[SGVLUG] Active Directory and linux

Joel Witherspoon joel.witherspoon at gmail.com
Wed Apr 25 22:43:46 PDT 2012 

1) If they have a second server, even if it's licensed for Windows 2003, go
ahead and use it as a backup. Redundancy is key with AD. Ensure the 2003
has updated GPOs. You can find them here:
http://support.microsoft.com/kb/943729

2) If the second server doesn't work out, have separate partitions
(primaries if you can do it) for the Window OS, NTDS Database (this is the
AD database - CRITICAL), NTDS Log (Holds the transaction database. AD is
SQL based), and SYSVOL (holds the roaming profiles, scripts, launcher
files, etc). Back these partitions every one to two days depending upon how
often you update AD. Backing up AD is not difficult, but it's convoluted
and complicated. Here's more information:
http://technet.microsoft.com/en-us/library/cc771290(v=ws.10).aspx

3) DNS is what AD uses to find users and hosts.  Set up the first DC with
DNS. In accordance with standards, you'll need the secondary DNS available.
Even if you don't use the 2003 server as a DC, you can use its DNS service.
Otherwise, check the Linux server to see if it can handle MS SRV records.
If it can, you are gold. Zone Transfer from the  PDNS to the SDNS as often
as possible.

Once you have this setup, AD is a walk in the park.

On Wed, Apr 25, 2012 at 9:09 PM, matti <mathew_2000 at yahoo.com> wrote:

>
> Thank Joel!
>
> Here is the setup:
>
> Have a MS Windows Server 2008 R2 from another company which got bought...
> originally setup to do email, AD, PDC, DNS etc..
> ( it is no longer doing email )
>
> since the domain is different, CTO/CIO was looking at replacing it
> with a linux AD ...
>
> so my options
>
> 1) Make MS Windows Server 2008 R2 into AD, PDC, ...
> ( and I guess LDAP for the linux clients )
>
> I do not think they have a second MS Server License...
> ( if they do it would be a win2003 server ) so I am not certain
> about being about to setup a secondary domain controller
>
> Setup linux servers to pull login info for users from MS Win2008 server..
>
> 2) Setup a linux server as AD/LDAP server...
>
>
> What do you guys think?
>
> thanks
> matti
>
>
>
>
>
>
>   ------------------------------
> *From:* Junaid A <junaidjan at yahoo.com>
> *To:* 'SGVLUG Discussion List.' <sgvlug at sgvlug.net>; sgvlug at sgvlug.org
> *Sent:* Wednesday, April 25, 2012 5:10 PM
> *Subject:* Re: [SGVLUG] Active Directory and linux
>
> Matti,
>
> Will you be running LDAP on Linux as well?
>
> Junaid
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20120425/bcc572dc/attachment-0001.html

More information about the SGVLUG mailing list