More Mysteries of the
AdminSDHolder
Tony Murray’s article “Demystifying
the AdminSDHolder Object”
(June 2007, InstantDoc ID 95834)
was excellent. Coincidentally, I
read it just a few days before I faced
a problem with AdminSDHolder.
Tony really saved my day! However,
I wish the article had included the
workarounds that exist not only to
customize the object’s behavior but
also to disable it. (For more information,
see “Delegated permissions
are not available and inheritance is
automatically disabled,“ support.microsoft.com/?id=817433.)
—Apostolos Fotakelis
The Microsoft article you refer to provides
good supporting information
about the AdminSDHolder object,
especially for those upgrading domain
controllers from Windows 2000 Server.
I would, however, urge readers to carefully
think through the implications of
reverting to Win2K AdminSDHolder
behavior as described in the article.
The changes to AdminSDHolder
behavior were implemented in Windows
Server 2003 Active Directory
(AD) for a good reason: to improve
security. If you encounter the problem
described in the Microsoft article,
implement the workaround that the
article presents as Method 1 rather
than the hotfix. This method is the least
likely to leave AD open to compromise.
—Tony Murray
64-Bit Recommended
The sidebar “AD Considerations for
Exchange 2007“ (September 2007,
InstantDoc ID 96535) says that “your
GC servers must be running a 64-bit
Windows OS.” This statement isn’t
true; Microsoft just recommends that
you use 64-bit Windows. Nice article,
though.
—hitchcock4
I pulled this sidebar together from
Brien Posey’s “Designing Active Directory
for Exchange Server 2007” (September 2007, InstantDoc ID 96536). In
that article, Brien says that according
to Microsoft’s recommendation, for the
8:1 ratio of Exchange cores to Global
Catalog (GC) cores to be valid, you
need a 64-bit Windows OS and you
need enough memory to cache the
entire AD database in RAM. Sorry for
the confusion, and I hope this clears
things up a bit.
—Brian Keith Winstead
Licensing Conundrum
Thanks to Nate McAlmond for a great
article, “Deploy a Single Application
Through Terminal Services” (August
2007, InstantDoc ID 96337). I am
deploying a new back-end application
and will configure Terminal Services
to provide access. I would appreciate
some clarification regarding licensing.
In addition to Terminal Services
user and device CALs, do I need Windows
user CALs for Windows Server
2003, or does the server license cover
my licensing obligation? Additionally,
my application/Terminal Server will
be storing and accessing data from
a separate Microsoft SQL Server
2005 machine.
Will I be required
to buy SQL
user and device
licenses, or does
the SQL Server
license cover me?
—Jeffrey B. Mahar
In addition to the
server license, you’ll
need one Windows
Server CAL. (See
www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx for more
information on licensing for Terminal
Services.) You’ll also need a
CAL for SQL Server. You can license
SQL Server 2005 by user, by device,
or by processor. If you license SQL
Server by device, you’ll also need a
CAL for each terminal that accesses
the SQL Server machine. However,
you could use the processor licensing model
for SQL 2005, which would
eliminate your obligation for CALs
completely.
—Nate McAlmond
Microsoft’s
Software Plus
Services Strategy
I read Karen Forster’s IT Pro Perspective
column “Microsoft’s Software Plus
Services Strategy” (September 2007,
InstantDoc ID 96673). IT is a very fluid
market, and you have to go with the
flow to remain competitive. I’d be disappointed
in a leader who could not
demonstrate agility.
Like any other company, Microsoft
is after one thing—profit. It
achieves that one thing by way of
pervasiveness. Just as it does with its
service stack, Microsoft will morph
the definition of terms such as service-
oriented architecture (SOA) in
order to show that its offering is not
only complete but also meets the
definition and is necessary. Architects
have to be wary of any company
(e.g., IBM, TIBCO Software, BEA, Sun
Microsystems) that does
the same thing.
Microsoft is going
to do whatever it takes
to be pervasive and
profitable. It will look
at academia and do
research, then will
use the data gleaned
from that research
to build its own
product map that
will foster its mission
of profitability and
pervasiveness. SaaS is going
to have to convince people to let go of
their data. More importantly, because
of the work that companies such as
Microsoft are doing, SaaS will also
have to change what we know to be
true, which is that “rolling your own”
ain’t really all that hard or expensive! It
will be interesting to see what Microsoft
does.
—galaxis13
Register
