I guess a big question is, with Nethserver is.. does it "just work" or is there a setting that needs to be selected? Not sure if this is the default behaviour or not.
Mostly this. I haven't done anything with it yet and before I invest the time, I'd like to know if it possible and/or how difficult it is, especially since a co-worker claims that it did not and he went with IIS to get the same task done (and then he sat there cursing the whole day because he doesn't like Microsoft products).
Sorry, I think we're interpreting the word cluster differently here. When I read that I though you were talking about Microsoft Cluster Server - which is a different technology than multiple domain controllers. He had three domain controllers.
In that case, how do you recover from something like this? Since the FSMO roles are on a 2003 server, do you start running through the various esentutl.exe commands?
Right, I'm talking about an AD application cluster (the set of domain controllers for one domain.) SBS has to be the root controller in order to work. And if you have a cluster (this isn't AD specific but is a general thing about clustering) you can't do restores. If you restore a cluster node like this, you corrupt the entire cluster in many cases, if you are lucky just one node. AD DCs form a database cluster under the hood, which is how they handle failovers, but that means that you have to protect them like a normal database cluster and let them resync from a rebuild, never do a restore.
Hrm, fast-clone. Probably time to try out a Btrfs based file server at home.
It's good stuff.
Yeah, I know brtfs is the way to go, I just haven't tried it out yet myself. Starting out on IRIX with XFS back in the day makes me a too nostalgic.
I still use XFS for everything.
When will be the right time to switch to btrfs then? We know it's been stable for long enough that it's becoming the default in a number of distributions now, but has it really been battle tested well enough yet?
Also, should we maybe make another thread for the btrfs discussion?
The answer here is you do not switch. You install a distro letting it do its native thing by default and less you have an over arcing huge reason to override defaults. So you will get this when you install a new system that now has it as a default.
openSuse, for example, has had it as default for two years.
Really though, I prefer XFS for anything that isn't a storage machine. VMs need something mature, stable and light. XFS does that well.
But does your preference mean that you will override a default installs choice just because that is your preference?
Using anything but default should have very clear reasons because the first time somebody besides you have to troubleshoot it there will be big problems.
I would often, yes actually. XFS is not like an odd, unsupported option. It's just not the default. It's still completely core to openSuse's design. They simply had to pick which one they were going to use when someone did not choose one or the other and they opted for extra features over lean design for those that don't know which they want, which I think makes sense. Just like CentOS opts for the simplicity of using root for administration instead of sudo, but makes it super easy to enable sudo. It's not default, but it's fully supported. They just had to choose something as default.
No substantial changes have been made during the last couple of weeks. Just a few new users and password changes plus maybe 2 or 3 new machine accounts. Some clients and servers now refuse to authenticate users during login due to the well known "trust could not be established between..." error.
Where you still getting those errors after you powered down the broken DC? I'm guessing not since you moved forward with the install of another DC.
Nope. Only "missing that other DC" errors now, which is fine. I've got some crappy internet connection (free WiFi in the train, next to no 3G/4G signal) here and can't check the current state. but it was fine half an our ago.
OK, reading your OP, it seemed that you were getting those errors after turning off the broken DC, but since you're not - seems like you found a good solution.
Hello Guys, I seem to have found the solution to this issue. By default, Azure has no ports open and that was why i was getting the errors. To solve this problem, i had to create an endpoint for the Virtual machine that had Spiceworks installed in it and open ports 389 and 636 TCP.
Now spiceworks syncs and authenticates with the AD on Azure and on premise.
that's why I was asking for specific VPN details. A VPN on the servers bypasses the Azure ports. A site to site VPN hits the "outside" of the servers and has ports blocked.
When we work strictly from Windows Server Core installations we need to be able to do everything from the command line, even user management. Let's add a user that already exists into a group that already exists in Active Directory using only PowerShell.
To do this we have the handy Add-ADGroupMember PowerShell commandlet. This is very easy to use in its basic form, all we need is the name of the group and of the user that we want to add. In this case, I want to add user jane to the group "Domain Admins".
Add-ADGroupMember "Domain Admins" jane
That's it, jane is added automatically. This process, like most, is silent on success. To verify that all is as we want it to be, we can use the Get-ADGroupMember command to look up the members of a group.
Get-ADGroupMember "Domain Admins"
Can also do
Add-ADGroupMember -identity "Domain Admins" -members "jane" -WhatIf
to see if it gets added before actually running the command.
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
Those options are generally only there is RSAT is installed.
Well, sure. I guess I should keep reminding people about my location. Online services like storage don't work because of the price we'd have to pay for a connection. Making the server and storage both online (preferably in the same data center) is just so much easier.
Samba is quite capable of running AD, but what about management options or multi-site environments?
What is the issue with management (the Windows tools should work with it) and what happens with multi-site?
Sorry, didn't see your question because of the formatting. FTFY.
Like I said, the whole topic is just about discussing valid alternatives for the typical SMB / EDU environment. I was aware that Samba 4 got full DC capabilities, at least when it comes to authentication. I did not know about its GPO support and other things like replication between "DC"s or the possibility to use Microsoft's RSAT tools for management.
@coliver (and you) mentioned one can use RSAT for management. That's good and would mean that the Samba4-team is trying hard to get to a high level of compatibility. How to say... looks like a perfect replacement for a real DC.
Back to your question, multi-site (and/or subdomain) is a quite important feature in case you got a branch office, for example.
I've run many branch offices with no local DC. AD authentication is extremely light traffic wise. installing software via GPO could give you problems, or needing a local server for file access might be needed, but and AD in most branch offices isn't. Unless your branch is like 100+ people.
you can put Linux fileservers in branch offices to handle the load locally.
Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.