Art Alexion on 23 Feb 2012 07:03:25 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] NTP rant


It was someone on our team.

--
Art Alexion

On Feb 23, 2012 9:44 AM, "Michael Leone" <turgon@mike-leone.com> wrote:
On Thu, Feb 23, 2012 at 9:24 AM, jeff <jeffv@op.net> wrote:
> On 02/23/2012 09:17 AM, Art Alexion wrote:
>>
>> This is the correct answer. We tracked down a rogue DC in a branch
>> office which had grabbed the PDC role from the real PDC.
>
>
> Another great MS `feature'.

A rogue DC? Someone (not you or the IT staff) installed a Windows
server, and then installed Active Directory on it? That requires the
password of a domain admin account to do (or one delegate those
rights).

AD roles usually have to be manually transferred, they don't just
transfer between DCs due to new installations. Someone had to
deliberately transfer that role.

You've got much more than a technical problem, if you have non-IT
staff installing DCs at branch offices, and that know your domain
passwords and how to transfer AD roles ....
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug