Re: newbie questions
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Tue, 14 Nov 2006 13:41:16 -0600
"s" <s@xxxxxxxxxxxxxx> wrote in message
news:1163526669.838874.172040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am an absolute newbie to Active Directory and System administration
in general. I have read Active Directory 2nd edition by O Reilly. Can
anybody please give some ideas for a total starter? Should I read more
or should I start experimenting?
Both, but if you have to pick on then experimenting.
You have absorbed a lot of facts in reading that (very good)
book but you now need to apply it.
You need to do a DCPromo on a TEST domain -- i.e.,
one you do NOT intend to use for production and then
try a lot of things. If you don't tear it up and need to
re-install then you aren't trying hard enough.
Bend it, break it, fold it, mutilated it. Both the DC and
Domain.
Your goal is to make as many mistakes NOW as you
can and to learn how to fix them or (better) to avoid
them in the future.
I am going through group archives
which is helping me a lot.
That's good too. Probably the best resource you aren't
mentioning is the BUILT-IN HELP which is excellent.
A good place to start is with the search:
[ checklist Active Directory ]
Or
[ checklist DNS ]
Also, are there any specific points a newbie should be aware of?
A key point: Practically all AD replication and authentication
problems are REALLY DNS issues at heart (assuming you have
basic network functionality.)
Whenever you suspect a DC replication or client authentication
problem IMMEDIATELY THINK: DNS, DNS, DNS*
Your help and time would be highly appreciated.
Sure we are happy to help but generally you have to ask
(specific) questions and that means you have to try things
and then ask about problems and design choices.
What is your ultimate goal with AD? Admin a real domain
you already own (e.g., upgrade from NT), get a job, just
curious, get a promotion where there is already an AD
domain, etc.?
Here is some brief stuff on DNS for AD (that practically
everyone messes up in the earlier learning stages):
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks a lot.
.
- Follow-Ups:
- Re: newbie questions
- From: s
- Re: newbie questions
- References:
- newbie questions
- From: s
- newbie questions
- Prev by Date: Re: ADS changes using JNDI (Java)
- Next by Date: Re: Allowing a domain user account (specify) to add workstation to Windows 2000 domain (SP4)
- Previous by thread: newbie questions
- Next by thread: Re: newbie questions
- Index(es):
Relevant Pages
|
Loading
