| Author | Messages | |
AD00000336
Posts:0
 | | 03/06/2006 6:40 AM |
| I don™t really look at problems from
the Trying to Save Money Approach¦. I try to spend my
money and use my time wisely.
I base all my value judgments on the
following factors.
1. Does it value people?
2. Is it priced acceptably? (I value
dominate designs, but also feel that some innovative features are worth more if
they offer added value)
3. Is the solution timely?
4. Does the solution offer reproducible results?
AD lag site restores seem a little
advanced for general operators to be able to perform. To me restore
operations are an operator job not an engineer™s so I want a solution
that offers value to operators.
The standard Free AD solution
to restore objects has a lot of CLI, it doesn™t restore all the
attributes, it takes more time to implement, it requires a DC be rebooted, it
lacks the ability to restore single attributes, and groups. The lag site
approach seems okay initially, but it requires more dedicated hardware that has
to be maintained, it complicates the AD design in a unnatural way,
it requires knowledge of the AD site architecture to properly implement (You
have to force replication to the rest of the forest) and takes longer to implement
a restore operation¦ (The use might be out in china, where your lag site
might be in the UK).
For me I wanted the ability to quickly
restore objects using a turnkey solution that I can delegate to trusted
operators to perform. A dedicated person to do this task would cost about
30 to 40K per year. My base thinking is that would work between 10K to 20K up
front, and about 3 to 5% overhead each additional year. I gain the
ability to restore all objects and attributes, as well as groups and their
memberships. I can restore these objects at the site the user resides, I
don™t have to reboot a DC to do this operation, and I free up the
engineer to be an engineer not an operator.
So my priorities are different than yours¦..
and so are my responsibilities. I don™t have to save the company
money.
Notice I didn™t say lag sites don™t
work, but the number of steps involved to do an authoritative restore compared
to using a third-party product designed for the job and the possible end
results are akin to shooting a bullet and throwing one.
Yeah you probably hit the target both ways¦.
But I think my way is more accurate, has better range, and gets the job done a
lot faster and has the potential to be more effective with less skill.
Todd Myrick
From: Frank Abagnale
[mailto:abagnale_lists@xxxxxxxxx]
Sent: Saturday, March 04, 2006
5:47 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag
Sites
Todd,
You mentioned 'potentially has the ability to create more problems'
Could you outline the problems that are on your mind?
I see Lag Sites as a solution to save the business money
from purchasing a solution, but I still need to think about business risk
if such a solution was to be implemented.
Frank
"Myrick, Todd (NIH/CC/DNA) [E]" wrote:
Agreed.
Not a big fan of the
Lag-Site, I think it potentially has the ability to create more
problems. At least MS added some limited functionality in 2003, now if
they would just finish the job in Vista this topic might goto rest. (Are
you there Stewart?)
I do see value in Creative Subnetting,
when it comes to establishing multiple sites on a physical network segment to
get the KCC to replicate in a more deterministic manner. Fun to do in the
classroom too when teaching subnetting.
Todd Myrick
From: Almeida Pinto,
Jorge de [mailto:jorge.de.almeida.pinto@xxxxxxxxxxxxx]
Sent: Friday, March 03, 2006 11:17
AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag
Sites
7 lag sites? holy sh*t!
would it be much cheaper to use a
solution that can undelete the deleted objects and restore (push back) the
attributes?
jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Friday, March 03, 2006 16:59
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag
Sites
As Jorge mentioned you do not have to
follow your physical subnets for Lag-Sites. Usually you would use that as a
guideline, but for lag-sites you can do a sub-subnetting. AD replication does
not care about the physical structure or TCP/IP-Settings (Subnetmask,
Def-Gateway) - it just cares what you have configured in the sites, subnets and
what IP the DC is using. So you can in a 10.1.x.x network you could configure
all servers with 10.1.x.x IP-Adresses with a Subnet-Mask of 255.255.0.0,
however you keep all servers in one lagsite in the same "virtual
subnet" 10.1.9.x and all production Servers in 10.1.1.x - 10.1.8.x.
Remember that all have the default gateway and subnet mask for 10.1.x.x. But
now you create the virtual subnets in AD, and join 10.1.1.x - 10.1.8.x to the
production site, and 10.1.9.x to the lag-site.. AD-Replication will do what you
wanted it to do, even without the need for routing.
