|
|
|||||||
Hi, I'am getting some weird results from group memberships. Kix 4.5.3, Windows 2003 SBS, Client XP Pro SP2. It makes no difference if I delete the group token cache (reg) or use /f. So here's the problem... I enum the groups and I get groups I deleted 20 minutes ago. I rebooted the server, they still appear, I reboot my PC they still appear. If I use VBSript and ADSystemInfo object, no problem, right groups. This is driving me insane. I thought about GC cache but reboots should have fixed that issue, besides ADSystemInfo works fine. Anyone know how Kix gets groupmemberships (method), so I could try and reproduce it. Help |
||||||||
|
|
|||||||
You need to check replication on your network or are you only running a single SBS server? Please show the code you're using as well. May have to also check your DNS with tool from MS DNSDIAG and maybe DCDIAG to ensure your AD is operating properly. How many Servers, and how many Sites? |
||||||||
|
|
|||||||
Hi NTDOC, You can only have one DC in SBS. Good news is I found the problem, sadly a piece of debug code I left in during a cut and paste, GRRRRR, one of those days. The script is over 800 lines, after so much testing I rather stupidly assumed all was ok. Thanks |
||||||||
|
|
|||||||
No worries. We all did that once or twice. Sh#t happens. |
||||||||
|
|
|||||||
Originally Posted By: NearZero You can only have one DC in SBS. You can have multiple DCs in SBS, but SBS must be the PDCe. Since SBS is designed for smaller networks, there are few real benefits to a second DC, but it is possible. As for debug code... Code: Global $DEBUG $DEBUG = 1 ; later in the code... If $DEBUG ; do it this way Else ; do it the real way EndIf works well for me. Search for the MSG() udf set here or on my web site for debug messaging/logging functions. Glenn |
||||||||
|
|
|||||||
So then what does SBS recommend in case of a Server failure? Tough Luck? Rebuild entire AD ? |
||||||||
|
|
|||||||
NTDOC, Barnas I should been a little more specific, you can have on one SBS Server within the domain, but you can have other servers. There are restrictions, but off topic. Barnas the offending line was a one off. Thanks but I have debug methods inplace, screen and/or file. The error was really stupid and the result of being tired, I should have hung up the keyboard earlier. Cheers all |
||||||||
|
|
|||||||
Originally Posted By: NearZero ...There are restrictions, but off topic... |
||||||||
|
|
|||||||
Not sure what SBS recommends, but Microsoft is another story.. SBS is really specialized - can only be one SBS in a domain, it must be the PDCe, and while it does support additional DCs, well, to quote their documentation:
I guess, if you run SBS, you need redundant disk and good backups, eh? Glenn |
||||||||
|
|
|||||||
Originally Posted By: Glenn Barnas I guess, if you run SBS, you need redundant disk and good backups, eh? Wow, with all those caviates who would want to chance running their business on such a system. I think if I was THAT cheap I'd try to do it all on Linux or something. If PDC took a dump (which could easily happen) and backups failed (which I've seen to many times in many businesses) you could kiss your business goodbye for a few days or maybe even all together if you also lost important customer data with such a stupid setup. |
||||||||
|
|
|||||||
hmm... the caveats are not totally true (if at all). you can pause the SBS setup at one point and join it to domain as second DC. why it's sooo bad to be forced to replicate logonscripts in multi DC environment? I just wonder where glenn pulled that and did he check the writer of those was an educated person, not just some wacko at the marketing department. and gee, wtf. with SBS you need proper backups? damn that MUST be a bad product! with all the other servers, including windows and linux products run fine forever without backups. at least without proper ones. Doc, you of all should know better. ok, I was a bit offensive, but I just woke up. I have installed lots of SBS servers and I must admit, I don't like them that much. But I found the comments before mine were way biased. |
||||||||
|
|
|||||||
PDC and BDC are non-existing in 2003 domains :P Although we still refer to them as PDC and BDC's they are just DC's. There is no real difference between them anymore, only difference you can actually specify is the Global Catalog roles. |
||||||||
|
|
|||||||
The info was copied/pasted from a MS KB article. I would assume that the writer was somewhat knowledgeable. As for PDC/BDC, the terms are used in reference to SBS in that the SBS server must be the DC that maintains the FSMO roles, and acts as the PDC Emulator (where appropriate). I installed SBS 2K3 "Enterprise" on my VM system and did not find any option to join an existing domain. There is a process where you can halt the SBS install, join a domain, run DCPromo, then seize the FSMO roles and finally complete the SBS install, but SBS won't work (ie - no install of all the other components such as SQL, Exchange, Sharepoint unless the SBS server is the PDCe/FSMO role owner. This is how a "BDC" could help protect an SBS installation, but it's kludgy at best. Glenn |
||||||||
|
|
|||||||
I'm not complaining of backup. I'm complaining that a product that creates an AD infrastructure (so to speak) but does not allow another server to take over all roles and responsibilities is (IMHO) not a good choice. I can see where it would be possible for such a disaster to put a "small" business "out of business". There are many small companies out there that could not survive (financially) a loss of everything like that. The whole point is that a small company probably does not have any dedicated IT Staff and is probably installed by the owner him/herself and that's the end of it and they don't know better. I just think it's not a good choice. |