 |
| |  |
Home
In This Issue
Email a Friend
EasyPrint
 | |
|
LIFE IN HELL
Avoid Exchange Hell by having multiple domain controllers
By David Gewirtz
Enough time has passed since My Thirteen Days in Exchange Hell that I can talk about it without getting the shakes. Unfortunately, it's been almost seven months, so some of the details have blurred in my mind. Actually, I tried to block it all from my mind so I could again sleep without nightmares, but no such luck.
As I mentioned last week, our Exchange server crashed hard. My challenge was reinstalling the backups. Along the way, I got some clues about what went wrong. This week, I'll talk about multiple domain controllers.
"I hate Active Directory with an unhealthy and all-consuming passion."
|
The biggest lesson that came out of this is that we should have had multiple domain controllers. To understand why I say this, you need to know about Exchange and an evil, evil concept called Active Directory. In theory, Active Directory is good. After My Thirteen Days in Exchange Hell, I hate Active Directory with an unhealthy and all-consuming passion.
How to explain Active Directory in ten words or less? OK, let's try this. Active Directory is a network-wide permissions system for enterprise-level Windows networks. The idea makes sense. Let's say you have a company with a hundred users and need to set permissions for file access, email, and the like for all those users.
Active Directory, which came out with Windows 2000, allows you to set those permissions once, and have the permissions propagate throughout the network. The alternative would be to set up permissions on each machine, for each set of users. This is complex and can often lead to errors.
Of course, Active Directory can lead to an emotional breakdown.
Managing the Active Directory database is a machine called a Domain Controller. This one machine is like the Master Control Program from Tron. It runs permissions on your network. And if you lose your Domain Controller and you're in an Active Directory domain, you loose your network.
It gets worse. Active Directory has something called a "tombstone lifetime setting." According to Microsoft,
Windows 2000 prohibits the restoring of old backup images into a replicated enterprise. Specifically, the useful life of a backup is identical to the "tombstone lifetime" setting for the enterprise. The default value for the tombstone lifetime entry is 60 days.
So, if you can't restore your backups after 60 days, or your backup is more than 60 days old, you're toast. Now, why didn't I see a Surgeon General's warning about that on the front of my Windows 2000 Server box?
The bottom line is this: if your domain controller tanks, you're in Hell.
Lessons learned
The solution is multiple, active, replicating domain controllers. We only had the one domain controller running here at ZATZ. We don't have all that many local employees and have very little physical floor space to store servers, so there seemed no need to have an additional domain controller.
[ Next ]
|
|
-- Advertisement --
ONLINE GROUP CALENDAR - FOR UP TO 100 OF YOUR CLOSEST FRIENDS
Stay organized and in control with 24/7 access to all of your important events, projects and files --whether you're at work, at home or on the road.
You can share your calendar, projects and files so everyone in your office is up to date. Plus, search your entire group to find times when everyone is available to meet, manage company resources and much more.
Organize your entire team for as low as $9.95 per year (and yes, that's where the decimal place is supposed to be!)
Tap here to get started right away. |
|
The Power Magazine for Microsoft Outlook and Exchange Users at OutlookPower.com
Copyright © 1998-2008, ZATZ Publishing. All rights reserved worldwide.
Outlook is a trademark of Microsoft Corporation.
|
