - Pablo Picasso
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 05, 2005 1:12 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Active Directory wish list
As a representative of the SBS community there is not a day that goes by
that the 'can we cluster SBS' or 'can I have a hot server' doesn't come
up. [if you have SA you can have a cold server]
With 9/11, with Katrina, with the potential for earthquakes in
California ... honestly... the answer for any small business should not
be 'well hope your backup is good... you have tested it right?'
Conversely I would argue the home user needs to be better protected than
they are now. [but that's way OT] I think the fault tolerance for
small firms is being a bit pushed to the asp/hosted services model in
the marketplace even though us control freaks aren't always fond of
that.
Actually we 'can' have additional domain controllers..just that the SBS
has to hold the FSMO roles and be the PDC. By the time you reconfigure
that additional DC to take over the FSMO roles...maybe your time is
better spent fixing the PDC, ya know?
Is there a good story for small firms to have redundancy, fault
tolerance without a fat checkbook?
Nope, I would argue...not really.....right now imaging is the only way.
And in that instance.. you probably want to stay with a single DC and
not suffer the wrath of Brett and ghosting your DCs.
A recent whitepaper on the subject of the 'myths' of SBS:
http://msmvps.com/bradley/archive/2005/10/04/68986.aspx
http://msmvps.com/bradley/archive/2005/10/05/69035.aspx
I still would argue that virtualization needs to be done WAY more than
we are doing now...but that's just my wacko thoughts.
Rich Milburn wrote:
I think the biggest reason people want to be able to run multiple
domains on one server is the same reason practically no one (except for
SBS) installs just one DC, and the same reason we always install a
minimum of 2 for a domain. We have a forest root and 2 child domains
model, and it takes us 6 servers to run that - for basically 2
directories and fewer than 5000 users. That seems like a waste of
hardware in some situations - especially if you have multiple orgs that
you run. The parallel might be for a web hosting company to have 2
full
web servers for each domain they host - in case 1 goes down, they still
have a second. VS is an answer, yes, although you still need a full
server license for each VM. The thing with domains is you don't want
to
only have 1 online copy of the directory. MS didn't seem too convinced
there was a good reason to have an online second server - they cited
backups as a good solution to the issue. In a big org the cost of an
additional server to provide redundancy is negligible, but is having an
online copy (second DC) really the BEST way to do this? And it doesn't
help SBS users, since they can (correct me if I'm wrong) only have 1
DC.
I realize it may be the best way we have with W2K3, but how could the
issue of redundancy be addressed with AD differently than having 2 DCs
minimum per domain? Anyone have any ideas?
Rich
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 9:20 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
is a
tough one. It wouldn't just be a nobrainer if they had separate
instances of
AD, there are just tons of other things involved that make it extremely
difficult. It was something that was brought up in the summit though,
not
sure how much I can say around it other than no, it won't be there.
MS feels the focus of this is dramatically reduced now as well due to
the
fact that VS is available and can run DCs. Also the Server Core DCs
helps
here as well as the DCs will have a smaller footprint. If folks are NOT
in
agreement with that assessment, definitely speak up, it is too late for
Longhorn but possibly the opportunity exists to convince them for
BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the
same
server. SMBs with limited resources balk at having to buy additional
server
hardware for redundancy on multiple domains, especially when the AD
load
on
the DCs is minimal. This feature sounds like an offshoot of your list
below.
If you can run AD as a service, it might not be that hard to allow
multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years
ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Tuesday, October 04, 2005 4:25 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Vista is the client OS. I don't believe they have named Longhorn
Server yet.I am voting for something like Windows Server 5.4.0 or
something like that. I realize that the marketing group would have
something to say about it but I figure the best thing from them is if
they pronounced their thoughts from the bottom of Lake Washington.
People don't install servers because they have cool names.
The biggest non-NDA pieces that I have heard announced in conferences
or seen on the web already is the Read Only DC to limit security
exposure for WAN deployments, restartable AD that can be
stopped/started as necessary, DA/Admin separation so that you can have
an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
DCs running on Server Foundation or now its called Server Core which
is a GUI-challenged Windows Server.
I can also say that there are a myriad of GUI updates for the Admin
tools though I can't state specifics. BJ Whalen who was involved with
the GPMC project has been brought in to work on admin experience and
anyone who has worked with GPOs with and without GPMC know that he
really helped out.
