stamandster
Profile
Forum Role: Member
Topics Started: 15
Replies Created: 171
Forum Replies Created
-
AuthorPosts
-
Re: CN=Infrastructure
It’s similar to my having a OU called BEServer with a type of serviceConnectionPoint.
It’s harmless.
Re: DNS Issues with Child Domain DC
The the PDC emulator happen to restart itself during the time you were gone?
I’m guessing you restarted the child DC?Re: Point an FQDN to public ip Address
He doesn’t have to make his internal FQDN the same as his external one. It seems that he simply wants his public IP to be able to connect to internal services.
But, port forwarding could be the option to use. Make sure you only allow the ports you actually need open to only the IP addresses you are going to use these services on. The smaller the allowed hole the better off you will be.
You could also setup your server in a DMZ zone. But then that get’s into more complication.
However, if you’re going to do anything like RDP, etc. I would suggest using a VPN connection instead of something just wide open.
Re: Point an FQDN to public ip Address
lol… Only for a certain server I would imagine. Like HTTP/HTTPS/FTP right?
Re: Newbie – AD – Setting up a new DC ?
Agreed. You could also host your Terminal Server Licensing one though.
November 18, 2008 at 4:01 pm in reply to: Samba printer on MAC cannot print to Windows printer #280219Re: Samba printer on MAC cannot print to Windows printer
How many Mac’s? Could you just do IP printing?? Are these Mac’s connected to the AD domain?
It seems as though they aren’t authenticating properly in order to be able to see the SMB shares.
Look into here to see if you can find any info on it that will point to your issues.
http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx
Re: Point an FQDN to public ip Address
You want your WAN IP to route to a certain LAN IP on your network and to be accessible from the outside world?
Re: Newbie – AD – Setting up a new DC ?
I would imagine that the server doesn’t have to be a domain controller. Just capable of providing Terminal Services.
How do users “dial” into the remote desktop? Through VPN, RAS or Network? Because that would change things slightly.
What I can tell you is that you should probably load up a server with W2k3 of your choice (I think standard should be fine, however you may need to use Enterprise) and get that ready with all required updates. And then install Terminal Services. You will most likely have to upgrade to more licensing. You’ll also want to check on what will be needed more of, licensing for specific computers or for specific users.
The issue is that you won’t necessarily be able to load balance on the fly with this setup. It’ll have a different IP address and server name. Microsoft doesn’t exactly make it easy.
However, there are some options —
http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part1.html
http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part2.htmlhttp://technet.microsoft.com/en-us/library/cc779736.aspx
http://technet.microsoft.com/en-us/library/cc757253.aspxAnd third party tools like this
http://www.2x.com/loadbalancer/Here’s some other info for Windows 2000
http://www.netadmintools.com/art247.html
http://www.netadmintools.com/art248.htmlThis should get you on the road to where you are looking to go. But, please test, test, and test this in a test environment. That way you don’t hose your production systems. The thing that you’re company needs to realize is that this isn’t something that will be done within a quick time frame and could possibly cost many thousands of dollars. Is it really a necessity?
November 18, 2008 at 1:19 pm in reply to: Deleted Active Directory integrated DNS comes back after restart #280216Re: Deleted Active Directory integrated DNS comes back after restart
I believe that you can tell it that only DNS will be authoritative.
Something along these lines
November 18, 2008 at 11:14 am in reply to: Deleted Active Directory integrated DNS comes back after restart #280215Re: Deleted Active Directory integrated DNS comes back after restart
This is a design of AD when it comes to the _Msdcs zones, is that what you are talking about?
What you could to do is make one server authoritative and then it will replicate out from that authoritative DC to the rest of the DC’s. I would do it with the one that holds the FSMO roles.
Do a MS TechNet search on making a DC authoritative.
Re: Printer Share Disapears
Aha! So I was right, well, so far.
Let us know what happens.
Re: RSM script sometimes not setting a variable
What about letting it wait until it get’s a variable and then continue?
Re: Folder Security
I also recommend robocopy. Using the /mir will get the permissions.
Re: Installing in SQL in 2003 STD with DC
From what I remember Microsoft does not recommend installing SQL server on any domain controller. Well that and having DHCP on the same box (well, when it’s setup a certain way). But people will do what they want.
Re: Best practices for restarting a Domain Controller
I’m sorry if I was rash in my conclusions. It’s true I was only getting your insight. I do appreciate it.
However, I wasn’t going to explain our whole IT infrastructure in one post. We have procedures in place in the event of any server (or other hardware) failure. I didn’t explain that because it’s just known in the world of business IT.
We use WSUS to tell us what updates are available to our servers only. We have a patch management vendor who patches all our workstations. We take their lead since they are the experts in the area. We patch each of our server manually but we can’t reboot them during the day for obvious reasons. So we go through a list of which will reboot the next day and such is that. But I wasn’t going to go into that procedure either. We also feel that having WSUS rebooting the production server (via policy or registry) is completely irrational.
And yes I’ve had old DC’s go down after reboots. Like an old NT4 (behemoth dual 900mhz Pentiums with 1gb of ram, oooh) box that just had a disk bite the big one. But it was initially rebooted because of actual errors, not just maintenance.
I understand that on some boards that with some people post count can be a sign of actual understanding of an area of expertise. Then there’s the opposing side where there are some who post non-sense just to get a high post count. But neither are an indication of actual knowledge and wisdom in any area.
And, just because one company does something differently doesn’t neccessarily mean that the other companies who don’t are wrong. It’s just that they’ve researched and found something that ultimately works for them just fine for them.
I suppose I should have brought this subject after before my “trolling” post count was greater in number.
Re: Best practices for restarting a Domain Controller
Oh, well, we have backups in place. I don’t see why the PDC emulator will be going down from a routine reboot, but I suppose it could happen. Besides I can also just seize roles if it really comes down to it.
I feel like I’m getting the third degree newbie admin replies. Believe me I’m not I’ve been doing this for years. I just wanted to get others viewpoints.
And the reasons for the reboots are basically for updates. Not really any other reason.
Re: GPO Permissions Needed
Microsoft also only recommends using robocopy to stabilize a NTFRS issue with the Sysvol share.
So in essence disabling NTFRS on all DC’s and then using robocopy to copy a good copy to the sysvol.
Also you have to make sure that you gpt.ini version is the same as what’s your AD backend through adsiedit. Either one or the other, doesn’t really matter, just make sure they’re the same.
Re: Best practices for restarting a Domain Controller
They all have enough time to reboot without glitching the network. And the only real error is one for someone trying to login without it being up.
I just was not sure if there was something else that I might be missing or if anyone had more experience in that. We’ve always just restarted without incidence.
A weekly schedule has seemed to help the health of the server. We also do a weekly defrag and chkdsk.
Re: AD 2003 login issue
It does sound like a DNS issue. Almost as if the workstations can’t see the second domain controller to be able to log into it.
I would make sure that your DNS servers have each other in the Name Servers tab in the configuration properties of the Zone (both forward and reverse). Check to make sure there are no DNS errors.
On both run to check for issues.
Code:dcdiag /v /fix > C:dcdiag.log
netdiag /v /fix > C:netdiag.logAfter you do this run in cmd just for good measure on both DC’s (not at the same time mind you)
ipconfig -flushdns && ipconfig -registerdns && net stop dns && net start dns && net stop netlogon && net start netlogon
[/CODE]Flush and Register DNS or restart the workstations. Then take down the FSMO masterR :)
Check this out for some good info
[url]http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbl_fsm_cfyf.mspx?mfr=true[/url][CODE]
ipconfig -flushdns && ipconfig -registerdns && net stop dns && net start dns && net stop netlogon && net start netlogon
[/CODE]Flush and Register DNS or restart the workstations. Then take down the FSMO masterR :)
Check this out for some good info
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbl_fsm_cfyf.mspx?mfr=trueRe: Printer Share Disapears
First off assign it an IP address (obviously unused; the proper subnet, gateway and dns addresses, if you need to add the printers supplied name manually to DNS, make sure there isn’t an IP address in there for something else) and make sure that it’s in a reserved section of your IP range or create a reservation for just that IP.
I would attach the printer to a couple workstations as an IP printer to see if it dies after a day or two. If it doesn’t then it’s possible the print server has an issue.
I’ve seen issues where a printer is given an assigned IP address that conflicts with some switch or other printer on the network and create this issue. The printer prints but then eventually times out. When it goes to sleep you can’t get to it anymore because the other IP had taken precedence.
Re: Question about "my" logon script.
I too have the option to use GPO to set drives. However, GPO is flakey at times and it doesn’t do what it should do. So I use login scripts as well. However I use AutoIT.
All it is is management overhead. Do you want to have to manage many multiple scripts or have them wait a second longer to process a select/case statement?
-
AuthorPosts