Best Practice for Domain Controllers for a company of 500 users.

Similar Messages

• Obiee 11g : Best practice for filtering data allowed to user

  Hi gurus,
  I have a table of the allowed areas for each user.
  I want to show only the data facts associated with these allowed areas.
  For instance my user scott can see France and Italy data.
  I made a variable session. I put this session variable in a filter.
  It works ok but only one value (the first one i think) is taken in account (for instance, with my solution scott will see only france data).
  I need all the possible values.
  I tried with the row wise parameter of the variable session. But it doesn't work (error obiee).
  I've read things on internet about using stragg or valuelistof but neither worked.
  What would be the best practice to achieve this goal of filtering data with conditions by user stored in database ?
  Thanks in advance, Emmanuel

  Check this link
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/

• Best practice for installing many SL-500

  Hi,
  I have just bought 25 SL-500 and are to buy a hundred more in half a year.
  They are all model 2746-4DG
  I wish to make a special installation with all standard software of my office and transfer this to a DVD as a Ghost Image.
  Normally (in my old job) I would do this by installing everything I need on one PC, and do a sysprep for making a factory image. After this I would make a Ghost image of the disk and transfer this to a DVD.
  But in my old job we did not buy OEM windows XP - we had a VOL agreement.
  I would really like to install all PC's with only one Windows Key and skip activation, but can this be done if I buy one VOL license and media for Windows XP and use this key on all PC's.
  And is it legal for me to do so?
  Kind regards
  Hchhimself
  Denmark

  There is one best practice document available from Oracle RACSIG site and "Oracle Real Applicaiton Cluster Administration and Deployment Guide" available on OTN is also good source of informaiton about 10g RAC.
  Oracle has made sincere efforts in 10g documentations expecially in server technology.
  Thanks & Regards

• Best Practice for setting BPM Task Potential Users

  Hello,
  Can anyone help me with one doubt I have with BPM?
  When I'm configuring the BPM Task I have to set the Potential Users, also I know it can be set through an expression. However, my doubt is the following,
  If I set the potential user in the BPM Task, everytime the task change of responsible user I will have to go to NWDS change the BPM Task Potential User, Build and Deploy again the BPM? That's a lot of work.
  Which is the best practive for doing this kind of maintenance?
  Regards
  SU

  you can assign the task to group.
  so you only have to change at UME side, add or remove user to/from the group

• Best practice for SSH access by a user across multiple Xserves?

  Hello.
  I have 3 Xserves and a Mac Mini server I'm working with and I need SSH access to all these machines. I have given myself access via SSH in Server Admin access settings and since all 4 servers are connected to an OD Master (one of the three Xserves), I'm able to SSH into all 4 machines using my username/password combination.
  What I'm unsure of though is, how do I deal with my home folder when accessing these machines? For example, currently, when I SSH into any of the machines, I get an error saying...
  CFPreferences: user home directory at /99 is unavailable. User domains will be volatile.
  It then asks for my password, which I enter, and then I get the following error...
  Could not chdir to home directory 99: No such file or directory
  And then it just dumps me into the root of the server I'm trying to connect to.
  How should I go about dealing with this? Since I don't have a local home directory on any of these servers, it has no where to put me. I tried enabling/using a network home folder, but I end up with the same issue. Since the volume/location designated as my home folder isn't mounted on the servers I'm trying to connect to (and since logging in via SSH doesn't auto-mount the share point like AFP would if I was actually logging into OS X via the GUI), it again says it can't find my home directory and dumps me into the root the server I've logged in to.
  If anyone could lend some advice on how to properly set this up, it would be much appreciated!
  Thanks,
  Kristin.

  Should logging in via SSH auto-mount the share point?
  Yes, of course, but only if you've set it up that way.
  What you need to do is designate one of the servers as being the repository of home directories. You do this by simply setting up an AFP sharepoint on that server (using Server Admin) and checking the 'enable user home directories' option.
  Then you go to Workgroup Manager and select your account. Under the Home tab you'll see the options for where this user's home directory is. It'll currently say 'None' (indicating a local home directory on each server). Just change this to select the recently-created sharepoint from above.
  Save the account and you're done. When you login each server will recognize that your home directory is stored on a network volume and will automatically mount that home directory for you.

