More Mysteries of the
AdminSDHolder
Tony Murray’s article “Demystifying
the AdminSDHolder Object”
(June 2007, InstantDoc ID 95834)
was excellent. Coincidentally, I
read it just a few days before I faced
a problem with AdminSDHolder.
Tony really saved my day! However,
I wish the article had included the
workarounds that exist not only to
customize the object’s behavior but
also to disable it. (For more information,
see “Delegated permissions
are not available and inheritance is
automatically disabled,“ support.microsoft.com/?id=817433.)
—Apostolos Fotakelis
The Microsoft article you refer to provides good supporting information about the AdminSDHolder object, especially for those upgrading domain controllers from Windows 2000 Server. I would, however, urge readers to carefully think through the implications of reverting to Win2K AdminSDHolder behavior as described in the article. The changes to AdminSDHolder behavior were implemented in Windows Server 2003 Active Directory (AD) for a good reason: to improve security. If you encounter the problem described in the Microsoft article, implement the workaround that the article presents as Method 1 rather than the hotfix. This method is the least likely to leave AD open to compromise.
—Tony Murray
64-Bit Recommended
The sidebar “AD Considerations for
Exchange 2007“ (September 2007,
InstantDoc ID 96535) says that “your
GC servers must be running a 64-bit
Windows OS.” This statement isn’t
true; Microsoft just recommends that
you use 64-bit Windows. Nice article,
though.
—hitchcock4
I pulled this sidebar together from Brien Posey’s “Designing Active Directory for Exchange Server 2007” (September 2007, InstantDoc ID 96536). In that article, Brien says that according to Microsoft’s recommendation, for the 8:1 ratio of Exchange cores to Global Catalog (GC) cores to be valid, you need a 64-bit Windows OS and you need enough memory to cache the entire AD database in RAM. Sorry for the confusion, and I hope this clears things up a bit.
—Brian Keith Winstead
Licensing Conundrum
Thanks to Nate McAlmond for a great
article, “Deploy a Single Application
Through Terminal Services” (August
2007, InstantDoc ID 96337). I am
deploying a new back-end application
and will configure Terminal Services
to provide access. I would appreciate
some clarification regarding licensing.
In addition to Terminal Services user and device CALs, do I need Windows user CALs for Windows Server 2003, or does the server license cover my licensing obligation? Additionally, my application/Terminal Server will be storing and accessing data from a separate Microsoft SQL Server 2005 machine. Will I be required to buy SQL user and device licenses, or does the SQL Server license cover me?
—Jeffrey B. Mahar
In addition to the server license, you’ll need one Windows Server CAL. (See www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx for more information on licensing for Terminal Services.) You’ll also need a CAL for SQL Server. You can license SQL Server 2005 by user, by device, or by processor. If you license SQL Server by device, you’ll also need a CAL for each terminal that accesses the SQL Server machine. However, you could use the processor licensing model for SQL 2005, which would eliminate your obligation for CALs completely.
—Nate McAlmond
Microsoft’s
Software Plus
Services Strategy
I read Karen Forster’s IT Pro Perspective
column “Microsoft’s Software Plus
Services Strategy” (September 2007,
InstantDoc ID 96673). IT is a very fluid
market, and you have to go with the
flow to remain competitive. I’d be disappointed
in a leader who could not
demonstrate agility.
Like any other company, Microsoft is after one thing—profit. It achieves that one thing by way of pervasiveness. Just as it does with its service stack, Microsoft will morph the definition of terms such as service- oriented architecture (SOA) in order to show that its offering is not only complete but also meets the definition and is necessary. Architects have to be wary of any company (e.g., IBM, TIBCO Software, BEA, Sun Microsystems) that does the same thing.
Microsoft is going to do whatever it takes to be pervasive and profitable. It will look at academia and do research, then will use the data gleaned from that research to build its own product map that will foster its mission of profitability and pervasiveness. SaaS is going to have to convince people to let go of their data. More importantly, because of the work that companies such as Microsoft are doing, SaaS will also have to change what we know to be true, which is that “rolling your own” ain’t really all that hard or expensive! It will be interesting to see what Microsoft does.
—galaxis13