Lost SBS 2003 License / Linux Active Directory Question?

[pac1085]

We have SBS 2003 installed on one of our PowerEdge servers. It wasn't preloaded on the server; dell didn't offer it. We had to buy it seperatley from dell and install it ourselves.

The person who used to manage our servers is no longer with the company and we can not find the media or the COA anywhere. We need to wipe and reinstall the server.

Is there anything at all I can do to retreive this? We have all of the original reciepts.

I called microsoft, they told me to call dell, who then told me to call microsoft!


Any thoughts appreciated...















Also,

Is there any way to set up Samba or something to act as a windows domain controller? Ie...people on the network could join and log into the domain...etc, like you would with a domain hostedon a windows server.

I'd like to get away from windows but it is required by the software we run.

Thanks!

 

[spyordie007]

I called microsoft, they told me to call dell

They are correct, Dell should be managing this; not Microsoft. I dont know what Dell's policy is on this; they may or may not be able to help.

Is there any way to set up Samba or something to act as a windows domain controller?

Samba can be setup to make file shares available to Windows clients; but not as a domain controller.

There are other directory services out there (i.e. Open LDAP); but I dont know what options are available for connecting to it with Windows clients.

But just the fact that you're asking the question (esp. about Samba) would lead me to believe that you should stick with a Windows DC. You dont want to make your job any harder than it already is.

If Dell cant help you than you may be stuck buying a new license of SBS; fortunetly they are fairly inexpensive. To make your life simpler you may want to go with a software company that will manage your software licenses and agreements so they can help in the event that you loose software/media in the future.

Regards,
Erik

 

[drag]

Actually SAMBA can be a Primary Domain Controller for a bunch of Windows boxes. Also it can enter into trust relationships and whatnot.

The capabilities are limited compared to what you have with a full blown Active Directory though. As I understand it the functionality is kinda like; 'More then NT 4, less then w2k'

Here is a article on replacing NT 4 with Samba:
http://www.enterprisenetworkingplanet.com/netos/article.php/3454421

Here is a explaination of using Samba as a PDC from the official Samba-3 guide.
http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

If you want to evaluate it and try it out I strongly suggest setting up a test enviroment with a few old desktops or whatnot you have laying around. You definately don't want to blow your 2003 server away before your absolutely sure that samba can do what you need it to do.

If you need it 'right now' or anytime soon and you don't think you have the time to sit down and have yourself or your IT guy seriously 'learn Linux' (or hiher a guy/rent a consultant) then getting a replacement SBC license or buying a new one is the best course of action.

 

[spyordie007]

wow that's pretty neat; I didnt realize that functionality was built-in to samba. Thanks for the links.

 

[pac1085]

Thanks for the info.

I've been using Linux (personally, not professionaly) for 8 years now but I've never touched Samba at all.

These servers currently aren't used, so I have plenty of time to play with them.

The reason I asked about Samba was because I did remember seeing something about it acting as a domain controller, thanks drag for the links!

Going to have to look into that. We currently use Outlook as well, I found Scalix (www.scalix.com) and it looks fairly promising.

All I need to use Linux for is hosting the user profiles and e-mail. All of the other apps will run on another 2003 terminal server.

 

[Rilex]

It would not be logical to blow away Active Directory for an NT4-style domain.

And with only Windows clients, the features that Windows 2003 offers just as a file server (shadow copies being a huge one with Access-based Enumeration being a minor point) would justify sticking with it.

Tack on Exchange, and I couldn't imagine moving away from SBS (not that I use SBS, rather just full blown Win Ent + Exchange).

 

[drag]

Originally posted by: Rilex
It would not be logical to blow away Active Directory for an NT4-style domain.

Well if you don't need a AD it's kinda pointless to set one up or pay for one.

SSO is also kinda dangerous anyways, security-wise, anyways. Ya kerberos lowers the risk of people spoofing domain names and sniffing passwords and such, but so does having a switched network with firewalls. If you have a single server that is responsable for all authentication everywere and if that server gets rooted then the whole orginization is wide open. Also in terms of hosts it doesn't realy improve things to much since they are still vunerable to keyloggers and such. Basicly having a bunch of different passwords for everything compartmentalizes everything so it would help to slow a hacker down.

(this isn't something against AD or anything, you'd have the same problem going with Novell directory services or Linux with Kerberos/LDAP or Linux with Samba)

It all depends on the circumstances of course. The ability to control and manage users and their passwords from a central location can improve security quite a bit if you have to manage a few hundred users versus a couple dozen.

And with only Windows clients, the features that Windows 2003 offers just as a file server (shadow copies being a huge one with Access-based Enumeration being a minor point) would justify sticking with it.

Linux offers significant benifits as a file server itself...

Tack on Exchange, and I couldn't imagine moving away from SBS (not that I use SBS, rather just full blown Win Ent + Exchange).

Exchange is a kinda of a pain in the rear. It's ok if your going Microsoft-everything, but I think that it's difficult to deal with in a mixed enviroment. It practically only supports one specific client on only a couple specific operating systems. Most of it's features are pointless to most people and it can get expensive.

Not that I recommend abandoning it if your using it.. that's much worse a lot of the times.

Now going with a Windows with AD and Exchange and all that makes a lot of sense to a lot of people. But I don't think it's best for every situation.

One big thing were avoiding Exchange and whatnot is if you want to run a mixed enviroment at anytime in the future. Microsoft software generally doesn't integrate well with software from other vendors... especially competing software. There is a lot of lock-in.

For instance if you ever want to run Linux clients in the future that would be very difficult to make work well with Exchange. You have Exchange plugin with Evolution and such, but it's not a ideal solution.

That's just my 2 cents on the issue. If your a big orginization though and depend on Exchange and AD heavily already then it seems to me moving to a Linux solution wholesale would still be a nightmare.

Going to have to look into that. We currently use Outlook as well, I found Scalix (www.scalix.com) and it looks fairly promising.

cool. Although I have no experiance with it some people have said that Kolab seems pretty promising.
http://www.kolab.org/

They are KDE centric it seems like it and it is suppose to integrate well with the KDE groupware stuff. Also they have connector clients for Outlook. And probably with Thunderbird and such in the future.

 

[RebateMonger]

The last time I checked, SBS 2003 responded just fine to Belarc Advisor to retreive the primary license Key. I don't recall if Belarc can retreive additional CAL keys. You can find those CAL keys inside SBS in the Server Management/Licensing screen, anyway.

It's not clear to me whether you bought the OEM or the Retail version of SBS. If you bought the OEM version, then Dell would have to provide replacement CDs. If it's the Retail version, then Microsoft should provide replacements. Most SBS-specific consultants would probably have Dell OEM install CDs tucked away somewhere for emergencies. 🙂 Worst case, SBS 2003 Standard Edition is only $450 or so, anyway.

SBS 2003 is quite reliable, fairly easy to use, and gives you Exchange Server, which works quite handily with Outlook 2003. I just finished doing an install of a new SBS 2003 network OVER THE PHONE with a client. We sent about 5.5 hours setting up the whole Server, Email system, public DNS records, the router, and a couple of clients. He set up the rest of the clients.

He now has his own email system, a functional Active Directory Domain Controller, full remote access to his server and to all of his client PCs, a functional internal SharePoint collaboration site, daily emailed server performance reports, and automated daily backups.I suspect it'll take you longer than six hours to do that with Linux unless you are really good at it.

 

[Rilex]

Originally posted by: drag
Well if you don't need a AD it's kinda pointless to set one up or pay for one.

But they've already paid for it...

If you have a single server that is responsable for all authentication everywere and if that server gets rooted then the whole orginization is wide open.

You need to think about SBS' target market, though. It is unlikely that they would want to pay for multiple servers. In many non-tech centric small businesses, servers are just an expense and not an investment (though techies obviously think different 🙂).

Linux offers significant benifits as a file server itself...

Such as? If CIFS performance is something you're worried about, just disable all signing security etc. to bring SBS security down to the level of Samba.