All in all, there is some very cool stuff and MS has really been
listening to the community on what they want and need. I know that
this list is watched for ideas and such and has been the source of
DCRs internally. So if you have ideas, spout them here, they will most
certainly be heard. They may not make Longhorn as it is getting a bit
late to add major changes but your ideas could make it into a later
rev.
joe
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
Sent: Monday, October 03, 2005 3:46 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Active Directory wish list
Hi,
With Windows Vista on it's way what's on people's wish list as far as
Active Directory is concerned? Also are there any big enhancements
due?
Thanks
Steven
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any
attachments.
This information is strictly confidential and may be subject to
attorney-client
privilege. This message is intended only for the use of the named
addressee. If
you are not the intended recipient of this message, unauthorized
forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you
should
kindly notify the sender by reply e-mail and immediately destroy this
message.
Unauthorized interception of this e-mail is a violation of federal
criminal law.
Applebee's International, Inc. reserves the right to monitor and review
the
content of all messages sent to and from this e-mail address. Messages
sent to
or from this e-mail address may be stored on the Applebee's
International, Inc.
e-mail system.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000332
Posts:0
| | 10/05/2005 9:23 AM |
| How would LDAP apps easily address multiple AD domains hosted on one server? What if you wanted to make this box a GC for more than one domain? How easily can you configure apps like Exchange to cope with this? I say "easily" because you talk about SMEs using this function, which are the places that might be less well equipped to figure out the support impact on those apps from having to make them work with this arrangement.
Or the cost of buying and implementing upgrades that figure it out for them... that money we saved on the seperate hardware boxes just went bye-bye... Oh well, at least multiple domains on one hardware box *sounds* cool.
Rob
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 6:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the same
server. SMBs with limited resources balk at having to buy additional server
hardware for redundancy on multiple domains, especially when the AD load on
the DCs is minimal. This feature sounds like an offshoot of your list below.
If you can run AD as a service, it might not be that hard to allow multiple
domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years ago. I
hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| katherinec@xxxx.yyy
| | 10/05/2005 9:36 AM |
| The user account performing the backup needs to have "Restore Files and
Directories" rights to be able to perform a backup of the system state.
I know that it's small in the scheme of things, but anytime MS wants to
fix that I'd be happy. In other words, just granting the "Back up Files
and Directories" rights should be all that is required to, oh let's see,
back up files and directories, including System State.
K
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: 05 October 2005 03:20
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
is a tough one. It wouldn't just be a nobrainer if they had separate
instances of AD, there are just tons of other things involved that make
it extremely difficult. It was something that was brought up in the
summit though, not sure how much I can say around it other than no, it
won't be there.
MS feels the focus of this is dramatically reduced now as well due to
the fact that VS is available and can run DCs. Also the Server Core DCs
helps here as well as the DCs will have a smaller footprint. If folks
are NOT in agreement with that assessment, definitely speak up, it is
too late for Longhorn but possibly the opportunity exists to convince
them for BlackComb.
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie Kaiser
Sent: Tuesday, October 04, 2005 9:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Active Directory wish list
I'd also like to see the ability to run DCs for multiple domains on the
same server. SMBs with limited resources balk at having to buy
additional server hardware for redundancy on multiple domains,
especially when the AD load on the DCs is minimal. This feature sounds
like an offshoot of your list below.
If you can run AD as a service, it might not be that hard to allow
multiple domains similar to multiple websites/DBs on one server...
I remember discussing this with Stuart Kwan at DEC a couple of years
ago. I hope it makes it into the mix...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> Sent: Tuesday, October 04, 2005 4:25 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> Vista is the client OS. I don't believe they have named Longhorn
> Server yet.I am voting for something like Windows Server 5.4.0 or
> something like that. I realize that the marketing group would have
> something to say about it but I figure the best thing from them is if
> they pronounced their thoughts from the bottom of Lake Washington.
> People don't install servers because they have cool names.
>
> The biggest non-NDA pieces that I have heard announced in conferences
> or seen on the web already is the Read Only DC to limit security
> exposure for WAN deployments, restartable AD that can be
> stopped/started as necessary, DA/Admin separation so that you can have
> an Admin on a DC that "can't" achieve Domain-wide DA level rights, and
> DCs running on Server Foundation or now its called Server Core which
> is a GUI-challenged Windows Server.
>
> I can also say that there are a myriad of GUI updates for the Admin
> tools though I can't state specifics. BJ Whalen who was involved with
> the GPMC project has been brought in to work on admin experience and
> anyone who has worked with GPOs with and without GPMC know that he
> really helped out.
>
> All in all, there is some very cool stuff and MS has really been
> listening to the community on what they want and need. I know that
> this list is watched for ideas and such and has been the source of
> DCRs internally. So if you have ideas, spout them here, they will most
> certainly be heard. They may not make Longhorn as it is getting a bit
> late to add major changes but your ideas could make it into a later
> rev.
