Top
Connect
email: vic @ hong . com . au
mobile: +1 604-783-6519
office: +1 604-677-2829


Search

Twitter Updates

    Blog Categories
    Admin
    Section2

    Entries in active directory (2)

    Thursday
    May142009

    NexentaStor - n00by tips and tricks

    DateThursday, May 14, 2009 at 9:29AM

    I now have a full licensed version of NexentaStor up and running for a client.

    During the testing phase, I had run the trial software to make sure it had all the features as advertised and functioned in a way that would be practical for contractors like us, that prefer a slick solution that minimizes the tweaking around as much as possible!

    Trail software was successfully run on:

    • VMWare Player/Fusion
    • Sun VirtualBox
    • ASUS P5W DH Deluxe mobo - with additional PCIe Intel E1000 nic (onboard nics not supported)
    • SuperMicro X6DVA series mobo

    Had no problems joining it to a Windows 2003 Active Directory (mixed mode - with a legacy Windows 2000 DC), setting ACLs, snapshots, browsing the .zfs folder, etc, etc.

    When it came to running on production hardware, we were unsuccessful getting it to run on:

    Next we tried:

    • SuperMicro X7SBL-LN1
    • This was put into a Supermicro 4ru Jbod chassis - 16 x 1tb drives
    • LSI SAS HBA - LSISAS3081E-R - set in jbod mode
    • If you need help with SAS cables - these guys are great help: http://www.cs-electronics.com

    No problems at all booting into NexentaStor now!

    During this time, the production network did have a domain controller upgrade. The old Windows 2000 and Windows 2003 domain controllers were demoted and fresh new Windows 2008 domain controllers took over AD tasks for the network.

    This is when I had the next challenge - I was able to get Nexentastor to join, and sometime NOT join the domain. Everything I did, could not get a AD user that was logged into a Windows box to access a CIFs share on NexentaStor.

    After hitting a Nexenta support, DNF Storage support, and reading every detail in the Nexenta User Guide, I figured there was a problem with our AD upgrade. Soooo, if you have a domain joining issue, I urge you to check every bit of your DNS server setup in AD.

    Even though in the forward zones, _msdcs.domain.lan all the relevant entries were correctly populated, the _msdcs zone within the domain.lan zone was incorrectly populated with old DCs entries.

    Once this was created, everything was good to go.

    One more gotcha... When setting ACLs on the CIF shares, don't just click every box in haste! If I did, I was still denied access to the share.

    Set as follows:

    • execute
    • read
    • create
    • write
    • delete
    • but NO inherit

    the inherit permission seemed to lock out access...

     

    CommentPost a Comment |
    tagged , , , , , , in
    Wednesday
    Jul252007

    Migrate Users + Profiles to a new AD Domain

    DateWednesday, July 25, 2007 at 8:48AM

    Dug this out of an old email... Going to be doing one of these again:

    Tested, freaking took a while to work it out, but after some phone calls, and newsgroup surfing, got it. J
    Not sure if all the steps are needed, however this combo worked for me.

    Moving a PC (computer object) from one domain (win2k) to another domain (win2k3). I wanted to preserve the profile settings once the computer is a member of the new domain:


    • Setup trust between the 2 domains.
    • Set the new DC WINs setting to point to the old WINs server
    • Load ADMT 3 on the target domain controller
    • Setup administrator password to be the same on both domains, as well as the local administrator account on the machine (use Cusrmgr.exe to change admin password on multiple machines http://support.microsoft.com/kb/272530/EN-US/ )
    • Add the Domain Admin global group from the source domain to the Administrators Local Group in the Target domain
    • Add the Domains Admin global group from the target domain to the Adminstrators Local Group in the source domain
    • Create Secondry DNS zone of the other domain on each DNS server (win2k3 – click some settings to allow replication to any server – its locked down by default)
    • Set Windows firewall to be turned off on the computers (use GP to turn that f**ker off!)
    • *important* Set all client machines to be migrated have their DNS server pointing to the new Win2k3 DC DNS (I set statically, but do this via DHCP when implementing)
    • On the target Domain Controller, create an new MMC console, add the ADMT plug in and save to desktop
    • Right click on that icon, and run as the administrator account from the other domain

    Once the machine reboots, you can log into the other domain with the same account (assuming you used ADMT to migrate user accounts as well!), and viola, the profile should be exactly the same as when logging into the old domain!

    CommentPost a Comment |
    tagged , , in