Internal vs. external directory services best practices

Similar Messages

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Front End internal and external web services

  Hi all,
  Can someone explain the purpose of internal and external web services URL in front end server. what does it do and what is it used for? and why the external traffic goes directly to it and not through reverse proxy?
  Thanks,

  They're for multiple purposes.  Address books, autodiscovery, meeting urls, mobile clients, etc.  There are two because they respond slightly differently based on whether the client is internal or external.  External traffic should always reach
  it through a reverse proxy, that reverse proxy should proxy traffic received on port 443 to port 4443 on your front end pool.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Network Services Best Practices

  Hello
  I've been using the Network Services Best Practices document  (27 Sep 2006) for some years now and I wonder if there has been actually an update to it. If not would you guys have any new Network Best Practices document you would suggest? Something that talks about Virutalization, etc.... would be great

  Hi Scott,
  Thank you for posting your issue in the forum.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards,
  Justin Gu

• Transfer iphoto library to external harddrive. Best practice?

  Need to transfer iphoto library to external harddrive due to space issues. Best practice?

  Moving the iPhoto library is safe and simple - quit iPhoto and drag the iPhoto library intact as a single entity to the external drive - depress the option key and launch iPhoto using the "select library" option to point to the new location on the external drive - fully test it and then trash the old library on the internal drive (test one more time prior to emptying the trash)
  And be sure that the External drive is formatted Mac OS extended (journaled) (iPhoto does not work with drives with other formats) and that it is always available prior to launching iPhoto
  And backup soon and often - having your iPhoto library on an external drive is not a backup and if you are using Time Machine you need to check and be sure that TM is backing up your external drive
  LN

• Configuring AD Sites and Services best practice for multiple office site ?

  Hi People,
  Can anyone here please suggest me or share the link of what is the best practice in configuring the AD Sites and Service for single AD domain with multiple office sites ?
  I'd like to know more about the number and the direction of the connection between Domain Controllers in one site to the Data Center and vice versa.
  Thanks.
  /* Server Support Specialist */

  Hi People,
  Can anyone here please suggest me or share the link of what is the best practice in configuring the AD Sites and Service for single AD domain with multiple office sites ?
  This series can be useful:
  Active Directory Structure Guidelines – Part 1
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• In house Repair service Best Practices

  Hi,
  I have requirement to work on In-house Repairs for service module. please suggest me best practices id for refering configuration Inhouse repairs service(crm7.0)
  Please help me.
  Thanks & Regards
  kishore kumar

  Dear Kishore,
  Unfortunatelly, SAP CRM Best Bracticies doesn't cover this process. Anyway there are other sources of information. Please refer to these links to read more about In-House Repair:
  http://help.sap.com/saphelp_crmscen70/helpdata/en/3b/15a1d29b7e481987c3b894c4b074de/frameset.htm
  http://help.sap.com/saphelp_crm70/helpdata/en/c4/3d239a23c5484e970558ba67b837d5/frameset.htm
  Arthur.

• Web service, best practice

  Hi,
  I would need some oppionions on best practices for a WS interface.
  Lets say I have a system with 5 different states on an entity, lets say states are A, B, C, D and E. It is not possible to shange from any state to any other state, there are certain rules.
  Shall the knowledge on these transition rules be on the service consumer or in the service itself. What I'm looking for is what kind of operations I shall expose:
  setState(State aState)
  or
  changeToStateA()
  changeToStateC()
  And so on... In the first case all knowlege of state transitions must be on the service consumer. In the second case this is not needed as the operation will take care of that.
  Is there any guidelines on this?
  Thanks,
  Mattias

  services should be idempotent and stateless.
  that means that transitions and workflow should be the responsibility of the client.
  %

• UDDI and deployed Web Services Best Practice

  Which would be considered a best practice?
  1. To run the UDDI Registry in it's own OC4J container with Web Services deployed in another container
  2. To run the UDDI Registry in the same OC4J container as the deployed Web Services

  The reason you don't see your services in the drop-down is because, CE does lazy initialization of EJB components (gives you a faster startup time of the server itself). But your services are still available to you. You do not need to redeply each time you start the server. One thing you could do is create a logical destinal (in NWA) for each service and use the "search by logical destination" button. You should always see your logical names in that drop-down that you can use to invoke your services. Hope it helps.
  Rao