However - and this was the main reason
why I wanted to follow up on this - remember that one lag-site might not be
enough. Imagine you configure your lag-site to replicate every thursday
6pm. So if someone makes an error deleting a whole OU on e.g. Tuesday, you are
recognizing it on Wednesday and are able to rollback this OU (authoritative
restore on the lag site, then force replication). However if someone deletes a
OU on thursday, and you recognize it on friday (or even thursday 7pm) you have
to restore a server from tape first, because your only lag-site has already
replicated that deletion.
What I prefer is creating two lag-sites,
one which replicates in the middle of the week and one which replicates on the
weekend. No matter when the error will be performed (even right before
replication of one of the lag-sites), we always have a at least half week old
copy of the AD in the one of the Lag-Site. And I've even heard
from someone using seven lag-sites for every day in the week. Perhaps he's
jumping into this thread later ;-)
Gruesse -
Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile: http://mvp.support.microsoft.com/profile="">
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Frank Abagnale
Sent: Friday, March 03, 2006 4:29
PM
To: Active
Subject: [ActiveDir] AD Lag Sites
Single Forest, Single Domain,
W2K3 FFL
I am thinking about setting up a lag site for DR purposes.
Just for clarification purposes, would I need a separate IP
subnet i.e IP subnet that isn't assigned to any other site in
AD to create this?
All my existing IP Subnets are assigned to existing Sites
which are used for normal replication, so I am assuming my question will result
in a yes.
Does anyone have any recommended guides to follow
thanks frank
Relax. Yahoo! Mail virus
scanning helps detect nasty viruses!
Brings words and photos together (easily) with
PhotoMail
- it's free and works with Yahoo! Mail. | | | |
| deji
Posts:262
| | 03/06/2006 7:22 AM |
| He does NOT "have to save the company money", he says.
That's MY money you are talking about there, bucko! :)
Seriously, Todd, you do have to understand that a vast majority of IT shops
don't have budget for their IT folks to be as productive as they desire to
be. This is why people tend to be as creative and conservative as possible.
They want to stay as native as humanly possible and as painful as the
exercise tend to be, they typically can't do anything about it. When
management expects you to squeeze water out of rocks, you hardly have much
options.
The "Lag Site" concept is not a replacement for specialized recovery
solutions. But, the concept came about as a result of people realizing that,
much as they like the Quests and Netpros of this world, the steep price
associated with them makes those products out of reach. If you've seen the
"California Cows" commercials, you will begin to understand how much people
salivate over professional tools. So, what's a poor admin to do? Especially
when his/her CIO has just played golf with a buddy who has just read
something from, say, Gartner, preaching the benefits of "DR", and the CIO now
wants DR implemented like, oh, say, one week ago without any additional
funding?
"Lag Sites" are NOT as expensive as any of the other options. Where budget
constraint is a factor, the "Lag Site" concept is the next best thing for any
AD Admin. The fact that it requires some expertise to successfully implement
and utilize IS a big plus rather than a drawback. If you are going to
administer any sizeable enterprise where DR is essential, you better start
knowing something about the inner workings of the things you are claiming to
be administering. Come to think of it, the vendors who market these
specialized recovery tools are not engaged in voodoo. By learning how things
work, you may not need to pay their "protection" money any longer.
OK, now I've said too much ;)
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Myrick, Todd
(NIH/CC/DNA) [E]
Sent: Mon 3/6/2006 10:36 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
I don't really look at problems from the "Trying to Save Money Approach"....
I try to spend my money and use my time wisely.
I base all my value judgments on the following factors.
1. Does it value people?
2. Is it priced acceptably? (I value dominate designs, but also feel that
some innovative features are worth more if they offer added value)
3. Is the solution timely?
4. Does the solution offer reproducible results?
AD lag site restores seem a little advanced for general operators to be able
to perform. To me restore operations are an operator job not an engineer's
so I want a solution that offers value to operators.
The standard "Free" AD solution to restore objects has a lot of CLI, it
doesn't restore all the attributes, it takes more time to implement, it
requires a DC be rebooted, it lacks the ability to restore single attributes,
and groups. The lag site approach seems okay initially, but it requires more
dedicated hardware that has to be maintained, it complicates the AD design in
a "unnatural way", it requires knowledge of the AD site architecture to
properly implement (You have to force replication to the rest of the forest)
and takes longer to implement a restore operation... (The use might be out in
china, where your lag site might be in the UK).
