ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Handling DNS in a Single Active Directory Domain Controller Environment

    Scheduled Pinned Locked Moved IT Discussion
    ad dcaddnswindowswindows server
    242 Posts 21 Posters 54.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Kelly
      last edited by

      @kelly Best Practice is supposed to mean that it is the best thing to do. What you are describing is a common practice, something that is often the best thing to do. If something is best, then you should always do it, because it is best.

      The difference in terminology is that the "most commonly best" vs "best" is that one is best "more than any other solution when evaluating the individual solutions", and the other is simply best, no evaluation needed.

      A rule of thumb is different than either. Rules of thumb are only okay when they are a safe guide. You can't have a rule of thumb with HA, for example, because both having and not having HA are easily the right choice given a scenario, there isn't really a reliable fall back position to use as a rule of thumb. A rule of thumb might involve something that is rarely the best choice, but avoids a disastrous choice reliably.

      Best Practice is a very important term because if you were to catch an employee intentionally not following a true best practice, you should be upset with them and demand an explanation. It means they did something wrong. It's a powerful term. If you said "he didn't follow best practices, and we lost data", it implies he was at fault.

      A most commonly correct / best scenario is different. It means that yes, its' the "most likely" to be correct without doing any evaluation. But if you said "he didn't do the most common thing, and we lost data", that it no way implies he evaluated wrong.

      Think about people stating a best practice, when people say it, they really mean 100% of the time and if you don't do it, you are in the wrong. And the words mean that. To not follow a best practice is to say that you did something sub-optimally. But to not follow the most commonly best practice means you might still have done the best thing for your specific needs.

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller @Kelly
        last edited by

        @kelly said in Handling DNS in a Single Active Directory Domain Controller Environment:

        A common Best Practice recommendation for SMB is having your DNS service on your DC.

        If you meant commonly rather than common, then yes, I agree. It's most commonly the best solution for an SMB, but it is not a common best practice.

        Commonly means here that as it comes up, it's the best choice when evaluated individually.

        Common means that it is the best practice and one that is well known.

        So the "ly" changes the meaning quite a bit. It's not a best practice, but most commonly it is the best choice.

        1 1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          If you think of a conversation with management...

          "Well Microsoft says it is a best practice to do X, therefore we should do it."

          That's someone believing best practices mean what it really means (although we we'd believe a vendor's opinion, I don't know.) If they believed that a best practice only meant the thing done commonly or the thing most commonly good, that statement would make no sense - because they would know that something being a best practice has no reasonable bearing on whether or not it was good for their scenario.

          I've never heard anyone use best practice to mean something other than truly being the best option.

          1 Reply Last reply Reply Quote 0
          • 1
            1337 @scottalanmiller
            last edited by 1337

            @scottalanmiller You have some linguistic gymnastics going on there.

            This is what wikipedia says:

            Best practice
            A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.

            "Generally accepted as superior" being the central point here. IMHO best practice means just that. It doesn't mean that it is actually the best way in every situation, only that it is accepted as generally the best way.

            Put in another way - you better have a good reason to do things differently.

            scottalanmillerS 1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller @1337
              last edited by

              @pete-s said in Handling DNS in a Single Active Directory Domain Controller Environment:

              @scottalanmiller You have some linguistic gymnastics going on there.

              This is what wikipedia says:

              Best practice
              A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.

              "Generally accepted as superior" being the central point here. IMHO best practice means just that. It doesn't mean that it is actually the best way in every situation, only that it is accepted as generally the best way.

              Put in another way - you better have a good reason to do things differently.

              Actually read Wikipedia closely again... it's exactly what I said.

              "A best practice is a method or technique that has been generally accepted as superior to any alternatives".

              Notice "superior to ANY alternatives". If something is considered a best practice, it means that there considered to be no room for choosing anything else.

              That's precisely what I said. No linguistic gymnastics whatsoever. Total agreement. @Kelly 's point was that he felt it meant that there were lots of times you wouldn't do best practices, because they were just common and commonly you'd do something else.

              All I'm doing is following the language. The words are quite clear on their own. There's no massaging going on.

              1 Reply Last reply Reply Quote 2
              • scottalanmillerS
                scottalanmiller
                last edited by

                That's why Best Practices must be so few and far between, there are so rarely things that have no acceptable alternatives. Since a best practice must be accepted to be superior to all alternatives, then you never have to question it, as any alternative is inferior.

                But in something like one DC or two, there can be no best practice, because both options are perfectly acceptable under different scenarios. Sometimes one DC is just fine, sometimes you need two (or more.) If one or the other was a best practice, then the other would be never the right option.

