Re: DC and DHCP question(s)
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 02/04/05
- Next message: Clayton Sutton: "Active Directory and Exchange acct. creation Automation"
- Previous message: Cary Shultz [A.D. MVP]: "Re: DC and DHCP question(s)"
- In reply to: Dan: "Re: DC and DHCP question(s)"
- Next in thread: ptwilliams: "Re: DC and DHCP question(s)"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 22:07:57 -0500
You might want to take a spin over to the Webcasts ( webotopia, as my wife
calls it! ) for the 14-week webcasts on Group Policy. They really get into
it. I would suggest this. There are also webcasts for Active Directory
replication ( and just about everything else ).
Here are a couple of links:
http://www.microsoft.com/seminar/events/series/grouppolicy.mspx
http://support.microsoft.com/Default.aspx?id=325542
http://support.microsoft.com/?id=325531
http://support.microsoft.com/?id=325534
http://support.microsoft.com/?id=325513
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "Dan" <gill_daniel@yahoo.com> wrote in message news:urPnilHCFHA.3592@TK2MSFTNGP09.phx.gbl... > Thanks Cary, > > And you guessed it, I am quite green. I had training on NT 3.5 way back > when > was primarily a Unix Admin. With NT training of course have carried the > concepts forward. I have been out of the computing arena for many years > and > got back in after 9/11. Of course in my current job we have a unix server > but also SBS2K which is one server all menu driven... too easy for my > tastes. Growth has moved us to win2k3 and multiple servers. Trying to > schedule classes now but newsgroups have been very helpfull. > > Tks for the write-up....This one goes in my files > > Dan > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message > news:%236LZnYDCFHA.1888@TK2MSFTNGP10.phx.gbl... >> Dan, >> >> Please do not misunderstand this: if you are running a network with five >> Servers and you do not know what a Global Catalog is ( and have never > heard >> of it ) then I might suggest that you do some serious reading! >> >> In your post you are not clear on some very basic concepts. Again, >> please >> do not misunderstand me. It is not my intention to be critical of you ( > or >> anyone else, for that matter ). It is just a bit surprising to me that >> someone as 'green' as you is in charge of an AD environment. >> >> So, let's clean away some of that green-ness! That would be good! >> >> In Windows 2000 and Windows 2003 there is not really the concept of > Primary >> and Backup like there was in Windows NT Server 4.0. You can write to the >> database on any Domain Controller. The database is a file called >> ntds.dit >> and it is located in C:\windows\ntds in WIN2003 and c:\winnt\ntds in > WIN2000 >> ( just for your info! ). All of the domain controllers in the Forest ( > you >> have domain trees that comprise the forest ) replicate two of the Naming >> Contexts, or Partitions. These two Partitions are the Schema NC and the >> Configuration NC. The Domain Controllers in the same domain will > replicate >> the Domain NC. So, what does this replication mean? It means that if >> you >> create a user account object on DC01 within a few moments it will > replicate >> to DC02. AD Replication is based on incoming connection objects. So, in >> the event of two Domain Controllers ( DC01 and DC02 ) you would have two >> incoming connection objects: one coming in from DC02 to DC01 and one > coming >> in from DC01 to DC02! One of the cool things about the replication in >> Active Directory is that only the attribute that was changed is >> replicate. >> In WINNT 4.0 it was the entire 'object' that replicated. >> >> Furthermore, Active Directory has several FSMO Roles, or Flexible Single >> Master Operations Roles. There are five of them, to be exact. There are >> two Forest-wide roles and three Domain-wide roles. The two Forest-wide >> roles are the Schema Master and the Domain Naming Master. The three >> Forest-wide roles are the PDC Emulator, the RID Master and the >> Infrastructure Master. All of them have specific roles. The major one >> of >> interest for day-to-day work is the PDC Emulator ( and possibly the RID >> Master ). >> >> There is also something called a Global Catalog Server. This holds a >> partial replica of all the objects.Okay, so what is this term 'objects' > that >> I am using. Well, an object is a user account or a computer account or > the >> incoming connection object. Each object has a set of attributes. An >> example of the user account objects attributes ( and the corresponding >> values ) might look something like: cn, first name, last name, display > name, >> company, street address, city, state, zip code and mail. The Global > Catalog >> Server would hold a partial replica of this. Assuming that the list of >> attributes that I just listed was the exhaustive list for a user account >> object ( clearly not the case ) then the GC would have, for example, the >> first name, the last name, display name and mail only. >> >> DNS is the major thing in AD. If your DNS is not correctly set up and >> configured then you are going to have a world of fun times! AD needs the >> SRV records to located services ( such as the Global Catalog Server or a >> Domain Controller ). This must be absolutely correct. >> >> There is something called Group Policy that really facilitates the life >> of >> the Administrator. You can make a bunch of settings and deploy a bunch >> of >> applications through Group Policy. No more going from computer to > computer >> to computer to do this. However, DNS must be top notch for this to work. > A >> Group Policy object is comprised of two halves: the Group Policy Template >> ( GPT ) that resides in the shared SYSVOL folder and the Group Policy >> Container ( GPC ) that actually resides in Active Directory ( in the > Domain >> Naming Context that I mentioned earlier ). Each replicates to the other >> Domain Controllers differently ( the GPT via FRS and the GPC via Active >> Directory Replication ). Additional, there are two sides to each policy: >> one side affects only computers and one side affects only users. >> >> This is probably enough for the moment. >> >> You might want to take a spin over to my web site ( I am still working on >> the activedirectory-win2000.com site and have not even started on the >> grouppolicy-win2000.com site yet....sorry ) for some information. >> >> If you have any questions please feel free to post them.....you know >> where >> to reach us. >> >> -- >> Cary W. Shultz >> Roanoke, VA 24014 >> Microsoft Active Directory MVP >> >> http://www.activedirectory-win2000.com >> http://www.grouppolicy-win2000.com >> >> >> >> "Dan" <gill_daniel@yahoo.com> wrote in message >> news:ORwuHy9BFHA.1424@TK2MSFTNGP09.phx.gbl... >> >I have a network w/ 5 win2k3 servers. >> > >> > server1 roles are DC, DNS, DHCP >> > server2 roles are DC (backup I hope), DNS, WINS, File/Print Sharing >> > server3 roles Exchange server >> > server4 roles Application Server, Terminal Services License Server >> > server5 roles Terminal Services. >> > >> > The reason for DC on server1 and server2 of course was backup. I don't >> > know >> > if this works in Win2k3 or not but what the hey. My questions are: >> > 1. does this look like a valid setup? >> > 2. for backup on DHCP should I run DHCP on another server and split the >> > scopes between the two? >> > 3. Should I only have one DC/DHCP/DNS server and hope to hell it never >> > goes >> > down? >> > >> > Dan >> > >> > >> >> > >
- Next message: Clayton Sutton: "Active Directory and Exchange acct. creation Automation"
- Previous message: Cary Shultz [A.D. MVP]: "Re: DC and DHCP question(s)"
- In reply to: Dan: "Re: DC and DHCP question(s)"
- Next in thread: ptwilliams: "Re: DC and DHCP question(s)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
