Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Kevin RemdeFull of I.T.@KevinRemde
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
Below I’ve pasted an edited and cleaned up copy of the Q&A from the webcast I delivered on March 20th: Best Practices for Designing the Active Directory Structure.
BIG thank you to Chris Henley for handling the Q&A on the backend, and who’s work this really represents.
“Will this webcast be available for download at a later time?”
Yes it will, you can go to www.microsoft.com/webcasts
“Is there a good definitive resource for Active Directory Deployments?”
Good Question! I like the Active Directory Deployment Guide located here http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
“What about Desktop Deployments?”
I always use the info located on the followign link. http://www.microsoft.com/technet/desktopdeployment/inframan/inframanad.mspx
“Are there any other webcasts that focus on Active Directory?”
There are tons. I would Recommend Michael Murphy's Active Directory Series as a great resource or Chris Henley's Migrating to Active Directory and of course Kevin Remde's Administration series. Links to these can be found here: http://www.microsoft.com/events/AdvSearch.mspx?EventsAndWebcastsControlName=As1%3AAdvSrc&As1%3AAdvSrc%3AAudienceID=0&As1%3AAdvSrc%3AProductID=2e759425-9c39-421a-b53c-3f78ca563707&As1%3AAdvSrc%3AEventType=OnDemandWebcast&As1%3AAdvSrc%3ACountryRegionID=en%7CUS%7CUnited+States&StateProvinceID=0&As1%3AAdvSrc%3ATimeframeID=-1&As1%3AAdvSrc%3ASearchFilter=%C2%A0+Go+%C2%A0
“If application requires different schema, would it be better to use ADAM and provision using something like IIFP?”
That is a good possibility. You could also of course run separate Forests. It really depends on network requirements. It is certainly nice that we have the ADAM option.
“Most of the AD designing concepts applies to ADAM as well?
In theory yes. However, ADAM generally is used to provide AD access to applications and not to build network hierarchy. See the following http://technet2.microsoft.com/WindowsServer/en/Library/05c4f979-41c0-40d7-8687-2549d214643e1033.mspx
“I'm looking for standard policies to apply on kiosk machines, do we have set of policies can be downloaded from web?”
Start with this interactive GPMC training which illustrates the use of policy on a KIOSK. Then you can begin making your own choices for configuration. http://www.microsoft.com/windowsserver2003/techinfo/training/gpmctraining.mspx
“Will we be able to download this webcast for viewing?”
“Yes, you will be able to access this webcast on demand and have the ability to download in 24 hours at www.microsoft.com/webcasts.
“What Program are you using to get this nice graphics - Sorry for the off the wall question ;)”
It is actually just a PowerPoint presentation.
“Application( Outlook 11) is looking for GC or PDC to open??”
I believe it is looking for a simple domain controller only.
“What if all DCs are also GCs?”
It really depends on the size and the structure of the organization.
“We want to use DFS at all branch locations. Would you recommend a DC at those locations to limit traffic across the WAN link?”
Interesting question. If you think about it, putting a DC at a branch office would actually increase the total traffic because it would add replication traffic. The traffic reductions would come from authentication traffic. Unfortunately there is no right or wrong answer. Yo need to look at the traffic on your network and then make the decision.
“Always in my segment, a user always have to press retry to open Outlook (DC2 is a in the segment)what U think is wrong??”
It sounds like a rpc issue try the information here. http://support.microsoft.com/default.aspx?scid=kb;en-us;325930
“Hey Kevin - Where are you getting your Circles and Domain graphics?”
We have a content development team that does all of the initial creation for us, so I really don't know how they perform that graphical magic.
We run Server 2003 here at Cherry Hill East High School and I need to get word
to all the students about a change that is happening here without printing 2200
flyers. I did this before but to only about 20 students. I manually went into
each students profile and drilled down to their startup directory and inserted
a .bmp file so when they logged into the domain, paint would start because of
the extention od the image file and show the message.bmp. Now I have to do this
but not to 20 students but to 2200. Is their a script available or can you tell
me how to do this? I was in AD and saw a object the said "Install this program
at login" I read the discription and it said file or program. I tried it out
but still waiting to see if it worked.
Any feedback would be appreciated!!
I don't know of a script off-hand, but I think you're on the right track. A logon script can assigned using Group Policy to all users (based on the OU or to the domain or site you link the policy object to). I don't know if simply putting a .bmp file in place of the policy script would work (having not tried it), but certainly a one-line batch file that launches some application that displays your message (launching Paint with the required bitmap file loaded) would do the trick.
Anyone else have a suggestion?