For me I wanted the ability to quickly restore objects using a turnkey
solution that I can delegate to trusted operators to perform. A dedicated
person to do this task would cost about 30 to 40K per year. My base thinking
is that would work between 10K to 20K up front, and about 3 to 5% overhead
each additional year. I gain the ability to restore all objects and
attributes, as well as groups and their memberships. I can restore these
objects at the site the user resides, I don't have to reboot a DC to do this
operation, and I free up the engineer to be an engineer not an operator.
So my priorities are different than yours..... and so are my
responsibilities. I don't have to save the company money.
Notice I didn't say lag sites don't work, but the number of steps involved to
do an authoritative restore compared to using a third-party product designed
for the job and the possible end results are akin to shooting a bullet and
throwing one.
Yeah you probably hit the target both ways.... But I think my way is more
accurate, has better range, and gets the job done a lot faster and has the
potential to be more effective with less skill.
Todd Myrick
________________________________
From: Frank Abagnale [mailto:abagnale_lists@xxxxxxxxx]
Sent: Saturday, March 04, 2006 5:47 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
Todd,
You mentioned 'potentially has the ability to create more problems'
Could you outline the problems that are on your mind?
I see Lag Sites as a solution to save the business money from purchasing a
solution, but I still need to think about business risk if such a solution
was to be implemented.
Frank
"Myrick, Todd (NIH/CC/DNA) [E]" wrote:
Agreed.
Not a big fan of the "Lag-Site", I think it potentially has the
ability to create more problems. At least MS added some limited
functionality in 2003, now if they would just finish the job in Vista this
topic might goto rest. (Are you there Stewart?)
I do see value in Creative Subnetting, when it comes to establishing
multiple sites on a physical network segment to get the KCC to replicate in a
more deterministic manner. Fun to do in the classroom too when teaching
subnetting.
Todd Myrick
________________________________
From: Almeida Pinto, Jorge de
[mailto:jorge.de.almeida.pinto@xxxxxxxxxxxxx]
Sent: Friday, March 03, 2006 11:17 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
7 lag sites? holy sh*t!
would it be much cheaper to use a solution that can undelete the
deleted objects and restore (push back) the attributes?
jorge
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Friday, March 03, 2006 16:59
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
As Jorge mentioned you do not have to follow your physical subnets
for Lag-Sites. Usually you would use that as a guideline, but for lag-sites
you can do a sub-subnetting. AD replication does not care about the physical
structure or TCP/IP-Settings (Subnetmask, Def-Gateway) - it just cares what
you have configured in the sites, subnets and what IP the DC is using. So you
can in a 10.1.x.x network you could configure all servers with 10.1.x.x
IP-Adresses with a Subnet-Mask of 255.255.0.0, however you keep all servers
in one lagsite in the same "virtual subnet" 10.1.9.x and all production
Servers in 10.1.1.x - 10.1.8.x. Remember that all have the default gateway
and subnet mask for 10.1.x.x. But now you create the virtual subnets in AD,
and join 10.1.1.x - 10.1.8.x to the production site, and 10.1.9.x to the
lag-site.. AD-Replication will do what you wanted it to do, even without the
need for routing.
However - and this was the main reason why I wanted to follow up on
this - remember that one lag-site might not be enough. Imagine you configure
your lag-site to replicate every thursday 6pm. So if someone makes an error
deleting a whole OU on e.g. Tuesday, you are recognizing it on Wednesday and
are able to rollback this OU (authoritative restore on the lag site, then
force replication). However if someone deletes a OU on thursday, and you
recognize it on friday (or even thursday 7pm) you have to restore a server
from tape first, because your only lag-site has already replicated that
deletion.
What I prefer is creating two lag-sites, one which replicates in the
middle of the week and one which replicates on the weekend. No matter when
the error will be performed (even right before replication of one of the
lag-sites), we always have a at least half week old copy of the AD in the one
of the Lag-Site. And I've even heard from someone using seven lag-sites for
every day in the week. Perhaps he's jumping into this thread later ;-)
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Frank Abagnale
Sent: Friday, March 03, 2006 4:29 PM
To: Active
Subject: [ActiveDir] AD Lag Sites
Single Forest, Single Domain, W2K3 FFL
I am thinking about setting up a lag site for DR purposes.