>
>
> joe
>
>
> ________________________________
>
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
> Sent: Monday, October 03, 2005 3:46 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Active Directory wish list
>
>
> Hi,
>
> With Windows Vista on it's way what's on people's wish list as far as
> Active Directory is concerned? Also are there any big enhancements
> due?
>
> Thanks
> Steven
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| aricbernard
Posts:2
| | 10/05/2005 9:39 AM |
| How about the VSMT for VS2005? ;)
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Wednesday, October 05, 2005 12:45 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Active Directory wish list
Have you guys checked out the PtoV tool on VMware?
Rich Milburn wrote:
>I kinda like the idea of running a DC in a VS machine, and having an
>online realtime copy of it somewhere in addition to incremental
>backups... and you should be able to bring up the vhd on any box, not
>just one with similar hardware, and without having to go through
Laura's
>7 step DR plan :) (reference thread [ActiveDir] AD Restore Problem)
>
>But can you have a VSS-type remote copy of your DC session vhd file?
>
>(Forgive me if I bring up topics that were adequately addressed during
>my hiatus in Windows Desktop Deployment World...)
>
>-----------------------------------------------------------------------
-
>---
>Rich Milburn
>MCSE, Microsoft MVP - Directory Services
>Sr Network Analyst, Field Platform Development
>Applebee's International, Inc.
>4551 W. 107th St
>Overland Park, KS 66207
>913-967-2819
>-----------------------------------------------------------------------
-
>---
>"I am always doing that which I can not do, in order that I may learn
>how to do it." - Pablo Picasso
>
>-----Original Message-----
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
>CPA aka Ebitz - SBS Rocks [MVP]
>Sent: Wednesday, October 05, 2005 1:12 PM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: Re: [ActiveDir] Active Directory wish list
>
>As a representative of the SBS community there is not a day that goes
by
>
>that the 'can we cluster SBS' or 'can I have a hot server' doesn't come
>up. [if you have SA you can have a cold server]
>
>With 9/11, with Katrina, with the potential for earthquakes in
>California ... honestly... the answer for any small business should not
>be 'well hope your backup is good... you have tested it right?'
>Conversely I would argue the home user needs to be better protected
than
>
>they are now. [but that's way OT] I think the fault tolerance for
>small firms is being a bit pushed to the asp/hosted services model in
>the marketplace even though us control freaks aren't always fond of
>that.
>
>Actually we 'can' have additional domain controllers..just that the SBS
>has to hold the FSMO roles and be the PDC. By the time you reconfigure
>that additional DC to take over the FSMO roles...maybe your time is
>better spent fixing the PDC, ya know?
>
>Is there a good story for small firms to have redundancy, fault
>tolerance without a fat checkbook?
>
>Nope, I would argue...not really.....right now imaging is the only way.
>
>And in that instance.. you probably want to stay with a single DC and
>not suffer the wrath of Brett and ghosting your DCs.
>
>A recent whitepaper on the subject of the 'myths' of SBS:
>http://msmvps.com/bradley/archive/2005/10/04/68986.aspx
>http://msmvps.com/bradley/archive/2005/10/05/69035.aspx
>
>I still would argue that virtualization needs to be done WAY more than
>we are doing now...but that's just my wacko thoughts.
>
>
>Rich Milburn wrote:
>
>
>
>>I think the biggest reason people want to be able to run multiple
>>domains on one server is the same reason practically no one (except
for
>>SBS) installs just one DC, and the same reason we always install a
>>minimum of 2 for a domain. We have a forest root and 2 child domains
>>model, and it takes us 6 servers to run that - for basically 2
>>directories and fewer than 5000 users. That seems like a waste of
>>hardware in some situations - especially if you have multiple orgs
that
>>you run. The parallel might be for a web hosting company to have 2
>>
>>
>full
>
>
>>web servers for each domain they host - in case 1 goes down, they
still
>>have a second. VS is an answer, yes, although you still need a full
>>server license for each VM. The thing with domains is you don't want
>>
>>
>to
>
>
>>only have 1 online copy of the directory. MS didn't seem too
convinced
>>there was a good reason to have an online second server - they cited
>>backups as a good solution to the issue. In a big org the cost of an
>>additional server to provide redundancy is negligible, but is having
an
>>online copy (second DC) really the BEST way to do this? And it
doesn't
>>help SBS users, since they can (correct me if I'm wrong) only have 1
>>
>>
>DC.
