Re: DC and DHCP question(s)
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 02/01/05
- Next message: Ian Clark: "Re: ADM Files"
- Previous message: Jimmy Andersson [MVP]: "Re: Thanks Christoffer."
- In reply to: Dan: "DC and DHCP question(s)"
- Next in thread: Dan: "Re: DC and DHCP question(s)"
- Reply: Dan: "Re: DC and DHCP question(s)"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Feb 2005 03:15:07 -0500
Dan,
Please do not misunderstand this: if you are running a network with five
Servers and you do not know what a Global Catalog is ( and have never heard
of it ) then I might suggest that you do some serious reading!
In your post you are not clear on some very basic concepts. Again, please
do not misunderstand me. It is not my intention to be critical of you ( or
anyone else, for that matter ). It is just a bit surprising to me that
someone as 'green' as you is in charge of an AD environment.
So, let's clean away some of that green-ness! That would be good!
In Windows 2000 and Windows 2003 there is not really the concept of Primary
and Backup like there was in Windows NT Server 4.0. You can write to the
database on any Domain Controller. The database is a file called ntds.dit
and it is located in C:\windows\ntds in WIN2003 and c:\winnt\ntds in WIN2000
( just for your info! ). All of the domain controllers in the Forest ( you
have domain trees that comprise the forest ) replicate two of the Naming
Contexts, or Partitions. These two Partitions are the Schema NC and the
Configuration NC. The Domain Controllers in the same domain will replicate
the Domain NC. So, what does this replication mean? It means that if you
create a user account object on DC01 within a few moments it will replicate
to DC02. AD Replication is based on incoming connection objects. So, in
the event of two Domain Controllers ( DC01 and DC02 ) you would have two
incoming connection objects: one coming in from DC02 to DC01 and one coming
in from DC01 to DC02! One of the cool things about the replication in
Active Directory is that only the attribute that was changed is replicate.
In WINNT 4.0 it was the entire 'object' that replicated.
Furthermore, Active Directory has several FSMO Roles, or Flexible Single
Master Operations Roles. There are five of them, to be exact. There are
two Forest-wide roles and three Domain-wide roles. The two Forest-wide
roles are the Schema Master and the Domain Naming Master. The three
Forest-wide roles are the PDC Emulator, the RID Master and the
Infrastructure Master. All of them have specific roles. The major one of
interest for day-to-day work is the PDC Emulator ( and possibly the RID
Master ).
There is also something called a Global Catalog Server. This holds a
partial replica of all the objects.Okay, so what is this term 'objects' that
I am using. Well, an object is a user account or a computer account or the
incoming connection object. Each object has a set of attributes. An
example of the user account objects attributes ( and the corresponding
values ) might look something like: cn, first name, last name, display name,
company, street address, city, state, zip code and mail. The Global Catalog
Server would hold a partial replica of this. Assuming that the list of
attributes that I just listed was the exhaustive list for a user account
object ( clearly not the case ) then the GC would have, for example, the
first name, the last name, display name and mail only.
DNS is the major thing in AD. If your DNS is not correctly set up and
configured then you are going to have a world of fun times! AD needs the
SRV records to located services ( such as the Global Catalog Server or a
Domain Controller ). This must be absolutely correct.
There is something called Group Policy that really facilitates the life of
the Administrator. You can make a bunch of settings and deploy a bunch of
applications through Group Policy. No more going from computer to computer
to computer to do this. However, DNS must be top notch for this to work. A
Group Policy object is comprised of two halves: the Group Policy Template
( GPT ) that resides in the shared SYSVOL folder and the Group Policy
Container ( GPC ) that actually resides in Active Directory ( in the Domain
Naming Context that I mentioned earlier ). Each replicates to the other
Domain Controllers differently ( the GPT via FRS and the GPC via Active
Directory Replication ). Additional, there are two sides to each policy:
one side affects only computers and one side affects only users.
This is probably enough for the moment.
You might want to take a spin over to my web site ( I am still working on
the activedirectory-win2000.com site and have not even started on the
grouppolicy-win2000.com site yet....sorry ) for some information.
If you have any questions please feel free to post them.....you know where
to reach us.
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "Dan" <gill_daniel@yahoo.com> wrote in message news:ORwuHy9BFHA.1424@TK2MSFTNGP09.phx.gbl... >I have a network w/ 5 win2k3 servers. > > server1 roles are DC, DNS, DHCP > server2 roles are DC (backup I hope), DNS, WINS, File/Print Sharing > server3 roles Exchange server > server4 roles Application Server, Terminal Services License Server > server5 roles Terminal Services. > > The reason for DC on server1 and server2 of course was backup. I don't > know > if this works in Win2k3 or not but what the hey. My questions are: > 1. does this look like a valid setup? > 2. for backup on DHCP should I run DHCP on another server and split the > scopes between the two? > 3. Should I only have one DC/DHCP/DNS server and hope to hell it never > goes > down? > > Dan > >
- Next message: Ian Clark: "Re: ADM Files"
- Previous message: Jimmy Andersson [MVP]: "Re: Thanks Christoffer."
- In reply to: Dan: "DC and DHCP question(s)"
- Next in thread: Dan: "Re: DC and DHCP question(s)"
- Reply: Dan: "Re: DC and DHCP question(s)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