Just for clarification purposes, would I need a separate IP
subnet i.e IP subnet that isn't assigned to any other site in AD to create
this?
All my existing IP Subnets are assigned to existing Sites
which are used for normal replication, so I am assuming my question will
result in a yes.
Does anyone have any recommended guides to follow
thanks frank
________________________________
Relax. Yahoo! Mail virus scanning
helps detect nasty viruses!
________________________________
Brings words and photos together (easily) with
PhotoMail
- it's free and works with Yahoo! Mail.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000336
Posts:0
| | 03/06/2006 11:35 AM |
| I also said, I have to spend my time and money wisely.
I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these major AD DR players should commission a study.... heck maybe MSFT should for both AD and Exchange Mailboxes.
I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results.
I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone.
Thanks again,
Todd
________________________________
From: deji@xxxxxxxxxxxxxx [mailto:deji@xxxxxxxxxxxxxx]
Sent: Mon 3/6/2006 2:09 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
He does NOT "have to save the company money", he says.
That's MY money you are talking about there, bucko! :)
Seriously, Todd, you do have to understand that a vast majority of IT shops
don't have budget for their IT folks to be as productive as they desire to
be. This is why people tend to be as creative and conservative as possible.
They want to stay as native as humanly possible and as painful as the
exercise tend to be, they typically can't do anything about it. When
management expects you to squeeze water out of rocks, you hardly have much
options.
The "Lag Site" concept is not a replacement for specialized recovery
solutions. But, the concept came about as a result of people realizing that,
much as they like the Quests and Netpros of this world, the steep price
associated with them makes those products out of reach. If you've seen the
"California Cows" commercials, you will begin to understand how much people
salivate over professional tools. So, what's a poor admin to do? Especially
when his/her CIO has just played golf with a buddy who has just read
something from, say, Gartner, preaching the benefits of "DR", and the CIO now
wants DR implemented like, oh, say, one week ago without any additional
funding?
"Lag Sites" are NOT as expensive as any of the other options. Where budget
constraint is a factor, the "Lag Site" concept is the next best thing for any
AD Admin. The fact that it requires some expertise to successfully implement
and utilize IS a big plus rather than a drawback. If you are going to
administer any sizeable enterprise where DR is essential, you better start
knowing something about the inner workings of the things you are claiming to
be administering. Come to think of it, the vendors who market these
specialized recovery tools are not engaged in voodoo. By learning how things
work, you may not need to pay their "protection" money any longer.
OK, now I've said too much ;)
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Myrick, Todd
(NIH/CC/DNA) [E]
Sent: Mon 3/6/2006 10:36 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
I don't really look at problems from the "Trying to Save Money Approach"....
I try to spend my money and use my time wisely.
I base all my value judgments on the following factors.
1. Does it value people?
2. Is it priced acceptably? (I value dominate designs, but also feel that
some innovative features are worth more if they offer added value)
3. Is the solution timely?
4. Does the solution offer reproducible results?
AD lag site restores seem a little advanced for general operators to be able
to perform. To me restore operations are an operator job not an engineer's
so I want a solution that offers value to operators.
The standard "Free" AD solution to restore objects has a lot of CLI, it
doesn't restore all the attributes, it takes more time to implement, it
requires a DC be rebooted, it lacks the ability to restore single attributes,
and groups. The lag site approach seems okay initially, but it requires more
dedicated hardware that has to be maintained, it complicates the AD design in
a "unnatural way", it requires knowledge of the AD site architecture to
properly implement (You have to force replication to the rest of the forest)
and takes longer to implement a restore operation... (The use might be out in
china, where your lag site might be in the UK).
For me I wanted the ability to quickly restore objects using a turnkey
solution that I can delegate to trusted operators to perform. A dedicated
person to do this task would cost about 30 to 40K per year. My base thinking
is that would work between 10K to 20K up front, and about 3 to 5% overhead
each additional year. I gain the ability to restore all objects and
attributes, as well as groups and their memberships. I can restore these
objects at the site the user resides, I don't have to reboot a DC to do this
operation, and I free up the engineer to be an engineer not an operator.
So my priorities are different than yours..... and so are my
responsibilities. I don't have to save the company money.
