Thursday, February 12, 2009

Single Level Active Directory Domain

If you are considering giving your Active Directory name just a single level name, don't do it. Just stop and pick a new name. If your already stuck with a single level AD domain, I feel your pain. I see the warning now when I try to fix my problems after the fact.

So whats the big deal? Windows XP and Server 2003 do not update DNS records to a single level domain. They also have issues joining a domain cross subnet. Our biggest problems show up when dealing with more then one subnet.

The main problem is that DNS will be missing records. Domain controllers have lots of integration with DNS. So if one of those is not updating its DNS records, you have a huge mess. Domain controllers failing to replicate was our big issue. Every time we added a domain controller, we ended up rebuilding the DNS records by hand. Adding the new server keys where needed. Most of the time replication would work one way but not the other. Fixing DNS fixed replication.

Over time I have uncovered more documentation and most importantly this registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]"UpdateTopLevelDomainZones"=dword:00000001

I run this on every server just to make sure. Once you run this, you will have to reboot the server so the netlogon process can register the DNS.

You can run this on your workstations if you want them in your DNS too. we opted not to for most of ours.

I believe there is now a group policy setting that sets the same value. But I do not recall where it is. If I find it, I will update this post.

The second big issue we ran into was we could not join the domain from the other subnets. In XP and 2003, Microsoft changed them to use DNS more. The computer could see the domain and tell you that it exists. It would even point out that the SRV records in DNS are correct. But it would fail to join. At some point in the process it sees the single level domain name and used netbios instead of DNS. It would work fine if on the same subnet, but with out a wins server or lmhost file it would fail.

For the longest time, we used a lmhost file to point to the domain. We built it into the default ghost image and it worked great. Then came the network restructure that ended up changing our IP range. Evey one of those file we used in the last several years had to be updated. The symptom was a 10 min login on those computers for existing users on the computer.

Here is a sample of what we put in the lmhost file

10.0.0.1 servername1 #PRE #DOM:doaminname
10.0.0.2 servername2 #PRE #DOM:domainname
10.0.0.1 "domainname \0x1b" #PRE
10.0.0.2 "domainname \0x1b" #PRE

Inside the quotes on the bottom line must be exactly 20 characters or it won't work.After saving the changes to the LMHOSTS file you have to enable NetBIOS over TCP/IP and import theLMHOSTS file.

The correct way to do this would be to set up a wins server. One experiment that I tried was to put one of the domain controllers address as the wins server and it solved our import issue. The only thing we needed a wins server for was to join computers to the domain on a different subnet. By telling the computer that the domain controller is the wins server, it was able to find it and import just fine.

So our work around was to run a registry hack on every server so they update DNS and to put in a fake wins server address that points to our domain controller for workstation importing.

Sunday, February 08, 2009

Ventrilo - Ranks and Mute/Queue Options

There are lots of reasons you may or may not want to give users their own accounts on your vent server. I use it to give me more control over a large group. Let me give you an example.



I play alot of World of Warcraft and our raid groups have 25 members. A few need to be able to talk all the time while others just talk all the time and don't stop. If you get alot of people telling everyone how to do something their special way, it just makes it more complicated for everyone else.



So I have a raid channel set up that mutes all guests to that channel. All guild members have an account so they can talk. New and random people to the group we keep silent. We want them to listen to our method. If they have a sugestion, they can send it silently to a raid leader in game to relay to the group. This option is in the channel options under "Disable Guest Account Transmitting". Checking this will keep all guests from broadcasting in that channel.



Another thing you can do is give each member a rank and mute low ranked members in a channel. I experimented with this but it does not work as smooth as I would like it to work. Im taling about the voice mode on the channel. The default option is normal that allows all ranks to talk. The other 2 options are Queued and Muted. The each act a little different but will keep ranks under a set level from broadcasting.



Queued: This one will mute everyone else while someone is talking. So only one person can broadcast at a time. It uses the Transmit Rank Level to only allow set ranks to broadcast at all. The person that gets the mic keeps it until he stops broadcasting. Once he stops, the next new broadcast gets it. The catch is if someone starts to broadcast just before they last person has released his mic, they will stay muted. I don't like this setting because someone could think they are eaying something important, but because they never got the green light it never broadcasted. I feel like I have to watch vent on a 2nd monitor to use this. The exception here is if you only have one person that will ever talk in this setting. You can adjust this setting on the fly.

Monday, February 02, 2009

Ventrilo - How to connect?

Ventrilo is a very popular voice chat program. It is used with many games to cordinate the actions of many players at once. The first step to using Vent is to get connected.

First step is to create a user name. This is the name that everyone will see when you connect. You can create a phonetic for it so it will announce when you join or leave the channel to everyone there (that have not turned that annoying feature off). Be respectfull with that because it follows you from server to server and its easy to forget you have one set up.

If its a new connection, you will need to add the server before you can connect to it. You will usualy be provided a server/port/password to enter. If they do not provide a password, you prabably do not need one.

The server can be a port or an IP address. It can look like guild.typefrag.com or 10.120.34.4. You may see the port number attached to the server name with a colin. If the port number is 12345 its possible it can look like this; guild.typefrag.com:12345 or 10.120.34.4:12345. If you are not given a port number, look closer at the sever name.

Once you add the server you can click connect. If everything is correct, you should find yourself in the root channel. From here you can double click on a channel to join it.