                1 Reply Last reply Reply Quote 1
                • pmonchoP
                  pmoncho @scottalanmiller
                  last edited by

                  @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                  @brrabill said in Handling DNS in a Single Active Directory Domain Controller Environment:

                  Just think of what a different discussion this would be if MS just allowed you to spin up a free AD server, that just had AD, like Hyper-V Server.

                  Just imagine if a free AD server existed out there!

                  Oh wait...

                  I'm guessing you mean Samba? Or am I missing something?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @pmoncho
                    last edited by

                    @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                    @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                    @brrabill said in Handling DNS in a Single Active Directory Domain Controller Environment:

                    Just think of what a different discussion this would be if MS just allowed you to spin up a free AD server, that just had AD, like Hyper-V Server.

                    Just imagine if a free AD server existed out there!

                    Oh wait...

                    I'm guessing you mean Samba? Or am I missing something?

                    Yes, Samba will do AD for free. And is available on many platforms.

                    1 Reply Last reply Reply Quote 1
                    • CloudKnightC
                      CloudKnight
                      last edited by

                      I believe the forest level with Samba can only be 2008R2 though.

                      scottalanmillerS ObsolesceO 2 Replies Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @CloudKnight
                        last edited by

                        @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                        I believe the forest level with Samba can only be 2008R2 though.

                        Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                        pmonchoP CloudKnightC 2 Replies Last reply Reply Quote 0
                        • pmonchoP
                          pmoncho @scottalanmiller
                          last edited by

                          @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                          @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                          I believe the forest level with Samba can only be 2008R2 though.

                          Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                          If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                          https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                          scottalanmillerS 1 Reply Last reply Reply Quote 2
                          • CloudKnightC
                            CloudKnight @scottalanmiller
                            last edited by

                            @scottalanmiller Very true, nothing wrong at all in using. believe there was some improvements to DFS-R in higher Forrest levels, but if your obviously using Samba in your environment you probably would not be using this role anyway.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @pmoncho
                              last edited by

                              @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                              @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                              @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                              I believe the forest level with Samba can only be 2008R2 though.

                              Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                              If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                              https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                              Rumor is, but I'm not sure that 4.4 is widely available yet?

                              RomoR pmonchoP 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @CloudKnight
                                last edited by

                                @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                @scottalanmiller Very true, nothing wrong at all in using. believe there was some improvements to DFS-R in higher Forrest levels, but if your obviously using Samba in your environment you probably would not be using this role anyway.

                                Right, generally not.

                                1 Reply Last reply Reply Quote 0
                                • RomoR
                                  Romo @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                  @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                  @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                  @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                  I believe the forest level with Samba can only be 2008R2 though.

                                  Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                                  If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                                  https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                                  Rumor is, but I'm not sure that 4.4 is widely available yet?

                                  Even newer versions =).

                                  Centos 7.5 is using 4.7.1
                                  Fedora 28 is using 4.8.5

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • pmonchoP
                                    pmoncho @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                    @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                    @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                    @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                    I believe the forest level with Samba can only be 2008R2 though.

                                    Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                                    If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                                    https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                                    Rumor is, but I'm not sure that 4.4 is widely available yet?

                                    smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Romo
                                      last edited by

                                      @romo said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                      @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                      @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                      @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                      @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                      I believe the forest level with Samba can only be 2008R2 though.

                                      Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                                      If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                                      https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                                      Rumor is, but I'm not sure that 4.4 is widely available yet?

                                      Even newer versions =).

                                      Centos 7.5 is using 4.7.1
                                      Fedora 28 is using 4.8.5

                                      Oh wow, nevermind, lol.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @pmoncho
                                        last edited by

                                        @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                        @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                        @pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                        @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                        @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

                                        I believe the forest level with Samba can only be 2008R2 though.

                                        Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

                                        If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

                                        https://wiki.samba.org/index.php/Raising_the_Functional_Levels

                                        Rumor is, but I'm not sure that 4.4 is widely available yet?

                                        smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

                                        Is that for 18.04 or 18.10, the latter released a few days ago (I need to go update some systems.)

                                        CloudKnightC pmonchoP 2 Replies Last reply Reply Quote 0
                                        • CloudKnightC
                                          CloudKnight @scottalanmiller
                                          last edited by

                                          0_1539971107331_samba.png

                                          yep, using 18.04.1 here...

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            So likely a bit newer now.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 12
                                            • 13
                                            • 1 / 13
                                            • First post
                                              Last post