>
>
>>I realize it may be the best way we have with W2K3, but how could the
>>issue of redundancy be addressed with AD differently than having 2 DCs
>>minimum per domain? Anyone have any ideas?
>>
>>Rich
>>
>>
>>-----Original Message-----
>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
>>Sent: Tuesday, October 04, 2005 9:20 PM
>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>Subject: RE: [ActiveDir] Active Directory wish list
>>
>>Yeah I can say that it isn't in Longhorn. As the dev guys put it, this
>>is a
>>tough one. It wouldn't just be a nobrainer if they had separate
>>instances of
>>AD, there are just tons of other things involved that make it
extremely
>>difficult. It was something that was brought up in the summit though,
>>not
>>sure how much I can say around it other than no, it won't be there.
>>
>>MS feels the focus of this is dramatically reduced now as well due to
>>the
>>fact that VS is available and can run DCs. Also the Server Core DCs
>>helps
>>here as well as the DCs will have a smaller footprint. If folks are
NOT
>>in
>>agreement with that assessment, definitely speak up, it is too late
for
>>Longhorn but possibly the opportunity exists to convince them for
>>BlackComb.
>>
>> joe
>>
>>
>>
>>-----Original Message-----
>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Charlie
Kaiser
>>Sent: Tuesday, October 04, 2005 9:37 PM
>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>Subject: RE: [ActiveDir] Active Directory wish list
>>
>>I'd also like to see the ability to run DCs for multiple domains on
the
>>same
>>server. SMBs with limited resources balk at having to buy additional
>>server
>>hardware for redundancy on multiple domains, especially when the AD
>>
>>
>load
>
>
>>on
>>the DCs is minimal. This feature sounds like an offshoot of your list
>>below.
>>If you can run AD as a service, it might not be that hard to allow
>>multiple
>>domains similar to multiple websites/DBs on one server...
>>
>>I remember discussing this with Stuart Kwan at DEC a couple of years
>>ago. I
>>hope it makes it into the mix...
>>
>>**********************
>>Charlie Kaiser
>>W2K3 MCSA/MCSE/Security, CCNA
>>Systems Engineer
>>Essex Credit / Brickwalk
>>510 595 5083
>>**********************
>>
>>
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
>>>Sent: Tuesday, October 04, 2005 4:25 PM
>>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>>Subject: RE: [ActiveDir] Active Directory wish list
>>>
>>>Vista is the client OS. I don't believe they have named Longhorn
>>>Server yet.I am voting for something like Windows Server 5.4.0 or
>>>something like that. I realize that the marketing group would have
>>>something to say about it but I figure the best thing from them is if
>>>they pronounced their thoughts from the bottom of Lake Washington.
>>>People don't install servers because they have cool names.
>>>
>>>The biggest non-NDA pieces that I have heard announced in conferences
>>>or seen on the web already is the Read Only DC to limit security
>>>exposure for WAN deployments, restartable AD that can be
>>>stopped/started as necessary, DA/Admin separation so that you can
have
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>an Admin on a DC that "can't" achieve Domain-wide DA level rights,
and
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>DCs running on Server Foundation or now its called Server Core which
>>>is a GUI-challenged Windows Server.
>>>
>>>I can also say that there are a myriad of GUI updates for the Admin
>>>tools though I can't state specifics. BJ Whalen who was involved with
>>>the GPMC project has been brought in to work on admin experience and
>>>anyone who has worked with GPOs with and without GPMC know that he
>>>really helped out.
>>>
>>>All in all, there is some very cool stuff and MS has really been
>>>listening to the community on what they want and need. I know that
>>>this list is watched for ideas and such and has been the source of
>>>DCRs internally. So if you have ideas, spout them here, they will
most
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>>certainly be heard. They may not make Longhorn as it is getting a bit
>>>late to add major changes but your ideas could make it into a later
>>>rev.
>>>
>>>
>>> joe
>>>
>>>
>>>________________________________
>>>
>>>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>>>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Steven Wood
>>>Sent: Monday, October 03, 2005 3:46 PM
>>>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>>>Subject: [ActiveDir] Active Directory wish list
>>>
>>>
>>>Hi,
>>>
>>>With Windows Vista on it's way what's on people's wish list as far as
>>>Active Directory is concerned? Also are there any big enhancements
>>>due?