Exchange is a kinda of a pain in the rear. It's ok if your going Microsoft-everything, but I think that it's difficult to deal with in a mixed enviroment. It practically only supports one specific client on only a couple specific operating systems. Most of it's features are pointless to most people and it can get expensive.

The OPs environment doesn't sound mixed, except for a few "spare" boxes. Since SBS comes with all the licensing (which the OP already has), cost is irrelevant.

Exchange is very easy to manage, even in large orgs.

For instance if you ever want to run Linux clients in the future that would be very difficult to make work well with Exchange. You have Exchange plugin with Evolution and such, but it's not a ideal solution.

I think this is a pretty weak example, you even give yourself a workaround. OWA is also an effective solution that works on any platform -- or OMA, that works on any phone with a browser. Not only that, but I think you're forgetting the option of using the POP or IMAP connector with Exchange. That opens up to virtually any client.

 

[drag]

You need to think about SBS' target market, though. It is unlikely that they would want to pay for multiple servers. In many non-tech centric small businesses, servers are just an expense and not an investment (though techies obviously think different ).

What size orginizations are you talking about? If your small enough that all you'd need for one server I'd think it make more sense to have other people deal with Email and such.

I figure it'd make more sense just to go with a flat filing system and let people have local accounts on their computers then go with Active Directory and a Exchange server. Let the company's ISP deal with email accounts and doing backups and fighting viruses and spam. After all for a small business account with they are already probably paying for it.

Have a guy come in every couple months to do upgrades and double check the backups and that would be that.

Such as? If CIFS performance is something you're worried about, just disable all signing security etc. to bring SBS security down to the level of Samba.

Well, no need to deal with CALs for instance. Performance is another for some people, which I don't worry about so much. I like how software raid combined with LVM is very nice and fast in Linux. I like how remote management with ssh is so easy and effective. It's basicly the same as running the system locally.. and the scripting and whatnot that goes with it.

Most other stuff doesn't realy matter until you get up to the point were you have the need to deal with large amounts of information with high aviability clustering and whatnot.

On the "small business server" scale, a file server is a file server, it doesn't realy matter so much what OS you use.

I think this is a pretty weak example, you even give yourself a workaround. OWA is also an effective solution that works on any platform -- or OMA, that works on any phone with a browser. Not only that, but I think you're forgetting the option of using the POP or IMAP connector with Exchange. That opens up to virtually any client.

How do you think that Exchange plugin for Evolution Email works? It scrapes the OWA stuff for Exchange to work. It's miserable. Also only the basic version works with anything other then IE. If you use the premium version then it's a Windows-only, IE-only thing again.

The best thing to do is simply to avoid using Exchange as much as possible, which I understand is impossible/undesirable for a lot of people. Then again plenty of big companies and medium companies and small companies never use Exchange and they are perfectly ok for it.

Although I don't expect most people to care about anything other then Windows desktops. 🙂

If you want a Linux-based "end to end" solution with integrated servers and clients and directory services and whatnot it's possible to do it at this point. Novell offers their own 'SBS' with directory services, groupware, novell linux desktop, and such.

 

[Rilex]

What size orginizations are you talking about?

SBS supports up to 75. You gotta remember that SBS is more than just AD/File Server/Exchange, as well. You're going to go local accounts when each employee jumps from computer to computer every day? That would be a nightmare.

Have a guy come in every couple months to do upgrades and double check the backups and that would be that.

Which is exactly what SBS has in mind, if there are no employees willing to check on it every now and then.

Well, no need to deal with CALs for instance.

Since CALs don't protect data like Shadow Copies do, that isn't a very good plus. One document from a small business could be worth more than 20 CALs.

I like how software raid combined with LVM is very nice and fast in Linux.

Sorta like Dynamic Disks and Software RAID in Windows...

I like how remote management with ssh is so easy and effective.

Or with Terminal Services and/or remote applications such as Computer Management you get an easy-to-use and quick interface...and if you knew how, you could script changes.

