Post #77,631
1/28/03 5:13:15 PM
|
Books on Active Directory design + maintenence needed.
I've already got the Necronomicon and the O'Reilly Shub-Niggurath cover book - any suggestions?
(Seriously, though - I either need some good resources for dealing with that Lovecraftian horror known as AD or a FREE replacement for AD that doesn't involve a major reengineering...)
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989
|
Post #77,632
1/28/03 5:28:32 PM
|
I've always wanted to try basic LDAP instead...
just haven't gotten a round tuit.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #77,805
1/29/03 11:32:33 AM
|
Re: Books on Active Directory design + maintenence needed.
Just out of curiousity, what kind of a network are you running?
on a small LAN, AD is basically a matter of running the AD wizard in the beginning, getting your DNS settings correct and then adding users, printers, etc.
in case you didn't guess, that's about all my AD knowledge
A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|Tune In]
|
Post #77,814
1/29/03 11:47:48 AM
|
Small getting bigger.
Plus some remote users.
50 users, plus 16 remote users. Would like to automate a lot of the crap we're doing, plus we're likely to grow by about 100% in the next two years - so we got some planning coming.
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989
|
Post #77,846
1/29/03 1:47:33 PM
|
Well, you're going to need 'em
I tried to set up two brand new Windows 2000 servers with Active directory. Spent hours reading through the Microsoft help files, reinstalled Win2000 multiple times and ran the AD Wizzard mutiple times, following setup instructions carefully, but the second one would never attach to the first.
Fortunately, the client refused to restructure his email system, knocking AD out entirely, so one new server went to NT as a domain controller and we kept the old NT Exchange server machine as backup domain. The second new server stayed with Windows 2000 to run SQL 2000 for a specialty app.
[link|http://www.aaxnet.com|AAx]
|
Post #77,869
1/29/03 3:04:56 PM
|
Heh.
As y'all probably know, I'm on the way to becoming an MCSE.
Before you all start with the *shun*s, lemme tell you that W2K + AD is a complex beast, and one that for all its "configure your server! It's so easy!" wizards, it needs a thorough knowledge of the system and its consequences to deploy properly first time out.
I can do it - but it's taken a lot of in-depth training and hands-on experience to get to that point.
Now, to address your problems.
The minimum pre-requisites for creating a Windows 2000 domain are:
1. At least one server, and preferably two.
2. An existing DNS namespace, or the ability to create one from scratch.
3. A DNS server with the minimum requirements (IXFR and SRV records - BIND 8.1.2 is the minimum non-Windows DNS server you can use, and Windows NT DNS will not do either. djbdns is not a runner.) All Windows 2000 computers that are to participate in the domain must be using this DNS server.
If you've created your domain (as a new forest) on server DC1, and you want to run DCPROMO.EXE on DC2 to make it a domain controller, then if they're not communicating I would firstly check that DNS is working correctly. I would recommend using a Windows 2000 DNS server.
If it isn't, then you need to revisit that.
If it is, then I would recommend removing AD from both servers by running DCPROMO.EXE and ensuring that forward and reverse lookups work from both computers.
In a pure Windows 2000 environment, you don't need WINS. In fact, I would recommend that you avoid WINS if possible. However, if you have pre-Windows 2000 clients, then you will need WINS because only Windows 2000 onward can use only DNS for name resolution.
So, with fully functional Windows 2000 DNS in place, we can proceed.
Run DCPROMO.EXE on the first budding domain controller, and create your domain as a new forest of domain trees.
Reboot the server.
Now, run DCPROMO.EXE on the second controller, choosing to participate in an existing domain. Choose your domain.
Reboot the server.
Add client computers to the domain, and create user accounts.
Without significant education, Group Policy (that which makes AD worth the pain) is a minefield. Ignore it.
Summary:
Broken DNS is one of the single most prevalent causes of fuxored W2K installations. And what works well enough for interweb browsing may not be sufficient for the more demanding requirements of AD.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #77,879
1/29/03 3:23:35 PM
|
I thought you already were an MSCE
you certainly have the knowledge.
thanx,
bill
will work for cash and other incentives [link|http://home.tampabay.rr.com/boxley/resume/Resume.html|skill set]
"The Mafia was preferable to the state, because it survived by providing services people actually wanted"
Murray Rothbard
|
Post #77,889
1/29/03 3:44:43 PM
|
Four out of seven exams done :-)
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #77,907
1/29/03 4:43:21 PM
|
Hmm. I'll have to research that one.
In a pure Windows 2000 environment, you don't need WINS. In fact, I would recommend that you avoid WINS if possible. However, if you have pre-Windows 2000 clients, then you will need WINS because only Windows 2000 onward can use only DNS for name resolution. I've got a bunch of Win95/98 machines on a Win2K-servered/DDNS LAN with no WINS and they work. Or am I reading too much into that statement? I'll go read up/investigate some more.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #77,910
1/29/03 4:57:18 PM
|
Re: Hmm. I'll have to research that one.
Well, in a non-WINS environment, the boxes that rely on NetBIOS resolution will default to being B-nodes, and will broadcast all NetBIOS requests.
As broadcasts stop at the router, you can't do this in a routed environment.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #77,914
1/29/03 5:03:58 PM
|
Re: Hmm. I'll have to research that one.
Well, in a non-WINS environment, the boxes that rely on NetBIOS resolution will default to being B-nodes, and will broadcast all NetBIOS requests.
As broadcasts stop at the router, you can't do this in a routed environment.
Actually, you can - as long as you don't care about reaching anything beyond the router. End of brainfart :-)
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #77,928
1/29/03 5:44:45 PM
|
Ah. Thanks for the clarification.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