Notice I didn't say lag sites don't work, but the number of steps involved to
do an authoritative restore compared to using a third-party product designed
for the job and the possible end results are akin to shooting a bullet and
throwing one.
Yeah you probably hit the target both ways.... But I think my way is more
accurate, has better range, and gets the job done a lot faster and has the
potential to be more effective with less skill.
Todd Myrick
________________________________
From: Frank Abagnale [mailto:abagnale_lists@xxxxxxxxx]
Sent: Saturday, March 04, 2006 5:47 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
Todd,
You mentioned 'potentially has the ability to create more problems'
Could you outline the problems that are on your mind?
I see Lag Sites as a solution to save the business money from purchasing a
solution, but I still need to think about business risk if such a solution
was to be implemented.
Frank
"Myrick, Todd (NIH/CC/DNA) [E]" wrote:
Agreed.
Not a big fan of the "Lag-Site", I think it potentially has the
ability to create more problems. At least MS added some limited
functionality in 2003, now if they would just finish the job in Vista this
topic might goto rest. (Are you there Stewart?)
I do see value in Creative Subnetting, when it comes to establishing
multiple sites on a physical network segment to get the KCC to replicate in a
more deterministic manner. Fun to do in the classroom too when teaching
subnetting.
Todd Myrick
________________________________
From: Almeida Pinto, Jorge de
[mailto:jorge.de.almeida.pinto@xxxxxxxxxxxxx]
Sent: Friday, March 03, 2006 11:17 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
7 lag sites? holy sh*t!
would it be much cheaper to use a solution that can undelete the
deleted objects and restore (push back) the attributes?
jorge
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ulf B. Simon-Weidner
Sent: Friday, March 03, 2006 16:59
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
As Jorge mentioned you do not have to follow your physical subnets
for Lag-Sites. Usually you would use that as a guideline, but for lag-sites
you can do a sub-subnetting. AD replication does not care about the physical
structure or TCP/IP-Settings (Subnetmask, Def-Gateway) - it just cares what
you have configured in the sites, subnets and what IP the DC is using. So you
can in a 10.1.x.x network you could configure all servers with 10.1.x.x
IP-Adresses with a Subnet-Mask of 255.255.0.0, however you keep all servers
in one lagsite in the same "virtual subnet" 10.1.9.x and all production
Servers in 10.1.1.x - 10.1.8.x. Remember that all have the default gateway
and subnet mask for 10.1.x.x. But now you create the virtual subnets in AD,
and join 10.1.1.x - 10.1.8.x to the production site, and 10.1.9.x to the
lag-site.. AD-Replication will do what you wanted it to do, even without the
need for routing.
However - and this was the main reason why I wanted to follow up on
this - remember that one lag-site might not be enough. Imagine you configure
your lag-site to replicate every thursday 6pm. So if someone makes an error
deleting a whole OU on e.g. Tuesday, you are recognizing it on Wednesday and
are able to rollback this OU (authoritative restore on the lag site, then
force replication). However if someone deletes a OU on thursday, and you
recognize it on friday (or even thursday 7pm) you have to restore a server
from tape first, because your only lag-site has already replicated that
deletion.
What I prefer is creating two lag-sites, one which replicates in the
middle of the week and one which replicates on the weekend. No matter when
the error will be performed (even right before replication of one of the
lag-sites), we always have a at least half week old copy of the AD in the one
of the Lag-Site. And I've even heard from someone using seven lag-sites for
every day in the week. Perhaps he's jumping into this thread later ;-)
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Frank Abagnale
Sent: Friday, March 03, 2006 4:29 PM
To: Active
Subject: [ActiveDir] AD Lag Sites
Single Forest, Single Domain, W2K3 FFL
I am thinking about setting up a lag site for DR purposes.
Just for clarification purposes, would I need a separate IP
subnet i.e IP subnet that isn't assigned to any other site in AD to create
this?
All my existing IP Subnets are assigned to existing Sites
which are used for normal replication, so I am assuming my question will
result in a yes.
Does anyone have any recommended guides to follow
thanks frank
________________________________
Relax. Yahoo! Mail virus scanning
helps detect nasty viruses!
________________________________
Brings words and photos together (easily) with
PhotoMail
- it's free and works with Yahoo! Mail.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000118
Posts:0
| | 03/08/2006 1:14 AM |
| | Message body was not found. | | | |
| AD000001290
Posts:0
| | 03/08/2006 1:25 AM |
| As I stated earlier, we need to differentiate between
object restores (via lag sites) and true DR (which the MS paper deals with).
