Domain Admins
598
edits
Changes
From Pumping Station One
mLine 1:
Line 1: − Line 25:
Line 24: − + − + − + Line 38:
Line 37: − + − + Line 47:
Line 46: − + + − + − + − + − + Line 68:
Line 68: − + + + + + +
adding systems category
Most of the stuff on this list needs to be carefully to not heavily disrupt existing services, and carries risk of destruction if done incorrectly.
Most of the stuff on this list needs to be carefully to not heavily disrupt existing services, and carries risk of destruction if done incorrectly.
* nginx on bob
* nginx on bob
** Failed last time it was rebooted, appears to be DNS related. I believe I fixed it, but havn't tested it yet --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT)
** Failed last time it was rebooted, appears to be DNS related. I believe I fixed it, but havn't tested it yet --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT)
* Some of the vms don't wake up, despit having the "start on boot" option checked.
* Some of the vms don't wake up, despit having the "start on boot" option checked.
** The DHCP server is notably not starting on boot.
** The DHCP server is notably not starting on boot.
== Second Domain Controller ==
== Second Domain Controller ==
* Justin joined a second domain Controller to the domain. It replicates, but did not get it's dns entires created
* Justin joined a second domain Controller to the domain. It replicates, but did not get it's dns entires created
** The samba guys recommend setting up and using bind. This has a couple issues:
** The samba guys recommend setting up and using bind. This has a couple issues:
*** Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/
*** Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/
*** getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29
*** getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29
== Move VPN off of bob ==
== Move VPN off of bob ==
Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. The vpn services should be moved off the domain controller
Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. The vpn services should be moved off the domain controller
== All proxmox VMs need to be on the raid ==
== All proxmox VMs need to be on the raid ==
A few proxmox VM's have been created on the their hypervisors local hard drive. The option to do this has been removed, but the machines that were originally setup that way still exist.
A few proxmox VM's have been created on the their hypervisors local hard drive. The option to do this has been removed, but the machines that were originally setup that way still exist.
Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT)
Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT)
== GPO Updates ==
== GPO Updates ==
All windows machines hooked into hardware should have GPO settings to disable all power saving settings.
* All windows machines hooked into hardware should have GPO settings to disable all power saving settings.
* Enable remote desktop on workstations
== User caching ==
== User caching ==
This came up on the mailing list. The relevant Microsoft article is here: http://support.microsoft.com/kb/172931
This came up on the mailing list. The relevant Microsoft article is here: http://support.microsoft.com/kb/172931
It looks like a good idea, but the article doesn't reference windows 8. If it works on windows 8, it looks straight forward to add to the GPO.
It looks like a good idea, but the article doesn't reference windows 8. If it works on windows 8, it looks straight forward to add to the GPO.
== Sysvol syncing ==
== Sysvol syncing ==
samba doesn't do automatic /sysvol replication. An automatic syncing process should be setup between bob and dc01. see https://wiki.samba.org/index.php/SysVol_Replication for reference.
samba doesn't do automatic /sysvol replication. An automatic syncing process should be setup between bob and dc01. see https://wiki.samba.org/index.php/SysVol_Replication for reference.
== Systems Monitoring solution ==
== Systems Monitoring solution ==
We had an nagios instance. We don't now. A general purpose monitor solution would be nice. A lot of our equipment seems to support being monitored.
We had an nagios instance. We don't now. A general purpose monitor solution would be nice. A lot of our equipment seems to support being monitored.
* Deploy montoring VM
* Deploy montoring VM
== Backups ==
== Backups ==
I have a test setup for all saltstack configured boxes to be backed up to glacier. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 20:00, 18 September 2014 (CDT)
I have a test setup for all saltstack configured boxes to be backed up to glacier. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 20:00, 18 September 2014 (CDT)
The space should get an aws account with glacier, and all existing backups should be pointed at that instead.
The space should get an aws account with glacier, and all existing backups should be pointed at that instead.
== Enable Remote Desktop for Domain Admins ==
Enable remote desktop for domain admins as a gpo setting.
[[Category:Systems]]