I'm seeing exactly zero pluses to Samba, here.

It scrapes the OWA stuff for Exchange to work. It's miserable.

As does Entourage, but it isn't bad.

Also only the basic version works with anything other then IE. If you use the premium version then it's a Windows-only, IE-only thing again.

Not a big deal in the OPs situation. Even basic OWA is better than most of the web interfaces out there regardless.

The best thing to do is simply to avoid using Exchange as much as possible

Terrible and ignorant advice. The best thing to do is to look at the requirements needed by the customer, then make a determination instead of using political bullshit to justify the product you use.

Novell offers their own 'SBS' with directory services, groupware, novell linux desktop, and such.

Market and mindshare must be non-existant 😉

 

[RebateMonger]

Originally posted by: drag
What size orginizations are you talking about? If your small enough that all you'd need for one server I'd think it make more sense to have other people deal with Email and such.

My wife's company has two people, and a Small Business Server 2003. They used to have HORRIBLE reliability problems with their ISP's (Cox and Qwest) email systems. You can't count on other people to run your email system properly. Other clients that used their ISP or other name-brand hosts had problems with disappearing emails and downtime. Those problems went away when they got their own mailserver.

The best thing to do is simply to avoid using Exchange as much as possible, which I understand is impossible/undesirable for a lot of people. Then again plenty of big companies and medium companies and small companies never use Exchange and they are perfectly ok for it.

I've had zero problems with the Exchange 2003 servers (part of SBS) at my clients. Managing an Exchange 2003 server is pretty easy, nowadays. One of my cleints is a fifteen-person company that receives 1.5GB of (legitmate) email a week and both XP and Macintosh client PCs. Their only problem was they kept filling up the old 16GB limit of Exchange Standard Edition. But the new 75GB limit made that a non-problem. Even the companies with only a few people appreciate the shared calendars and shared contact lists, and the ability to see them anywhere, from any computer.

 

[drag]

For the record I am perfectly well aware of windows terminal services and dynamic disks and Window's ability to use software raid. Still though Linux software raid and lvm is a advantage over Windows, IMO.

Ssh also rocks the house. The GUI is optional. You can use ssh to do gui if you want, or if you don't want. It'll do file transfers just fine. The scriptability is very high, especially if you have something like a directory system setup. You can setup port forwarding with it, you can use it as a vehicle for using rsync. You can do vpn with it. It's pretty nice.

Of course other people are going to have different opinions. And also I stated before MS SBS is suitable for a lot of people in different situations, I just think it's better to avoid using it if you can.

As for shadow copying or whatnot Microsoft is one of the few companies that I know of that will take a fairly universal item like filesystem snapshotting and try to sell it as something brand new with their latest server revision. Most server operating systems have multiple ways to do this and linux is no exception.

It's certainly a very convenient thing to have, but that's it. If joe-blow CEO deletes his file for instance it's not going to garrentee that:
1. the restored version is going to have the information that is needed. If the snapshots are not done frequently enough then it could be full of stale information.
2. that when he goes back 2-3 weeks later and realises that he deleted it,or it's corrupted, there is no garrentee that it will still be able to be restored. If the updates are done too frequently then all the avaible 'shadow copies' would of been cycled out of existance.

So as a administrator you have to very carefull to make it understood to everybody that while it seems like they can go around deleting files and if they make a mistake then they can undelete them, that this is in fact not what is happenning and is it dependable. That is when it is functioning perfectly there is no garrentee against data loss.

In fact if I have it enabled I probably wouldn't even tell anybody about it since it would be so very easy to being lulled into a false sense of security by it.

Also it's not going to protect you against file system corruption, hardware failure, nor it is going to provide a secure way to store files in case the server gets hacked and you need to restore from trusted media. It's no substitute for real backups and it's no substitute for intellegent file management by end users (like backing up their own information to cd, for their own use, or keeping multiple revisions of important files they are working on)

What it is good for is that it's very convienent undelete++ that people can use without needed to know the technical details as long as it was setup by somebody that does understand the technical details.