Comment Re:I seem to remember ... (Score 1) 201
Domain SID doesn't equal the machine SID
He is talking about the machine SID.
Having duplicated domain SIDs is still a problem.
Domain SID doesn't equal the machine SID
He is talking about the machine SID.
Having duplicated domain SIDs is still a problem.
There is so much mythology around the word SID I think people need to read up.
WSUS uses a different unique identifier called the WSUSClientID - you can and should reset this. It's not the SID.
NewSID changes the machine SID
Unjoining and rejoining changes the domain SID
They aren't the same thing and MS support should have told you that.
You need to make sure the image wasn't joined to the domain and that each new copy does it's own join.
The domain SID in a domain joined image will cause problems.
Russinovich's post is about the machine SID which is not the same thing as a domain SID.
There are two mechanisms for this.
You can run DHCPv6 and have it hand out info but not addresses via a DHCPINFORM. This also works in IPv4 also but not many know about it or use it. In a nutshell you setup a subnet but don't include a range of IPs to hand out. You simply setup DNS servers and maybe a DNS domain name, ntp, and whatnot. The clients will autoconfig but also run a dhcp client to get the DNS servers defined.
The other (and better IMHO) method is that you can include RDNSS info in the router advertisements. So for autoconfig to work you have to at least advertise the subnet and prefix that clients should use to form a complete address during autoconfig. The RDNSS (recursive DNS server) advertisements are picked up and used by the client as DNS servers. This method has less adoption but I think this is ultimately going to be the preferred method once it's supported more widely. See the radvd.conf man page for more info.
The router advertising is a part of IPv6 that is poorly understood or completely unknown to many people but they put some pretty good though into it. There is actually a mechanism to renumber an entire network using primarily router advertisements which is pretty cool.
There are a few things that you don't understand.
If you get a
You don't need to convert everything all at once. Experiment first, then roll it out on a DNS server or a mail server.
You will have to maintain two sets of addresses for the foreseeable future. So does everybody else. You can stay on IPv4 but at some point you will need to connect to somebody who can only get IPv6 addresses. That might be 3 years from now or 10 years from now but this is going to happen. IPv4 will be exhausted - this is a fact that a lot of people are having trouble dealing with but it doesn't have to big bad and scary. IPv6 isn't really that different from v4. They both pretty much do the same job - yes there are differences but once you work with for a short time it's not rocket science - it's just basic networking.
The weak part of IPv6 is ISP delivery. There is a dearth of providers who are providing dual stack to all of their customers and this is right now the biggest barrier to rapid adoption, particularly in the North American market. This is going to change pretty rapidly over the next 2 years and alredy has in other regions.
I agree that IPv6 is scary but a true geek should see this as a learning opportunity rather than a departure from a comfort zone. IT people are supposed to be ahead of the curve. Yeah - maybe you don't roll out IPv6 until their is a solid business case for deployment but there is a business case now for experimentation so that it won't be a fire drill when it comes time to deploy because of an actual business requirement.
I put up my thumb... and it blotted out the planet Earth. -- Neil Armstrong