Ricky, all the information that you are searching for can be found
either on the provided links or in the books that I mentioned, keep in
mind that for each AD environment the configurations may change, first
try to understand how things work and how should be used for each
environment.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
inline
Question: Still about GC we have almost one server per site
(location) where exists a number of users = or > 15 users.
Doubt:
A) Should we keep implementing this kind of topology?
If you have exchange or any other app that needs GC you probably need
a GC, if you don't check:
http://www.windowsnetworking.com/kb...andnotuseuniversalgroupmembershipcaching.html
or you can assign these subets for these remote offices a an existing
Site with a DC
Note: A very good url. I've learn and understand quite well when to use
or not GC. Thanks
I would like to be as you once it seems you find the right link
quickly. What's the secret?...
B) Set up the servers with AD and CG or just AD?
As I told you before with only 1 domain/forest, I think that all DCs
could be GCs without any problems.
Question: Depending on the bandwidth available, right?
C) I don't know if exists any kind of formula that could help IT
System Administrators calculating/have an ideia when to buy a ser to
alocate in sites (locations) based on the number of users? (I've read
in the first link you've write they talk about 500 users for a GC but
I didn't understand very well this issue)
There're some tools that did that type of statistics, but in some
cases end up with servers without job to do that justified their
investment. As I told you bedore depends on many other things.
Question: Nevertheless can you advice me some tools that do that type
of statistics so I can test them and learn a little more?
D) Is the GC more used when exists more than one domain at a forest?
The GC is always used by Apps that need a GC, or by users that do UPN
logon, queries, etc...
In multiple domain scenario you have more information replicated to
the GC because the GC also stores a partial, read-only replica of all
other domain directory partitions in the forest.
The global catalog is a distributed data repository that contains a
searchable, partial representation of every object in every domain in
a multidomain Active Directory forest
Others Questions(sorry):
A) Where can I see/read what are the best requirements for a server
with Windows 2003+AD
MS Web site.
Question: You're right it exists at microsoft site
(
http://technet.microsoft.com/en-us/windowsserver/bb430827.aspx) but it
doesn't say what raid to use
B) Where can I see/read what are the best requirements for a server
with Exchange 2007
MS Web Site.
Question: You're right it exists at microsoft site
(
http://technet.microsoft.com/en-us/windowsserver/bb430827.aspx) but it
doesn't say what raid to use
By the way is better having AD and Exchange in the same server or
distinguish servers for a storage solution?
Keep Exxchange away from a DC, meaning that exchange shouldn't be in
the same server that plays the DC role.
Question: Nevertheless the DNS and DHCP service should stay at the same
machine that contains AD, right?
C) How can I monitor AD replication? (just by replmon or repadmin or
it exists a better tool(s)?...)
These should be enough; repadmin in this case can achieve that job
easily through a simple scheduled batch file
Question: Can you send me that batch file, please?
(
[email protected])
D) At users and computers -> operations masters -> RID (? what stands
for) |
PDC (primary domain controller right?) | Infrastructure (what for?)
check
http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
Note: Once more a good advice url so people like me (newbies) can
learn. Thanks.
[]'s
Ricky
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Inline
Note: Good links. I've learn a lot. Thanks
The pleasure was mine
Question: Can you give/advice url/sites (microsoft for ie) where I
can get/read that kind of comparison?
For direct compare I don't know any document; however you can take
your own conclusions based on your experience and documentation.
http://technet2.microsoft.com/windo...c368-46c2-b017-caf25ae150ec1033.mspx?mfr=true
I know I've been asking many question and you Jorge have been
always giving a Good help (thanks). I wonder if you don't mind I
ask 2 more questions (I hope no)
They are:
No problem, the pleasure is mine.
Another Question A) When should we select the option global
catalog? Always or depends
based in the issue we need to apply this option (ie: should be
apllied when is pretended the sysvol (directory that holds all the
AD objects) so the authentication on that site could be faster)?
- I think that you need more reading about GCs. Sysvol directory
doesn't hold all AD objects, you also need to read about sysvol and
what is used for. You can check the following links:
http://technet2.microsoft.com/windo...d2a1-4e72-a54f-150483fa885a1033.mspx?mfr=true
http://technet2.microsoft.com/windo...ea05-4bd8-a68c-12cf8fb1af501033.mspx?mfr=true
Note: As always they were good links/stuff to read
In my opinion you should have at least 1 GC per site, if you have
only one domain in your forest, then the cost of having all DCs =
GCs is practically nothing because by default each DC knows
everything about its own domain, so making a DC a GC is just a
matter of setting up a flag and will benefit all Apps (like
exchange), and clients that needs a GC around. Note: Each Forest
needs at least One GC.
