|
ghostinmyshell posted:How are you guys dealing with Microsoft Accounts and their integration into Windows 8/Office 2013 at the work place? with whiskey
|
# ? Mar 17, 2014 21:20 |
|
|
# ? May 14, 2024 22:06 |
|
Don't ask, don't tell.
|
# ? Mar 17, 2014 21:21 |
|
ghostinmyshell posted:How are you guys dealing with Microsoft Accounts and their integration into Windows 8/Office 2013 at the work place? Ignoring them, since my users do too.
|
# ? Mar 17, 2014 21:27 |
|
By putting all the group policies that have something to do with them to NOOOOOOOOOOO
|
# ? Mar 18, 2014 00:11 |
|
peak debt posted:By putting all the group policies that have something to do with them to NOOOOOOOOOOO Do you have some links so I could do the same?
|
# ? Mar 18, 2014 00:16 |
|
For Windows: http://technet.microsoft.com/en-us/library/hh831424.aspx and Office: http://technet.microsoft.com/en-us/library/jj715259(v=office.15).aspx
|
# ? Mar 18, 2014 00:32 |
|
Caged posted:For Windows: Thanks. I just had the store blocked, but people were going nuts because they couldn't update the metro apps.
|
# ? Mar 18, 2014 01:05 |
|
So, next year's "let's finally get a Windows domain and put all our workstations in AD" project just got bumped to "ASA-motherfucking-P." I'm a Linux sysadmin and know very little about Windows Server tasks. How screwed am I, and what can I quickly read in the next two or so weeks to make it less likely that future sysadmins here will want to murder me for screwing things up? I'm being afforded time to make a test environment first, but I'm only going to get a few weeks to learn my way around it before needing to take a realistic shot at the real thing. Everything in the building already talks to our LDAP servers, how different could AD be?
|
# ? Mar 18, 2014 19:41 |
|
McGlockenshire posted:So, next year's "let's finally get a Windows domain and put all our workstations in AD" project just got bumped to "ASA-motherfucking-P." Quoting myself from another thread Docjowles posted:When I randomly got thrown into the Windows admin deep end, these two books were a huge help. They don't assume advanced knowledge. But from what I remember they don't include any exercises or mini labs like you're talking about, either. They just walk you through the different features and tools, how to use them, troubleshooting etc. I actually learn best the same way as you, by doing. You can always invent projects of your own to lab up, like "set up a basic domain controller and get my Win 7 client VM joined to it. Create a domain user and allow them to log in. Manage some desktop settings by group policy. Create a new DNS zone. Create a DHCP server. Make the client PC use those."
|
# ? Mar 18, 2014 19:47 |
|
McGlockenshire posted:So, next year's "let's finally get a Windows domain and put all our workstations in AD" project just got bumped to "ASA-motherfucking-P." Aside form the books linked above, DO NOT use .local on your domain name. DO NOT DO THIS.
|
# ? Mar 18, 2014 19:57 |
|
ghostinmyshell posted:How are you guys dealing with Microsoft Accounts and their integration into Windows 8/Office 2013 at the work place? I literally only know one person who uses an MS Account with Win 8 and it's not a co-worker.
|
# ? Mar 18, 2014 20:11 |
|
LmaoTheKid posted:Aside form the books linked above, DO NOT use .local on your domain name. DO NOT DO THIS. Why? .local literally could be anything at all, .fart, .goatse, etc. It doesn't matter. Don't use .com or whatever your external FQDN is unless you're willing to do split DNS. Otherwise go hogwild.
|
# ? Mar 18, 2014 20:16 |
|
Gyshall posted:Why? .local literally could be anything at all, .fart, .goatse, etc. It doesn't matter. I think the big issue for using "internal" names is this: http://www.digicert.com/internal-names.htm
|
# ? Mar 18, 2014 20:21 |
|
Maneki Neko posted:I think the big issue for using "internal" names is this: That is why you run your own certificate authority on your network instead of using a third party for internal certs.
|
# ? Mar 18, 2014 20:39 |
|
We really going to do this again? Use a subdomain of your DNS name. If you are contoso.com make your AD domain ad.contoso.com or corp.contoso.com or .net or .org Do not use fake TLD's.
|
# ? Mar 18, 2014 20:47 |
|
.local is also a reserved name for the mDNS protocol, of which OS X is probably the most common user. So there can be Weird poo poo (TM) if you use .local and have Mac clients. Plus internet sperglords will yell at you. Save yourself the hassle and just create a subdomain of your main, public domain name and use that for AD.
|
# ? Mar 18, 2014 20:47 |
|
Thanks for the book recommendations! And yeah, either a subdomain or an unused corporate domain name (we use .com and own .net and .org but do nothing with them) were already planned for use, avoiding .local due to the aforementioned problems... probably read it in one of the ticket threads. We already do a bunch of split zone DNS stuff. Urk... does Windows Server have to manage DNS and DHCP? McGlockenshire fucked around with this message at 20:55 on Mar 18, 2014 |
# ? Mar 18, 2014 20:52 |
|
Fifteen years of managing Active Directory domains (with Macs) and this is all news to me, so edit: quote:The connection of Macintosh and Linux computers and/or zeroconf peripherals to Windows networks can be problematic if those networks include name servers that use .local as a search domain for internal devices. That is actually quite hilarious on Microsoft's part. At any rate, I've manage about 200 clients, all with .local as their Active Directory domain, so there is that.
