Re: DC and DHCP question(s)

From: Dan (gill_daniel_at_yahoo.com)
Date: 02/01/05 

Date: Tue, 1 Feb 2005 11:15:49 -0500

Thanks Cary,

And you guessed it, I am quite green. I had training on NT 3.5 way back when
was primarily a Unix Admin. With NT training of course have carried the
concepts forward. I have been out of the computing arena for many years and
got back in after 9/11. Of course in my current job we have a unix server
but also SBS2K which is one server all menu driven... too easy for my
tastes. Growth has moved us to win2k3 and multiple servers. Trying to
schedule classes now but newsgroups have been very helpfull.

Tks for the write-up....This one goes in my files

Dan
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%236LZnYDCFHA.1888@TK2MSFTNGP10.phx.gbl...
> Dan,
>
> Please do not misunderstand this: if you are running a network with five
> Servers and you do not know what a Global Catalog is ( and have never
heard
> of it ) then I might suggest that you do some serious reading!
>
> In your post you are not clear on some very basic concepts. Again, please
> do not misunderstand me. It is not my intention to be critical of you (
or
> anyone else, for that matter ). It is just a bit surprising to me that
> someone as 'green' as you is in charge of an AD environment.
>
> So, let's clean away some of that green-ness! That would be good!
>
> In Windows 2000 and Windows 2003 there is not really the concept of
Primary
> and Backup like there was in Windows NT Server 4.0. You can write to the
> database on any Domain Controller. The database is a file called ntds.dit
> and it is located in C:\windows\ntds in WIN2003 and c:\winnt\ntds in
WIN2000
> ( just for your info! ). All of the domain controllers in the Forest (
you
> have domain trees that comprise the forest ) replicate two of the Naming
> Contexts, or Partitions. These two Partitions are the Schema NC and the
> Configuration NC. The Domain Controllers in the same domain will
replicate
> the Domain NC. So, what does this replication mean? It means that if you
> create a user account object on DC01 within a few moments it will
replicate
> to DC02. AD Replication is based on incoming connection objects. So, in
> the event of two Domain Controllers ( DC01 and DC02 ) you would have two
> incoming connection objects: one coming in from DC02 to DC01 and one
coming
> in from DC01 to DC02! One of the cool things about the replication in
> Active Directory is that only the attribute that was changed is replicate.
> In WINNT 4.0 it was the entire 'object' that replicated.
>
> Furthermore, Active Directory has several FSMO Roles, or Flexible Single
> Master Operations Roles. There are five of them, to be exact. There are
> two Forest-wide roles and three Domain-wide roles. The two Forest-wide
> roles are the Schema Master and the Domain Naming Master. The three
> Forest-wide roles are the PDC Emulator, the RID Master and the
> Infrastructure Master. All of them have specific roles. The major one of
> interest for day-to-day work is the PDC Emulator ( and possibly the RID
> Master ).
>
> There is also something called a Global Catalog Server. This holds a
> partial replica of all the objects.Okay, so what is this term 'objects'
that
> I am using. Well, an object is a user account or a computer account or
the
> incoming connection object. Each object has a set of attributes. An
> example of the user account objects attributes ( and the corresponding
> values ) might look something like: cn, first name, last name, display
name,
> company, street address, city, state, zip code and mail. The Global
Catalog
> Server would hold a partial replica of this. Assuming that the list of
> attributes that I just listed was the exhaustive list for a user account
> object ( clearly not the case ) then the GC would have, for example, the
> first name, the last name, display name and mail only.
>
> DNS is the major thing in AD. If your DNS is not correctly set up and
> configured then you are going to have a world of fun times! AD needs the
> SRV records to located services ( such as the Global Catalog Server or a
> Domain Controller ). This must be absolutely correct.
>
> There is something called Group Policy that really facilitates the life of
> the Administrator. You can make a bunch of settings and deploy a bunch of
> applications through Group Policy. No more going from computer to
computer
> to computer to do this. However, DNS must be top notch for this to work.
A
> Group Policy object is comprised of two halves: the Group Policy Template
> ( GPT ) that resides in the shared SYSVOL folder and the Group Policy
> Container ( GPC ) that actually resides in Active Directory ( in the
Domain
> Naming Context that I mentioned earlier ). Each replicates to the other
> Domain Controllers differently ( the GPT via FRS and the GPC via Active
> Directory Replication ). Additional, there are two sides to each policy:
> one side affects only computers and one side affects only users.
>
> This is probably enough for the moment.
>
> You might want to take a spin over to my web site ( I am still working on
> the activedirectory-win2000.com site and have not even started on the
> grouppolicy-win2000.com site yet....sorry ) for some information.
>
> If you have any questions please feel free to post them.....you know where
> to reach us.
>
> --
> Cary W. Shultz
> Roanoke, VA 24014
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Dan" <gill_daniel@yahoo.com> wrote in message
> news:ORwuHy9BFHA.1424@TK2MSFTNGP09.phx.gbl...
> >I have a network w/ 5 win2k3 servers.
> >
> > server1 roles are DC, DNS, DHCP
> > server2 roles are DC (backup I hope), DNS, WINS, File/Print Sharing
> > server3 roles Exchange server
> > server4 roles Application Server, Terminal Services License Server
> > server5 roles Terminal Services.
> >
> > The reason for DC on server1 and server2 of course was backup. I don't
> > know
> > if this works in Win2k3 or not but what the hey. My questions are:
> > 1. does this look like a valid setup?
> > 2. for backup on DHCP should I run DHCP on another server and split the
> > scopes between the two?
> > 3. Should I only have one DC/DHCP/DNS server and hope to hell it never
> > goes
> > down?
> >
> > Dan
> >
> >
>
>

Relevant Pages

  • Re: Migrating Active Directory fom Win2000Srv to Win2003Srv standard
    ... Transfer the Schema Master Role ... type the name of the domain controller that will be ... How to view and transfer FSMO roles in Windows Server 2003 ...
    (microsoft.public.windows.server.migration)
  • Re: DC and DHCP question(s)
    ... but also SBS2K which is one server all menu driven... ... > database on any Domain Controller. ... > have domain trees that comprise the forest) replicate two of the Naming ... > roles are the Schema Master and the Domain Naming Master. ...
    (microsoft.public.windows.server.general)
  • Re: DC and DHCP question(s)
    ... but also SBS2K which is one server all menu driven... ... > database on any Domain Controller. ... > have domain trees that comprise the forest) replicate two of the Naming ... > roles are the Schema Master and the Domain Naming Master. ...
    (microsoft.public.windows.server.active_directory)
  • Re: DC and DHCP question(s)
    ... but also SBS2K which is one server all menu driven... ... > database on any Domain Controller. ... > have domain trees that comprise the forest) replicate two of the Naming ... > roles are the Schema Master and the Domain Naming Master. ...
    (microsoft.public.windows.server.dns)
  • RE: Name server
    ... You need to migrate ALL FSMO (Flexible Single Master Operations) Roles to ... Secondary DNS Server to your current DNS Server. ... then demote your original Domain controller by running DCPROMO on it - ...
    (microsoft.public.windows.server.general)