Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Ryan,
But the assumes that the person behind Steve-O know what he or she is doing!
--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:ehKsE5NCFHA.1084@tk2msftngp13.phx.gbl...
> Steve,
>
> You did notice Paul's comment about every DC being a GC... If you just
> added more DC's you may not have done anything to designate others as GCs.
> You want to make sure that you have one GC in every site you have
> designated and two if you have all your DCs in one site.
>
> Do read the articles that Paul has listed below but you needn't get too
> hung up on role placement unless you have multiple domains in your forest
> or a very high load of object creation/ destruction.
>
> Of course... It is always a good idea to be mindful of the best practices
> so you don't get into trouble later should your environment grow. (If you
> leave that company someday, you don't need the next person in there going
> on and on about you not doing things correctly. <smirk>)
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Steve-O" <SteveO@discussions.microsoft.com> wrote in message
> news:0022ABCD-02CE-468B-9D2E-5776129E67DD@microsoft.com...
>> thx for the answers...i think im good. Im thinking about new server
>> just
>> for the specific role of PDC and dns...so if/when this old hag of a
>> server
>> dies i wont have to bother with downtime.
>>
>> thanks again for the tips/articles!!
>>
>> "ptwilliams" wrote:
>>
>>> I would move them all to one good server.
>>>
>>> In enormous environments, it is sometimes recommended to spread them
>>> about.
>>> But I can't really see any benefits to doing this.
>>>
>>> > Also i was wondering what each of these control. (When my pdc goes
>>> > down
>>> > ...no one can login to the network...is there something set wrong?)
>>>
>>> Only the PDCe directly affects the users. The enterprise roles are very
>>> infrequently used, and only then for very specific purposes. The RID
>>> role
>>> is needed, and you will notice it's missing after a while; although only
>>> if
>>> you make lots of new security principles. The Infrastructure role, in
>>> your
>>> environment, is not used. It is only used in multi-domain environments
>>> where not all DCs are GCs.
>>>
>>> Unless you have mainly legacy clients, I suspect that your PDC problem
>>> is
>>> actually a DNS problem. All internal clients should point to more than
>>> one
>>> internal DNS server (usually DCs). You should also have a minimum of
>>> two
>>> GCs and at least one per site. In your environment (single domain) I
>>> would
>>> make all DCs GCs.
>>>
>>> Here's a couple of article's I've written that may help out. These also
>>> point to a bunch of MS KBs:
>>> -- http://www.msresource.net/content/view/13/46/ (info on FSMO roles)
>>> -- http://www.msresource.net/content/view/14/46/ (info on the GC/ IM
>>> issue)
>>> -- http://www.msresource.net/content/view/28/47/ (move FSMO roles)
>>> -- http://www.msresource.net/content/view/25/47/ (configure a GC)
>>>
>>>
>>> --
>>>
>>> Paul Williams
>>>
>>> http://www.msresource.net/
>>> http://forums.msresource.net/
>>>
>>> "Steve-O" <SteveO@discussions.microsoft.com> wrote in message
>>> news:90664D16-2F6A-48AA-B7E3-8F0C84269D91@microsoft.com...
>>> I have a PDC that has all the roles in a single domain (rid,
>>> pdc,infrastruc).
>>> I fear my pdc is getting along in age and i want to transfer these
>>> rolse
>>> off
>>> it so if it dies...i dont have a hassel. Is it better to move them all
>>> to
>>> one stable server? or can i spread them out to different servers. I
>>> have 4
>>> dc's (3 win2k, 1 win2k3). Also i was wondering what each of these
>>> control.
>>> (When my pdc goes down ...no one can login to the network...is there
>>> something set wrong?)
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>
>