• SAP Best Practice for Water Utilities v 1.600

  Hi All,
  I want to install SAP Best Practice for Water Utilities v 1.600. I have downloaded the package (now  available only Mat.No. 50079055 "Docu: SAP BP Water Utilities-V1.600")  from Marketplace, but there is NO transport file included on it. It only contains documentation.  Should I use the transport file from Best Practice for Utilities v 1.500?
  Thank you,
  Vladimir

  Hello!
  The file should contain eCATTs with data according to best practice preconfigured scenarios and transactions to install them.
  Some information about preconfigured scenario you could find here:
  http://help.sap.com/bp_waterutilv1600/index.htm -> Business Information -> Preconfigured Scenarios
  Under the "Installation" path you could find "Scenario Installation Guide" for Water Utilities.
  I hope it would be helpful.
  Vladimir

• Best Practices for Setting up a Windows 2012 R2 STD Domain Controller in a Remote Site

  So I'm looking for an article or writeup similar to the "Adding Domain Controllers in Remote Sites" TechNet article but for Windows Server 2012 STD R2.  Here is my scenario:
  1.  I want to setup the domain controller at Site A where the primary domain controller is located.  The primary domain controller is Windows Server 2008 R2. 
  2.  Once the DC is setup I plan on leaving it on our network for a few days before shipping it to remote Site B for installation
  Other key items:
  1.  The remote Site B will have a different IP range than Site A but will be connected to Site A via a single VPN tunnel.  All the DCs that replicate with each other are on the same domain. 
  2.  The 2012 DC that I setup for Site B (same domain in same forest) will be a DHCP, DNS, and WSUS server all replicating to the primary DC at Site A
  Questions:
  1.  What items can I setup while it's at Site A without effecting or conflicting with the existing network and domain controller?  Can I setup a scope once the DHCP role is added? 
  2.  All of our DCs replicate through Sites and Services, do I have to manually add this to our primary DC for the new DC going to remote Site B?  Or when does this happen automatically when I promote the DC? 
  All and all I'm just looking for a list of Best Practices for 2012 or a Step by Step Guide.  Any help would be appreciated. 

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• Best practices for setting up users on a small office network?

  Hello,
  I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
  Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
  Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
  All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
  Thank you,

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• (Request for:) Best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC

  Could you please share your best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC, that will be running on a new WinSrv 2012 r2 host server.   (This
  will be for a brand new network setup, new forest, domain, etc.)
  Specifically, your best practices regarding:
  the sizing of non virtual and virtual volumes/partitions/drives,  
  the use of sysvol, logs, & data volumes/drives on hosts & guests,
  RAID levels for the host and the guest(s),  
  IDE vs SCSI and drivers both non virtual and virtual and the booting there of,  
  disk caching settings on both host and guests.  
  Thanks so much for any information you can share.

  A bit of non essential additional info:
  We are small to midrange school district who, after close to 20 years on Novell networks, have decided to design and create a new Microsoft network and migrate all of our data and services
  over to the new infrastructure .   We are planning on rolling out 2012 r2 servers with as much Hyper-v virtualization as possible.
  During the last few weeks we have been able to find most of the information we need to undergo this project, and most of the information was pretty solid with little ambiguity, except for
  information regarding virtualizing the DCs, which as been a bit inconsistent.
  Yes, we have read all the documents that most of these posts tend point to, but found some, if not most are still are referring to performing this under Srvr 2008 r2, and haven’t really
  seen all that much on Srvr2012 r2.
  We have read these and others:
  Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100), 
  Virtualized Domain Controller Technical Reference (Level 300),
  Virtualized Domain Controller Cloning Test Guidance for Application Vendors,
  Support for using Hyper-V Replica for virtualized domain controllers.
  Again, thanks for any information, best practices, cookie cutter or otherwise that you can share.
  Chas.

• Best practice for RDGW placement in RDS 2012 R2 deployment

  Hi,
  I have been setting up a RDS 2012 R2 farm deployment and the time has come for setting up the RDGW servers. I have a farm with 4 SH servers, 2 WA servers, 2 CB servers and 1 LS.
  Farm works great for LAN and VPN users.
  Now i want to add two domain joined RDGW servers.
  The question is; I've read a lot on technet and different sites about how to set the thing up, but no one mentions any best practices for where to place them.
  Should i:
  - set up WAP in my DMZ with ADFS in LAN, then place the RDGW in the LAN and reverse proxy in
  - place RDGW in the DMZ, opening all those required ports into the LAN
  - place the RDGW in the LAN, then port forward port 443 into it from internet
  Any help is greatly appreciated.
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights

  Hi,
  The deployment is totally depends on your & company requirements as many things to taken care such as Hardware, Network, Security and other related stuff. Personally to setup RD Gateway server I would not prefer you to select 1st option. But as per my research,
  for best result you can use option 2 (To place RDG server in DMZ and then allowed the required ports). Because by doing so outside network can’t directly connect to your internal server and it’s difficult to break the network by any attackers. A perimeter
  network (DMZ) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway,
  RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. You can refer
  beneath article for more information.
  RD Gateway deployment in a perimeter network & Firewall rules
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• IronPort ESA best practice for DNS servers?

  Hello!
  Is there a best practice for what servers should be used for the Cisco IronPort DNS servers?
  Currently when I check our configuration, we have set it to "Use these DNS servers" and the first two are our domain controllers and last two are Google DNS.
  Is there a best practice way of doing this? I'm thinking of selecting the "Use the Internet's Root DNS Servers" option as I can't really see an advantage of using internal DC's.
  Thoughts?

  Best practice is to use Internet Root DNS Servers and define specific dns servers for any domain that you need to give different answers for. Since internal mail delivery is controlled by smtproutes using internal dns servers is normally not required.
  If you must use internal dns servers I recommend servers dedicated to your Ironports and not just using servers that handle enterprise lookups as well. Ironports can place a very high load on dns servers because every outside connection results in multiple dns lookups. (forward, reverse, sbrs)
  If you don't have enough dns horsepower you are susceptible to a DOS attack either through accident or design. If the Ironports overload your internal dns servers it can impact your entire enterprise.

• DNS best practices for hub and spoke AD Architecture?

  I have an Active Directory Forest with a forest root such as joe.co and the root domain of the same name, and root DNS servers (Domain Controllers) dns1.joe.co and dns2.joe.co
  I have child domains with names in the form region1.joe.com, region2.joe.co and so on, with dns servers dns1.region1.joe.co and so on.
  Each region has distribute offices that may have a DC in them, servers named in the form dns1branch1.region1.joe.co
  Over all my DNS tests out okay, but I want to get the general guidelines for setting up new DCs correct.
  Configuration:
  Root DC/DNS server dns1.joe.co adapter settings points DNS to itself, then two other root domain DNS/DCs dns2.joe.co and dns3.joe.co.
  The other root domain DNS/DCs adapter settings point to root server dns1.joe.co and then to itself dns2.joe.co, and then 127.0.0.1
  The regional domains have a root dns server dns1.region1.joe.co with adapter that that points to root server dns1.joe.co then to itself.
  The additional region domain DNS/DCs adapter settings point to dns1.region1.joe.co then to itself then to dn1.joe.co
  What would you do to correct this topology (and settings) or improve it?
  Thanks in advance
  just david

