Good Practice

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hi,

Is there any good practice document for managing an AD
environment?

I have another question.

should the AD snap-ins like DSA.MSC be restricted to run
on a particular DC? The problem of doing so is at any one
time we can only two remote desktop sessions controlling
the DC. This poses a problem when there are a few SysAdmin
staff who need to adminster the server.


John
 
Re. the dsa.msc and dssite.msc, etc.
-- Install the adminpak.msi file on desktop computers.

I don't think you need to only allow administration from certain DCs. If
it's an issue, tighten down security by removing unnecessary domain admins,
etc.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Hi,

Is there any good practice document for managing an AD
environment?

I have another question.

should the AD snap-ins like DSA.MSC be restricted to run
on a particular DC? The problem of doing so is at any one
time we can only two remote desktop sessions controlling
the DC. This poses a problem when there are a few SysAdmin
staff who need to adminster the server.


John
 
First off as a best practice. Don't manage AD by logging into DCs. You should be
doing the management from workstations by loading the adminpack on the
workstations. Every time you interactively log into a DC you take the chance of
making some bad mistake there.

Second, try to automate as much as possible. Use scripts so that things are done
consistently.


Here are some good whitepapers

http://www.microsoft.com/windowsserver2003/techinfo/overview/adsecurity.mspx

http://www.microsoft.com/technet/community/events/windows2003srv/tnt1-83.mspx

http://www.microsoft.com/technet/pr...chnologies/activedirectory/plan/addeladm.mspx

and two of the best

These are the much-hailed Active Directory whitepaper and appendix.

http://www.microsoft.com/downloads/...a3-79e1-48fa-9730-dae7c0a1d6d3&DisplayLang=en

http://www.microsoft.com/downloads/...88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en
 
Back
Top