>>>
>>>Thanks
>>>Steven
>>>
>>>
>>>
>>>
>>>
>>List info : http://www.activedir.org/List.aspx
>>List FAQ : http://www.activedir.org/ListFAQ.aspx
>>List archive:
>>http://www.mail-archive.com/activedir%40mail.activedir.org/
>>
>>List info : http://www.activedir.org/List.aspx
>>List FAQ : http://www.activedir.org/ListFAQ.aspx
>>List archive:
>>http://www.mail-archive.com/activedir%40mail.activedir.org/
>>
>>-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
>>
>>
>PRIVILEGED /
>
>
>>CONFIDENTIAL INFORMATION may be contained in this message or any
>>
>>
>attachments.
>
>
>>This information is strictly confidential and may be subject to
>>
>>
>attorney-client
>
>
>>privilege. This message is intended only for the use of the named
>>
>>
>addressee. If
>
>
>>you are not the intended recipient of this message, unauthorized
>>
>>
>forwarding,
>
>
>>printing, copying, distribution, or using such information is strictly
>>prohibited and may be unlawful. If you have received this in error,
you
>>
>>
>should
>
>
>>kindly notify the sender by reply e-mail and immediately destroy this
>>
>>
>message.
>
>
>>Unauthorized interception of this e-mail is a violation of federal
>>
>>
>criminal law.
>
>
>>Applebee's International, Inc. reserves the right to monitor and
review
>>
>>
>the
>
>
>>content of all messages sent to and from this e-mail address. Messages
>>
>>
>sent to
>
>
>>or from this e-mail address may be stored on the Applebee's
>>
>>
>International, Inc.
>
>
>>e-mail system.
>>List info : http://www.activedir.org/List.aspx
>>List FAQ : http://www.activedir.org/ListFAQ.aspx
>>List archive:
>>
>>
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
>>
>>
>>
>>
>
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| CKaiser
Posts:2
| | 10/05/2005 10:01 AM |
| What I want is to be able to run multiple domains on one OS installation
and segment the directories from each other. That way I don't need to
run multiple licenses of the OS, nor do I need hardware that can power 4
VMs.
I already run VMs using VMWare in my test lab; it works but I'd prefer
to be able to run AD as a service and have it be smart enough to be able
to segment itself without needing a separate OS...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ed
> Crowley [MVP]
> Sent: Wednesday, October 05, 2005 10:07 AM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> You can. It's called Microsoft Virtual Server.
>
> Ed Crowley MCSE+Internet MVP
> Freelance E-Mail Philosopher
> Protecting the world from PSTs and Bricked Backups!T
>
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
> Charlie Kaiser
> Sent: Tuesday, October 04, 2005 6:37 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: RE: [ActiveDir] Active Directory wish list
>
> I'd also like to see the ability to run DCs for multiple
> domains on the same
> server. SMBs with limited resources balk at having to buy
> additional server
> hardware for redundancy on multiple domains, especially when
> the AD load on
> the DCs is minimal. This feature sounds like an offshoot of
> your list below.
> If you can run AD as a service, it might not be that hard to
> allow multiple
> domains similar to multiple websites/DBs on one server...
>
> I remember discussing this with Stuart Kwan at DEC a couple
> of years ago. I
> hope it makes it into the mix...
>
> **********************
> Charlie Kaiser
> W2K3 MCSA/MCSE/Security, CCNA
> Systems Engineer
> Essex Credit / Brickwalk
> 510 595 5083
> **********************
>
>
> > -----Original Message-----
> > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
> > Sent: Tuesday, October 04, 2005 4:25 PM
> > To: ActiveDir@xxxxxxxxxxxxxxxxxx
> > Subject: RE: [ActiveDir] Active Directory wish list
> >
> > Vista is the client OS. I don't believe they have named Longhorn
> > Server yet.I am voting for something like Windows Server 5.4.0 or
> > something like that. I realize that the marketing group would have
> > something to say about it but I figure the best thing from
> them is if
> > they pronounced their thoughts from the bottom of Lake Washington.
> > People don't install servers because they have cool names.
> >
> > The biggest non-NDA pieces that I have heard announced in
> conferences
> > or seen on the web already is the Read Only DC to limit security
> > exposure for WAN deployments, restartable AD that can be
> > stopped/started as necessary, DA/Admin separation so that
> you can have
> > an Admin on a DC that "can't" achieve Domain-wide DA level
> rights, and
> > DCs running on Server Foundation or now its called Server
> Core which
> > is a GUI-challenged Windows Server.
> >
> > I can also say that there are a myriad of GUI updates for the Admin
> > tools though I can't state specifics. BJ Whalen who was
> involved with
> > the GPMC project has been brought in to work on admin
> experience and
> > anyone who has worked with GPOs with and without GPMC know that he
> > really helped out.
> >
> > All in all, there is some very cool stuff and MS has really been
> |
|
|