More Mysteries of the AdminSDHolder
Tony Murray’s article “Demystifying the AdminSDHolder Object” (June 2007, InstantDoc ID 95834) was excellent. Coincidentally, I read it just a few days before I faced a problem with AdminSDHolder. Tony really saved my day! However, I wish the article had included the workarounds that exist not only to customize the object’s behavior but also to disable it. (For more information, see “Delegated permissions are not available and inheritance is automatically disabled,“ support.microsoft.com/?id=817433.)
The Microsoft article you refer to provides good supporting information about the AdminSDHolder object, especially for those upgrading domain controllers from Windows 2000 Server. I would, however, urge readers to carefully think through the implications of reverting to Win2K AdminSDHolder behavior as described in the article. The changes to AdminSDHolder behavior were implemented in Windows Server 2003 Active Directory (AD) for a good reason: to improve security. If you encounter the problem described in the Microsoft article, implement the workaround that the article presents as Method 1 rather than the hotfix. This method is the least likely to leave AD open to compromise.
The sidebar “AD Considerations for Exchange 2007“ (September 2007, InstantDoc ID 96535) says that “your GC servers must be running a 64-bit Windows OS.” This statement isn’t true; Microsoft just recommends that you use 64-bit Windows. Nice article, though.
I pulled this sidebar together from Brien Posey’s “Designing Active Directory for Exchange Server 2007” (September 2007, InstantDoc ID 96536). In that article, Brien says that according to Microsoft’s recommendation, for the 8:1 ratio of Exchange cores to Global Catalog (GC) cores to be valid, you need a 64-bit Windows OS and you need enough memory to cache the entire AD database in RAM. Sorry for the confusion, and I hope this clears things up a bit.
—Brian Keith Winstead
Thanks to Nate McAlmond for a great article, “Deploy a Single Application Through Terminal Services” (August 2007, InstantDoc ID 96337). I am deploying a new back-end application and will configure Terminal Services to provide access. I would appreciate some clarification regarding licensing.
In addition to Terminal Services user and device CALs, do I need Windows user CALs for Windows Server 2003, or does the server license cover my licensing obligation? Additionally, my application/Terminal Server will be storing and accessing data from a separate Microsoft SQL Server 2005 machine. Will I be required to buy SQL user and device licenses, or does the SQL Server license cover me?
—Jeffrey B. Mahar
In addition to the server license, you’ll need one Windows Server CAL. (See www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx for more information on licensing for Terminal Services.) You’ll also need a CAL for SQL Server. You can license SQL Server 2005 by user, by device, or by processor. If you license SQL Server by device, you’ll also need a CAL for each terminal that accesses the SQL Server machine. However, you could use the processor licensing model for SQL 2005, which would eliminate your obligation for CALs completely.
Microsoft’s Software Plus Services Strategy
I read Karen Forster’s IT Pro Perspective column “Microsoft’s Software Plus Services Strategy” (September 2007, InstantDoc ID 96673). IT is a very fluid market, and you have to go with the flow to remain competitive. I’d be disappointed in a leader who could not demonstrate agility.
Like any other company, Microsoft is after one thing—profit. It achieves that one thing by way of pervasiveness. Just as it does with its service stack, Microsoft will morph the definition of terms such as service- oriented architecture (SOA) in order to show that its offering is not only complete but also meets the definition and is necessary. Architects have to be wary of any company (e.g., IBM, TIBCO Software, BEA, Sun Microsystems) that does the same thing.
Microsoft is going to do whatever it takes to be pervasive and profitable. It will look at academia and do research, then will use the data gleaned from that research to build its own product map that will foster its mission of profitability and pervasiveness. SaaS is going to have to convince people to let go of their data. More importantly, because of the work that companies such as Microsoft are doing, SaaS will also have to change what we know to be true, which is that “rolling your own” ain’t really all that hard or expensive! It will be interesting to see what Microsoft does.