|
# ? Mar 18, 2014 20:52 |
|
Is the built in wiki software on sharepoint 2013 worth a poo poo?
|
# ? Mar 18, 2014 21:09 |
|
Docjowles posted:Save yourself the hassle and just create a subdomain of your main, public domain name and use that for AD. Beating the dead horse, but do this. ad.example.com or whatever. I would kill for the chance to setup a clean brand new domain. The amount of legacy poo poo issues I have came across here is amazing.
|
# ? Mar 18, 2014 21:11 |
|
If you use a subdomain there's the problem of naming though. You could call your domain COMPANY and log on as COMPANY\username but then your FQDN is company.company.com which looks stupid. Or you use ad.company.com as FQDN, but then your accounts are AD\username which also looks stupid. Or you could use company.com as the domain, but then your website won't work from internal IPs! You can't win
|
# ? Mar 18, 2014 21:46 |
|
Netbios names and the actual domain don't have to be the same. You can also use UPN suffixes so everyone logs in with their email address as the username.
|
# ? Mar 18, 2014 21:48 |
|
peak debt posted:Or you could use company.com as the domain, but then your website won't work from internal IPs! You can't win This is what is currently setup here. As I have discovered, there is a DNS entry for WWW pointing towards our webserver for internal...
|
# ? Mar 18, 2014 21:48 |
|
My very first NT->Win2k migration, it was taking forever, so we were going to come back in and finish the setup in the morning. I made the dude I was working with swear up and down not to touch anything until I got there. The next screen was supposed to be the one where we choose our new domain name. He wasn't good with Windows, he was a Novell guy. I'd been studying to do this for weeks and weeks. I come in the next morning and the migration is complete. He went through and did it. Our new internal domain? apps.company.com. The domain controller also ran some applications for us and was called APPS. I yelled at him for a good 10 minutes. Couldn't really be changed. What a moron.
|
# ? Mar 18, 2014 21:54 |
|
McGlockenshire posted:Urk... does Windows Server have to manage DNS and DHCP? No. The only reason to do so is to have AD integrated DNS, which replicates records to other servers hosting AD integrated zones. The DC's should register their service records to any DNS zone so long as they have the rights to.
|
# ? Mar 18, 2014 21:59 |
|
I can't think of a reason not to run DHCP and DNS on Windows servers if you're going to build an AD environment. 2012 does proper HA DHCP, handles dynamic updates etc. If you set it up properly it's very solid and has all the features you're likely to need.
|
# ? Mar 18, 2014 22:58 |
|
DHCP doesn't need to be on Windows servers at all, but if you want to do DNS on something other than domain controllers you're signing up to a lifetime subscription to "WHY IS MY LOGON SLOW / WHY ARE MY CERTIFICATES NOT WORKING" tickets.
|
# ? Mar 18, 2014 23:03 |
|
Also you can limit the scope of what Windows handles to just your Windows machines and internal AD records. Then have it forward DNS queries for other zones to another resolver. If you have a zillion DNS records in a BIND instance or whatever and it's working just fine, you don't HAVE to migrate that to Windows. Similar for DHCP; put the workstations off in their own VLAN that can't see your other DHCP server and manage that separately if you want. Although that sounds like a lot of work unless you already have a lot of tooling/automation and whatnot around your existing DHCP infrastructure that you don't want to throw away. edit: And yeah, you don't HAVE to run DHCP from Windows at all. Getting the automatic DNS record updates from it is neat, though.
|
# ? Mar 18, 2014 23:08 |
|
Rhymenoserous posted:Is the built in wiki software on sharepoint 2013 worth a poo poo? Depends on who is using it. We usually use MediaWiki/DokuWiki for documentation, Sharepoint for end-user wiki stuff.
|
# ? Mar 18, 2014 23:08 |
|
Docjowles posted:Also you can limit the scope of what Windows handles to just your Windows machines and internal AD records. Yeah this is a good way of doing it and what I have experience with. You should always put DNS on domain controllers or you're just asking for problems and slowness, but definitely forward anything non DC-related to another DNS server if you want to use bind or something.
|
# ? Mar 18, 2014 23:10 |
|
CLAM DOWN posted:Yeah this is a good way of doing it and what I have experience with. You should always put DNS on domain controllers or you're just asking for problems and slowness, but definitely forward anything non DC-related to another DNS server if you want to use bind or something. Good, this is exactly what we'll need to do. We do a lot of split views in our existing convoluted setup and there's no way I'm going to willingly migrate all of that. I'm already having to maintain multiple zone files and syncing some up with Route 53, adding Windows into that would probably explode my head. I'll just plan on delegating the suddomain and call it good. Docjowles posted:Similar for DHCP; put the workstations off in their own VLAN that can't see your other DHCP server and manage that separately if you want. Although that sounds like a lot of work unless you already have a lot of tooling/automation and whatnot around your existing DHCP infrastructure that you don't want to throw away. Yeah, that's pretty much the case. We already have two dozen VLANs and appropriate firewall rules, and I'm trying to not make things more complex in that regard - especially if it'd mean having to route all of the traffic through the firewall for every single workstation to anything outside, which isn't currently the case. We also indeed have some reporting tools set up around DHCP leases... as long as I can make the event log talk to my syslog server (which looks feasible), I can adapt that reporting though. I also keep forgetting that powershell is a thing, so I could hypothetically just automate the entire migration... hah. "Just."