Another thing to keep in mind is related with the Infrastructure
Master and you can chek it here:
http://support.microsoft.com/kb/223346
Note: Once again I've been learning a lot in the past few days with
your help/advices. I feel I have a private teacher...
Question: Still about GC we have almost one server per site
(location) where exists a number of users = or > 15 users.
Doubt:
A) Should we keep implementing this kind of topology?
B) Set up the servers with AD and CG or just AD?
C) I don't know if exists any kind of formula that could help IT
System Administrators calculating/have an ideia when to buy a ser to
alocate in sites (locations) based on the number of users? (I've read
in the first link you've write they talk about 500 users for a GC but
I didn't understand very well this issue)
D) Is the GC more used when exists more than one domain at a forest?
Others Questions(sorry):
A) Where can I see/read what are the best requirements for a server
with Windows 2003+AD
B) Where can I see/read what are the best requirements for a server
with Exchange 2007
By the way is better having AD and Exchange in the same server or
distinguish servers for a storage solution?
C) How can I monitor AD replication? (just by replmon or repadmin or
it exists a better tool(s)?...)
D) At users and computers -> operations masters -> RID (? what stands
for) | PDC (primary domain controller right?) | Infrastructure (what
for?)
After this you're going to deserve heaven...
[]'s to my private teacher. A good example how a newbie becomes more
expert.
Thanks
Ricky
Another Question B) Can you advice me any book(s) that could
describe all the subjects we have discuss here?
MSPress, and:
http://www.amazon.com/gp/product/03...&pf_rd_t=101&pf_rd_p=291314201&pf_rd_i=507846
http://www.amazon.com/Active-Directory-3rd-Joe-Richards/dp/0596101732
Once again and isn't enought keep saying: Thanks... Thanks...
Thanks for all the help/patience.
Any time.
Have Fun.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Inline
Question: I did understand your point of view but what I really
need is some white papers or books that could advice me how to
build/organize my OU structure based on my company
departments/hierarchy (some design structure with draws)
You can start here.
http://www.microsoft.com/technet/community/columns/profwin/pw0302.mspx
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
Note: Good links. I've learn a lot. Thanks
Question: I thought the best choice were to program schedule
replication at lunch or late hours like 1am to 7am once at this
time of the day users aren't working so the lines have less
traffic to handle. Nevertheless it seems you don't agree based in
your words. What do you think?...
Not really, I was just giving you a sample to explain how things
could work, however this depends of your real needs and
priorities, in your case if replication of changes and creation of
new objects are less important than WAN traffic then you should go
with that plan and limit the replication to non-business hours.
Question: This article is very good and explains very well how
the dhcp service interacts with dns but what I really need/intend
is to know what is the better option/choice when implementing the
dhcp service. If the network behaves better if the dhcp is
distributed by a server or by a router?...
The behavior could be good in both cases, however there is a
better integration using MS DHCP server in your environment with
DNS.
Question: Can you give/advice url/sites (microsoft for ie) where I
can get/read that kind of comparison?
Question: After I read this articles I've search at google and I
understand that Microsoft® Exchange Server Analyzer Tool is one
of the tools that can see if a server is the first of the domain
or not. Can you advice or recommend other(s) tool(s) could be
better than this one? (If Microsoft® Exchange Server Analyzer
Tool is correct)
For AD there're many free/and builin tools, like, dsquery, dsmod,
dsadd, repadmin, netdiag, replmon, adsiedit, ld, ADModify.net,
etc... depends of your needs, each tool can be used for specific
operations, search on MS web site for Active Directory Tools.
BPA Tools are available for other MS tecnologies, like ISA,SQL,
Exchange... However for Active Directory I don't know any BPA.
--
I know I've been asking many question and you Jorge have been
always giving a Good help (thanks). I wonder if you don't mind I
ask 2 more questions (I hope no)
They are:
Another Question A) When should we select the option global
catalog? Always or depends
based in the issue we need to apply this option (ie: should be
apllied when is pretended the sysvol (directory that holds all the
AD objects) so the authentication on that site could be faster)?
Another Question B) Can you advice me any book(s) that could
describe all the subjects we have discuss here?