  Hi,
  According to your description, my understanding is that you need suggestion about your DNS topology.
  In theory, there is no obvious problem. Except for the namespace and server plaining for DNS, zone is also needed to consideration. If you place DNS server on each domain and subdomain, confirm that if the traffic browsed by DNS will affect the network performance.
  Besides, fault tolerance and security are also necessary.
  We usually recommend that:
  DC with DNS should point to another DNS server as primary and itself as secondary or tertiary. It should not point to self as primary due to various DNS islanding and performance issues that can occur. And when referencing a DNS server on itself, a DNS client
  should always use a loopback address and not a real IP address. detailed information you may reference:
  What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?
  http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest
  How To Split and Migrate Child Domain DNS Records To a Dedicated DNS Zone
  http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Best Practices for BI, ADF and Oracle Forms installations on Weblogic

  Hi, I'm researching options on upgrading to Oracle 11g Middleware. My company currently has Oracle Forms 10g running on Oracle Application Server.
  We are interested in using Oracle Forms 11g, ADF and Jdeveloper, and Business Intelligence with Oracle's Weblogic 10.3.5.
  Is there any whitepapers or documentation on best practices for installing alll of these components together?
  For instance, can ADF ( with JSF 2.x ) be installed in the same domain as Oracle Forms 11g but use different managed servers?
  Will Business Intelligence need to be in a seperate Oracle Home with it's own weblogic installation? I spend a lot of time trying to get the JSF upgraded to 2.x in the Business Intelligence installation and could not get it to work.
  I know it's a pretty broad question but thank you for any direction on this.

  Thanx for the reply! I read through the documents and they are very good at explaining how to install the different components individually. I still can't find much on installing them together. I hope it's not just going to be a trial and error thing.
  So far I've installed done the following successfully:
  Installed 10.3.5 weblogic
  Forms and Reports 11g on top of 10.3.5
  I've created an additional managed server for our ADF applications.
  My next step is upgrading the JSF to 2.x. I would have to stage patches 12917525 and 12979653. I'm afraid it will break the forms and reports though. Any ideas?

• Best Practices for AD and Windows Environment

  Hello Everyone,
  I need to create a document having the best practices for AD containing best practices for DNS, DHCP, AD Structure, Group Policy, Trust Etc.
  I just need the best practices irrespective of what is implemented in our company.
  I just need to create a document for analysis as of now. I searched over the internet but could not find much. I would request you all to pour in your suggestions from where i can find those.
  If anyone could send me or point me the link. I am pretty new to the technology, so need your help.
  Thanks in Advance

  I have an article where I shared the best practices to use to avoid known AD/DNS issues: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
  However, you need first to identify your requirements and based on these requirements, you can identify what should be implemented on your environment and how to manage it. The basics here is that you need to have at least two DC/DNS/GC servers per AD domain
  for the High Availability. You need also to take a system state backup of at least one DC/DNS/GC server in your domain. As for DHCP, you can use 50/50 or 80/20 DHCP rule depending on your setup.
  You can also refer to that: https://technet.microsoft.com/en-us/library/cc754678%28v=ws.10%29.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Basic Strategy / Best Practices for System Monitoring with Solution Manager

  I am very new to SAP and the Basis group at my company. I will be working on a project to identify the best practices of System and Service level monitoring using Solution Manager. I have read a good amount about SAP Solution Manager and the concept of monitoring but need to begin mapping out a monitoring strategy.
  We currently utilize the RZ20 transaction and basic CCMS monitors such as watching for update errors, availability, short dumps, etc.. What else should be monitored in order to proactively find possible issues. Are there any best practices you all have found when implimenting Monitoring for new solutions added to the SAP landscape.... what are common things we would want to monitor over say ERP, CRM, SRM, etc?
  Thanks in advance for any comments or suggestions!

  Hi Mike,
  Did you try the following link ?
  If not, it may be useful to some extent:
  http://service.sap.com/bestpractices
  ---> Cross-Industry Packages ---> Best Practices for Solution Management
  You have quite a few documents there - those on BPM may also cover Solution Monitoring aspects.
  Best regards,
  Srini
  Edited by: Srinivasan Radhakrishnan on Jul 7, 2008 7:02 PM