• Web services - Best practices

  Hello all,
  I have been working my way through 'Core J2EE Patterns: Best Practices and Design Strategies' in preparation for a web services based project I am responsible for delivering.
  Theres just one thing I cannot get my head round. The book identifies a web service broker responsible for dealing with WS requests. However it states its at the integration level. If I have a WS enabled client wanting to communicate with my services, wouldn't the web service broker have to be the first point of contact, almost acting as a Controller?
  Much of this is new to me, so perhaps I am barking up the wrong tree. But any help would be greatly appreaciated
  Kind regards
  Kevin

  Michal
  Can you send me your article or anything you have on web services? I am trying to connect to a .NET server and I'm getting the following error:
  System.Web.Services.Protocols.SoapHeaderException: WSE012: The input was not a valid SOAP message because the following information is missing: action. at Microsoft.Web.Services3.Utilities.AspNetHelper.SetDefaultAddressingProperties(SoapContext context, HttpContext httpContext) at Microsoft.Web.Services3.WseProtocol.CreateRequestSoapContext(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response) at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
  I know it has something to do with Axis but I just don't know enough. Is there a way around it? Do you know if WSE 3.0 requires Axis2?
  Thanks for any info you can send my way.
  Steve

• Premiere Pro + External Hard Drive Best Practices

  For best performance when editing in premiere, is it recommended to keep raw files and project files on seperate drives?  Does this make workflow and response time quicker? What are the most efficient and safest options? Thanks

  I see this repeated over and over. I have not found it to be true. I have found over and over again that a single dedicated 7200 internal drive for media will work just fine. This is editing RT employing mainly DV, HDV, Cannon XF and Sony XdCam up to 50 Mbps. This includes multicamera projects up to four cameras.
  Since 2002 I have set up at least 10 separate Premiere based NLE PCs and have witnessed hundreds of projects across these many systems edited with Premiere 6.0, 6.5, Pro 1.5 Pro 2.0, CS4, CS5x, and CS6.  The only time when hard discs became an issue was a misadventure using USB external drives.
  I experimented, early in DV editing days, with advising editors to save their graphics, music, and project files on a separate internal media drive. However I could never get a consistent compliance with that, so for file management sake, I began having users keep all scratch disc dialogues checked to "same as project". That way they just needed to be certain to create their project folder on a Media drive, and save their project into that folder.
  Things have been smooth with that. I think that over the years I've had enough testing to say with confidence that anyone will be fine with it for general use with codecs up to 50Mbps per stream.
  The only place I've found some benefit is in targeting a separate internal drive for exports. This can speed up exports a bit, but I haven't found wild differences.
  So a typical system I might set up or use would map like this:
       C: System (usually a raid0)
       D: internal 7200 rpm Media 1 (Active Premiere Projects)
       G: USB\Firewire External Drives  Storage (Inactive premiere projects and offline file storage)
        Additional video edit space set up as:
       E: internal 7200 rpm Media 2 (Active Premiere Projects)
  Again, lots of experience with this set up and no drive performance issues.

• Web Service best practice question

  Hi ! I'm designing a web service solution and I'm trying to figure out the best way to solve a simple situation. I haver some products at my company which need query by consumers, I need some way to let them provide some sort of unique identifier for the product in order for me to return the product complete description. Unfortunately the products are specific to my company and there is no industry standard to do the search (like an ISBN for books). So I'm considering make an adicional service to just return the products database ID in order to enable the consumer make the actual query using this ID. Is there a better way to handle this situation ??
  Thanks everyone !

  services should be idempotent and stateless.
  that means that transitions and workflow should be the responsibility of the client.
  %