Restoring a user differs to the restoration of a DC, which differs again to the
restoration of a domain and/or forest.
Objects can be restored using 3rd party tools (which back
up the database and all attributes regularly) and/or via lag
sites.
True DR needs (IMO) a separate physical location, separate
physical machines along with DR processes and technologies.
Requirements need to be gathered so that the optimal
solution can be found.
What are you trying to achieve?
neilPS I tried to curb my habit of waffling
:)
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of PAUL
MAYESSent: 08 March 2006 13:13To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD Lag
Sites
Hi All,
Forgive me a second whilst I ramble on 'cos this IS going to be a
ramble, then shoot me down in flames at the end!
The problem with DR is getting the data from somewhere. Typically we go
back to tape, which depending on when the last successful backup took place
gives you a bit of a wide window to play with. Not good if you're going back
some 24 hours/days etc...
To get better coverage of times we kicked about with lag sites. Trouble is,
and this has already been noted, replication and timings can scupper the
intentions of lag sites and where do you stop. Is one enough, is one for every
hour of the day enough?
Microsoft released this white paper on fast recovery with AD using SAN's
and disk imaging.
http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx
Now, I'm currently playing with using Microsoft's in-built disk
snapshotting to provide something similar. So on a pure DC server I've set it up
to snapsnot it's disks every hour. And then I get to chose which hour that
I go back to and use as my recovered backup. After all it's the same tech that's
used when you actually do a backup.
No need for a lag site, just pick the hour on the timeline and restore from
that DC. Ok so it means that you might need bigger disk and you can only
snapshot down to 30mins. But if you're a bit creative with a few DC's then you
can get much better coverage than lag sites without the need for more DC's or
creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far
playing with VSS is kind of casting doubt on plans for one or multiple lag
sites. I'm not going to bore with the how's and where's but it might stimulate
some discussion.
Oh and I realise that this is way far from perfect.
Curious to know if anyone has done this or thought about it if nothing
else.
Paul.
Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800
I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these
major AD DR players should commission a study.... heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| tonyszko
Posts:140
| | 03/08/2006 1:31 AM |
| PAUL MAYES wrote:
(...)
No need for a lag site, just pick the hour on the timeline and restore
from that DC. Ok so it means that you might need bigger disk and you can
only snapshot down to 30mins. But if you're a bit creative with a few
DC's then you can get much better coverage than lag sites without the
need for more DC's or creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far
playing with VSS is kind of casting doubt on plans for one or multiple
lag sites. I'm not going to bore with the how's and where's but it might
stimulate some discussion.
(...)
You can't use images or snapshots as a backup\recovery solutions for DC
because You are risking getting into USN roll-back problem. Search
through ActivDir.org archives for USN roll-back and You will find good
explanation of this problem.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| DWyatt@xxxx.yyy
| | 03/08/2006 1:40 AM |
| Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or
both....?
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of PAUL MAYESSent: 08 Mar 2006 13:13To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD Lag
Sites
Hi All,
Forgive me a second whilst I ramble on 'cos this IS going to be a
ramble, then shoot me down in flames at the end!
The problem with DR is getting the data from somewhere. Typically we go
back to tape, which depending on when the last successful backup took place
gives you a bit of a wide window to play with. Not good if you're going back
some 24 hours/days etc...
To get better coverage of times we kicked about with lag sites. Trouble
is, and this has already been noted, replication and timings can scupper the
intentions of lag sites and where do you stop. Is one enough, is one for every
hour of the day enough?
Microsoft released this white paper on fast recovery with AD using SAN's
and disk imaging.
http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx
Now, I'm currently playing with using Microsoft's in-built disk
snapshotting to provide something similar. So on a pure DC server I've set it
up to snapsnot it's disks every hour. And then I get to chose which hour
that I go back to and use as my recovered backup. After all it's the same tech
that's used when you actually do a backup.
No need for a lag site, just pick the hour on the timeline and restore
from that DC. Ok so it means that you might need bigger disk and you can only
snapshot down to 30mins. But if you're a bit creative with a few DC's then you
can get much better coverage than lag sites without the need for more DC's or
creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag
sites. I'm not going to bore with the how's and where's but it might stimulate
some discussion.