Once again and isn't enought keep saying: Thanks... Thanks...
Thanks for all the help/patience.
[]
Ricky
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Hi
Check inline:
1. How should we arquitect our active directory based on
organization units (need examples and good white papers)
A) Should AD / OU be build based on group policy?
The three main reasons to create OUs are:
-Delegation of control, administer GPO and to hide objects.
-If you understand this you can answer to your own question.
Question: I did understand your point of view but what I really
need is some white papers or books that could advice me how to
build/organize my OU structure based on my company
departments/hierarchy (some design structure with draws)
B) For better jobs assign should the OU be manage by a group
of IT team and other OU by other tecnichians?
???
Delegation of control is generally given to Security Groups,
because you only do it one time and then just add the users to
that security group.
2. The actuall distribution list allow to a "normal" user add
himself to a group at other group that it doesn't belong. How
to correct this issue in the this fresh AD?
- To avoid situations like this one, Create a OU that has the
security groups, and give access to that OU only to the person
or group of users that are allowed to manage these security
groups.
3. We have some locations with servers but other don't. Should
we create a subnet for each location/ip address or just create
a subnet where exists servers?
- You should create and assign each existing subnet to a given
site.
- Sites and subnets play a very important role in user
authentication, AD replication, File replication, COs, etc... So
make sure that you've everything correctly setup.
- Remember you can't associate a site link with a WAN link;
however you use your network routing configuration to provide
the correct information to ADSS. So configure your routers to
provide the correct redundancy, by defining the priorities and
links to failover, then go to ADSS and based on that information
configure your site link cost (when you have multiple site
links).
4. How often should sites replicate with each other?
- Inter-site replication should occur when your WAN schedule is
available, more replications per hour means less replication
traffic per hour, so is up to you to decide what best suits in
your environment.
Question: I thought the best choice were to program schedule
replication at lunch or late hours like 1am to 7am once at this
time of the day users aren't working so the lines have less
traffic to handle. Nevertheless it seems you don't agree based in
your words. What do you think?...
5. Should be the router distributing the dhcp service or should
be the server? What is the better choice?... and why.
- Windows DHCP service suits better with DNS check:
http://technet2.microsoft.com/windo...c368-46c2-b017-caf25ae150ec1033.mspx?mfr=true
Question: This article is very good and explains very well how
the dhcp service interacts with dns but what I really need/intend
is to know what is the better option/choice when implementing the
dhcp service. If the network behaves better if the dhcp is
distributed by a server or by a router?...
6. In the actuall network infraestructure how can I see/do
tests so I can be sure what was the first PDC to be build in
the actuall network design?
There's not PDC and BDC concept in AD. However there's an
PDCemulator that emulates the old PDC for legacy clients, you
can find more info about FSMO roles at:
http://support.microsoft.com/kb/223346
http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm
Question: After I read this articles I've search at google and I
understand that Microsoft® Exchange Server Analyzer Tool is one
of the tools that can see if a server is the first of the domain
or not. Can you advice or recommend other(s) tool(s) could be
better than this one? (If Microsoft® Exchange Server Analyzer
Tool is correct)
7. When should we select the option global catalog? Always or
depends based in the issue we need to apply this option?
8. Can you advice me any book(s) that could describe all this
subjects and must more so I can learn and became more like you
and others who have good knowledge about this issues?...
Thanks for all the help and patience/important knowledge you
passed me by.
[]
Ricky
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Hi
At work we thought to build a fresh/new active directory with
windows 2003 enterprise edition/exchange 2003 and isa 2004. But
we have the following doubts:
1. How should we arquitect our active directory based on
organization units (need examples and good white papers)
A) Should AD / OU be build based on group policy?
B) For better jobs assign should the OU be manage by a group
of IT team and other OU by other tecnichians?
2. The actuall distribution list allow to a "normal" user add
himself to a group at other group that it doesn't belong. How
to correct this issue in the this fresh AD?
3. We have some locations with servers but other don't. Should
we create a subnet for each location/ip address or just create
a subnet where exists servers?
4. How often should sites replicate with each other?
5. Should be the router distributing the dhcp service or should
be the server? What is the better choice?... and why.
6. In the actuall network infraestructure how can I see/do
tests so I can be sure what was the first PDC to be build in
the actuall network design?
I hope someone have the patience/courage to help me out on this
issues.
Good work week,
Thanks
Ricky