• External Table Authorization Best practices

  Hi,
  I am working on OBIEE External table Authorization. I am able to successfully implement for one Project (catalog). The field for Authorization table (AuthTable) are
  Windows_ID     Employeeid     Name     EmpEMail     GroupName     Process_ID     Process_Name     Portal_Path
  Here as per requirement a user should see data for a few process. So, I put a column for Process_ID and subsequently I created a INIT block in repository where query are like
  Select 'PROCESS_ID',AuthTable. Process_id
  From AuthTable
  WHERE upper(AuthTable.AD_ID) = upper(':USER')
  Then for User Groups I applied FILTERs for all the tables E.G for every Logical Table I applied Filter
  Dim_Process."Process ID" = VALUEOF(NQ_SESSION."PROCESS_ID")
  I checked data and every thing is correct. But My question is:
  We have many projects/catalog for which Filter Criteria will be different so shall we insert a new column for each criteria in SAME AuthTable or there is any other and better way to maintain it. Because if we maintain one table for all the projects/catalog it will be very messy I would prefer to keep different tables for different projects/catalog as there data marts are different.
  But Problem is for all other session variables we may use different INIT BLOCKS and hence different tables BUT for PORTALPATH there should be only one INIT BLOCK so only for PORTALPATH sake we need to keep every thing in same table ?
  Tell me if I am wrong some where in my understanding or there is a better way to do it.
  Regards
  Saurabh

  Hi,
  Pls refer to this link. Kumar explained it very clearly
  http://obieeblog.wordpress.com/category/obiee/obiee-security/
  Pls award points, if helpful
  Regards,
  Sarat Nallapati

• External Portal - Security Best Practice

  We will be initiating an external portal for ESS access. For those using ESS from home, what type of additional security access is anyone using if the person happens to lock themselves out of their ESS account? Do you have a security question built into ESS? Are you using a security grid to reset their password? I'm looking to see what other alternatives people are using.
  Thanks
  Pam Major

  Hi Tim: Here's my basic approach for this -- I create either a portal dynamic page or a stored procedure that renders an HTML parameter form. You can connect to the database and render what ever sort of drop downs, check boxes, etc you desire. To tie everything together, just make sure when you create the form, the names of the fields match that of the page parameters created on the page. This way, when the form posts to the same page, it appends the values for the page parameters to the URL.
  By coding the entire form yourself, you avoid the inherent limitations of the simple parameter form. You can also use advanced JavaScript to dynamically update the drop downs based on the values selected or can cause the form to be submitted and update the other drop downs from the database if desired.
  Unfortunately, it is beyond the scope of this forum to give you full technical details, but that is the approach I have used on a number of portal sites. Hope it helps!
  Rgds/Mark M.

• Running Best Practice Analyzer on remote 2008 R2 domain controllers

  Hello Powershell World,
  I'll start out by first mentioning that I am a powershell rookie so I gladly welcome any input to help me improve or work more efficiently.  Anyway, I recently used powershell to run the best practice analyzer for DNS on all of our domain controllers.
   The way I went about was pretty tedious and inefficient but still got the job done through a series of one-liners and exported the report to a UNC path as follows:
  Enable-PSremoting -Force (I logged into all of the domain controllers individually and ran this before running the one-liners below from my workstation)
  New-PSSession -Name <Session Name> -ComputerName <Hostname>
  Enter-PSSession -Name <Session Name>
  Import-Module bestpractices
  Invoke-BPAModel Microsoft/Windows/DNSServer
  Get-BPAResult Microsoft/Windows/DNSServer | Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help | Sort Category | Export-CSV \\server\share\BPA_DNS_SERVERNAME.csv
  I'm looking to do this again but for the Directory Services best practice analyzer without having to individually enable remoting on the domain controllers and also provide a lsit of servers for the script to run against. 
  Thanks in advance for all your help!

  What do you mean by "without having to individually enable remoting "?
  You cannot remote without enabling remoting.  You only need to enable remoting once.  It is a configuraiton change.  If you have done it once you do not need to do it again.
  Here is how to runfrom a list of DCs.
  $sb={
  Import-Module bestpractices
  Invoke-BPAModel Microsoft/Windows/DNSServer
  Get-BPAResult Microsoft/Windows/DNSServer |
  Select ModelId,Severity,Category,Title,Problem,Impact,Resolution,Compliance,Help |
  Sort Category |
  Export-CSV "\\server\share\BPA_DNS_$env:COMPUTERNAME.csv"
  Invoke-BPAModel Microsoft/Windows/DirectoryServices
  # etc...
  ForEach($dc in $listofDCs){
  Invoke-Command -ScriptBlock $sb -Computer $dc
  ¯\_(ツ)_/¯