Oh and I realise that this is way far from perfect.
Curious to know if anyone has done this or thought about it if nothing
else.
Paul.
Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800
I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these
major AD DR players should commission a study.... heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
� | | | |
| AD000001290
Posts:0
| | 03/08/2006 1:47 AM |
| The MS paper illustrates a way to achieve this without the USN issue.
neil
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tomasz Onyszko
Sent: 08 March 2006 13:30
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD Lag Sites
PAUL MAYES wrote:
(...)
>
> No need for a lag site, just pick the hour on the timeline and restore
> from that DC. Ok so it means that you might need bigger disk and you
> can only snapshot down to 30mins. But if you're a bit creative with a
> few DC's then you can get much better coverage than lag sites without
> the need for more DC's or creative subnetting.
>
> Now I'm going to stand back and be shot down in flames. But thus far
> playing with VSS is kind of casting doubt on plans for one or multiple
> lag sites. I'm not going to bore with the how's and where's but it
> might stimulate some discussion.
(...)
You can't use images or snapshots as a backup\recovery solutions for DC
because You are risking getting into USN roll-back problem. Search
through ActivDir.org archives for USN roll-back and You will find good
explanation of this problem.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tonyszko
Posts:140
| | 03/08/2006 1:49 AM |
| Tomasz Onyszko wrote:
Sorry - I've messed up two different things :(
please forget about this post.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tonyszko
Posts:140
| | 03/08/2006 2:01 AM |
| neil.ruston@xxxxxxxxxxxxx wrote:
The MS paper illustrates a way to achieve this without the USN issue.
Yes, I'm aware of this. Sorry - I'm a bit overloaded and I've read this
post only with "one eye" before replying.
It wasn't my brightest post :( - and there is no re-call option :)
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000118
Posts:0
| | 03/08/2006 2:38 AM |
| | Message body was not found. | | | |
| DWyatt@xxxx.yyy
| | 03/08/2006 4:56 AM |
| Hi
Paul, do you use the disk snapshots to provide the ability to restore an object
or the whole DC (and therefore the whole Active Directory database), or both....?
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of PAUL MAYESSent: 08 Mar 2006 13:13To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] AD Lag
Sites
Hi All,
Forgive me a second whilst I ramble on 'cos this IS going to be a
ramble, then shoot me down in flames at the end!
The problem with DR is getting the data from somewhere. Typically we go
back to tape, which depending on when the last successful backup took place
gives you a bit of a wide window to play with. Not good if you're going back
some 24 hours/days etc...
To get better coverage of times we kicked about with lag sites. Trouble
is, and this has already been noted, replication and timings can scupper the
intentions of lag sites and where do you stop. Is one enough, is one for every
hour of the day enough?
Microsoft released this white paper on fast recovery with AD using SAN's
and disk imaging.
http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx
Now, I'm currently playing with using Microsoft's in-built disk
snapshotting to provide something similar. So on a pure DC server I've set it
up to snapsnot it's disks every hour. And then I get to chose which hour
that I go back to and use as my recovered backup. After all it's the same tech
that's used when you actually do a backup.
No need for a lag site, just pick the hour on the timeline and restore
from that DC. Ok so it means that you might need bigger disk and you can only
snapshot down to 30mins. But if you're a bit creative with a few DC's then you
can get much better coverage than lag sites without the need for more DC's or
creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag
sites. I'm not going to bore with the how's and where's but it might stimulate
some discussion.
Oh and I realise that this is way far from perfect.
Curious to know if anyone has done this or thought about it if nothing
else.
Paul.
Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800
I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these
major AD DR players should commission a study.... heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
� | | | |
| DWyatt@xxxx.yyy
| | 03/08/2006 5:29 AM |
| What MS paper?
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
neil.ruston@xxxxxxxxxxxxx
Sent: 08 Mar 2006 13:46
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
The MS paper illustrates a way to achieve this without the USN issue.
neil
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tomasz Onyszko
Sent: 08 March 2006 13:30
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD Lag Sites
PAUL MAYES wrote:
(...)
>
> No need for a lag site, just pick the hour on the timeline and restore
> from that DC. Ok so it means that you might need bigger disk and you
> can only snapshot down to 30mins. But if you're a bit creative with a
> few DC's then you can get much better coverage than lag sites without
> the need for more DC's or creative subnetting.