|
# ? Mar 19, 2014 00:18 |
|
McGlockenshire posted:So, next year's "let's finally get a Windows domain and put all our workstations in AD" project just got bumped to "ASA-motherfucking-P." In addition to the other recommendations, Learn Active Directory Management in a Month of Lunches by Richard Siddaway just came out. I participated in the manuscript review process, so I haven't seen the final version yet, but the last version they sent out for review was nearly complete and I found it to be a pretty good resource. It's more focused on day-to-day tasks than the theoretical/architectural aspects of AD, so you'd want to find other resources for those, but it does a good job covering the basics/essentials. Now, for a question of my own: Am I remembering correctly that, at least on Server 2008 R2, running ADUC from %SystemRoot%\system32\dsa.msc or %SystemRoot%\SysWOW64\dsa.msc should launch mmc.exe as a 64-bit process? And you have to specifically run it as dsa.msc -32 if you need to run ADUC inside a 32-bit mmc.exe for some reason?
|
# ? Mar 19, 2014 16:33 |
|
I'm setting up a highly available RDS cluster with 2012 R2, I've got load balanced gateways and 2 connection brokers configured with HA So I've got 2x Connection Brokers 2x RD Gateway 4x RD Session hosts This is split between two different vmware clusters, each with half of the session hosts, 1 connection broker and one gateway. I'm finding that even when I turn off the servers in one of the vmware clusters, the RD broker that remains still tries to connect me to the session hosts that are now unavailable After what seems to be half an hour it starts directing my sessions to the correct 2 servers that are still up. Are the timeouts configurable for session host availability? I can't seem to find any way to make it stop attempting connections to those 2 that are down within a reasonable timeframe.
|
# ? Mar 20, 2014 04:29 |
|
My boss wants me to update every user in Active Directory with their address and phone numbers (approx 300 users). We have all the address and phone number information in csv format. What is the best way to import this information into Active Directory? I was thinking maybe dumping Active Directory to a csv with their ID (is it objectSid or sAMAccountName?), matching up the info in the csv and then importing it back via a powershell script? kiwid fucked around with this message at 13:34 on Mar 21, 2014 |
# ? Mar 21, 2014 13:29 |
|
kiwid posted:My boss wants me to update every user in Active Directory with their address and phone numbers (approx 300 users). We have all the address and phone number information in csv format. What is the best way to import this information into Active Directory? Do you guys use Exchange? We talked about doing that but then privacy concerns came up such as everyone in the company now knowing where you live.
|
# ? Mar 21, 2014 13:40 |
|
GreenNight posted:Do you guys use Exchange? We talked about doing that but then privacy concerns came up such as everyone in the company now knowing where you live. We do, and actually this request was made by the CEO so that the Global Address List has this information available. And by addresses, I mean branch address, not personal addresses.
|
# ? Mar 21, 2014 14:12 |
|
theperminator posted:I'm setting up a highly available RDS cluster with 2012 R2, I've got load balanced gateways and 2 connection brokers configured with HA Are you using Network Load Balancing (NLB) for the HA? If it is similar to 2008 R2 you can run NLB in one of two modes, unicast or multicast. VMware suggests using mulitcast mode. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556
|
# ? Mar 23, 2014 22:39 |
|
for anyone who wants to learn more about Windows OS deployment, there's a good event on MSVA with an all-star cast of MVPs. It's about win8, but pretty much everything applies to win7. There's download links if you don't want to watch it in the browser. http://www.microsoftvirtualacademy.com/training-courses/windows-8-1-deployment-jump-start#?fbid=Z5pgJaQqgwP
|
# ? Mar 23, 2014 23:33 |
|
kiwid posted:We do, and actually this request was made by the CEO so that the Global Address List has this information available. And by addresses, I mean branch address, not personal addresses. If its only 300 peeps, learning scripting will help you accomplish this. But really you're at the 300 people size and you could use a tool like ADmodify.net (http://admodify.codeplex.com/) to mass update everyone.
|
# ? Mar 24, 2014 01:30 |
|
|
# ? May 14, 2024 22:06 |
|
kiwid posted:My boss wants me to update every user in Active Directory with their address and phone numbers (approx 300 users). We have all the address and phone number information in csv format. What is the best way to import this information into Active Directory? For one-off things, I usually just do it in excel rather than scripting. Have a list of user names in one column, the addresses in a second column, and make the third column something like code:
AreWeDrunkYet fucked around with this message at 11:03 on Mar 24, 2014 |
# ? Mar 24, 2014 02:34 |