>
> Now I'm going to stand back and be shot down in flames. But thus far
> playing with VSS is kind of casting doubt on plans for one or multiple
> lag sites. I'm not going to bore with the how's and where's but it
> might stimulate some discussion.
(...)
You can't use images or snapshots as a backup\recovery solutions for DC
because You are risking getting into USN roll-back problem. Search
through ActivDir.org archives for USN roll-back and You will find good
explanation of this problem.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ -
(EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tonyszko
Posts:140
| | 03/08/2006 9:45 AM |
| Wyatt, David wrote:
What MS paper?
http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en
At the end of this document You will find information how to do this. As
Jorge pointed today on our chat on IM this document is not addressing
potential SYSVOL issue after such restore so BurFlags should come into play:
http://support.microsoft.com/kb/290762
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| DWyatt@xxxx.yyy
| | 03/09/2006 12:43 PM |
| Cheers Tomasz.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tomasz Onyszko
Sent: 08 Mar 2006 21:39
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD Lag Sites
Wyatt, David wrote:
> What MS paper?
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4
209-8ED2-E261A117FC6B&displaylang=en
At the end of this document You will find information how to do this. As
Jorge pointed today on our chat on IM this document is not addressing
potential SYSVOL issue after such restore so BurFlags should come into
play: http://support.microsoft.com/kb/290762
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ -
(EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000203
Posts:0
| | 03/27/2006 2:12 AM |
| Hi all,
Sorry, I am way late weighing in on this one. I implemented some lag
sites for our AD and wanted to chime in.
We have a small AD - five DCs 4 at our hub and one at a remote office.
We have 52 sites but WAN pipes are fast enough so we don't need to
distribute DC's.
The boss wanted some Security Principal DR.....object level recovery.
I leveraged our Virtual Server boxes located in our hub site to stand up
three additional DCs in three separate sites (lagone, lagtwo and
lagthree) all three are GCs. So as you can see the additional cost was
only for OS licenses. This cost the City less than putting dual
monitors on our desktops. I don't consider my time as an additional
cost because I would be working anyway. Lagone replicates on Monday,
Lagtwo on Wednesday, and Lagthree on Friday....all three at midnight.
Site links are configured as such.
I found a script on the net to toggle on / off the NIC, so I use a
scheduled task to toggle it on at Midnight, force replication and toggle
it off. Turning off inbound replication on the Lagsite servers doesn't
stop forced replication from replicating changes to the boxes, hence the
reason I toggle the NIC.
Ultrasound and MOM bitch a little because they can't communicate with
the LAG site servers at all times, but sometimes MOM doesn't know best.
Now for recovery....at this shop, as with most other shops I have worked
at, our operators don't have the skill sets to perform
recoveries......of any type.....and don't have the aptitude or desire to
learn. Unfortunately this is a government job and we can't just can
them. Because the boxes are on Virtual Server I can connect to them
remotely....even with the NIC turned off. Recovery takes around 10
minutes and doesn't require taking down a production DC. With the
enhancements in NTDSutil with 2003 SP1 we no longer have to worry about
running the authoritative restore twice....once to recover the user
object and the second time to restore the groups the user was a member
of. One authoritative restore and bang were done.
We don't have a Global AD....but how many shops do? My thought is if
you have a global AD you probably have the funding to purchase a third
party product. IMO the majority of AD implmentations are small to
medium size businesses and probably don't have the funding for say a
Quest Recovery Manager.
I may have left something out. It has been months since this was
implemented. If anyone has any question feel free to contact me.
If you can poke holes at my lagsite(s) implementation please do. I
learn new stuff everyday....
Shawn Hayes
GCWN, MCSE NT/2000/2003 - Messaging
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Wyatt, David
Sent: Thursday, March 09, 2006 7:43 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] AD Lag Sites
Cheers Tomasz.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tomasz Onyszko
Sent: 08 Mar 2006 21:39
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] AD Lag Sites
Wyatt, David wrote:
> What MS paper?
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4
209-8ED2-E261A117FC6B&displaylang=en
At the end of this document You will find information how to do this. As
Jorge pointed today on our chat on IM this document is not addressing
potential SYSVOL issue after such restore so BurFlags should come into
play: http://support.microsoft.com/kb/290762
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ -
(EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
************************************************************************
****
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
************************************************************************
****
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|