Re: os accounts on windows servers

• From: Mostafa Eletriby <m_etrib@xxxxxxxxx>
• To: Guillermo Alan Bort <cicciuxdba@xxxxxxxxx>, niall.litchfield@xxxxxxxxx, development@xxxxxxxxxxxxxxxxx
• Date: Mon, 14 Feb 2011 05:04:00 -0800 (PST)

Dear Martin,

I recommend all your words about using Linux platform for managing Oracle 
Production Databases systems.
Windows platform is not fully compatible with Oracle products so these problems 
always appear.

If your production servers are installed at windows platform ,You shouldn't let 
them to join windows Domain at installation phases, as this is a wrong decision 
for running time performance.

You should use a Workgroup or primary DNS suffix which allow you to avoid such 
problems you may face at joining windows Domain.

Thanks

Mostafa Eletriby
Sr. Oracle Apps DBA

--- On Fri, 2/11/11, Martin Bach <development@xxxxxxxxxxxxxxxxx> wrote:

From: Martin Bach <development@xxxxxxxxxxxxxxxxx>
Subject: Re: os accounts on windows servers
To: "Guillermo Alan Bort" <cicciuxdba@xxxxxxxxx>, niall.litchfield@xxxxxxxxx
Cc: adar666@xxxxxxxxxxxx, "ORACLE-L" <oracle-l@xxxxxxxxxxxxx>
Date: Friday, February 11, 2011, 4:43 PM

Reading this reply reminded me of a situation where I inherited a 10.2.0.2 RAC 
SE on Windows 2003. 

Clusterware was installed with a domain account. That proved to be a fatal 
mistake when this particular domain the account belonged to was shut down as 
part of a migration project. After a scheduled reboot Clusterware wouldn't 
start at all. 

End of the story was a complete rebuild of the environment using local 
administrator accounts. 

Martin Bach

Oracle Certified Master 10g
http://martincarstenbach.wordpress.com
http://www.linkedin.com/in/martincarstenbach

----- Reply message -----
From: "Guillermo Alan Bort" <cicciuxdba@xxxxxxxxx>
Date: Thu, Feb 10, 2011 14:15
Subject: os accounts on windows servers
To: <niall.litchfield@xxxxxxxxx>
Cc: <adar666@xxxxxxxxxxxx>, "ORACLE-L" <oracle-l@xxxxxxxxxxxxx>


Something I'd keep in mind when installing oracle using an AD account is
password security (expiration of the domain password) and to make sure that
the software is set to run as LOCAL SYSTEM and not the DA account. That
being said, I've performed the installation using an AD account several
times and (at least the 11g installer) creates ORA_DBA group and the
services are created to run with Local System... of course, you need to be
part of the Local Administrator group, which is a good idea for the DBA to
be and administrator in a DB server anyway  (in windows, and windows only)

With all that being said, I feel it is my duty to recommend you to avoid
using windows as a server when at all possible. I've working in fairly large
environments with a lot of diversity, and it is my experience that
everything is more diffucult on windows than on unix, starting with the
damned SQLNET.AUTHENTICATION_SERVICES parameter in sqlnet.ora... Also, just
as a thought, Oracle's development platform is Linux...

Oh, and when you have to do maintenance on a DB on a Windows server and the
IT Security department tells you NOT to log in to ANY server using your AD
account because there's a virus in the network and we need to contain it...
and when they have to reboot a production DB server to apply a hotfix (which
happens a lot more often than unix patches) or when they need to reboot the
DB server because it's been up more than 90 days straight... well, that's
when you know the platform you've chosen is probably not the wisest choice.

I am sorry, I do not want this to turn into an OS Flame war... but it's just
as easy to install linux and far easier to manage in the long run...

hth
Alan.-


On Thu, Feb 10, 2011 at 7:56 AM, Niall Litchfield <
niall.litchfield@xxxxxxxxx> wrote:

> The installer will create the ORA_DBA group and add the installing user to
> it if it doesn't exist - and last time I looked would add the installing
> user if the group existed but the user wasn't a member. I feel a blog
> article coming on - especially as you might not actually want the installing
> user to become sysdba on all databases on the server.
>
> On Thu, Feb 10, 2011 at 10:17 AM, Yechiel Adar <adar666@xxxxxxxxxxxx>wrote:
>
>> No problem. All our installs are performed with domain accounts.
>>
>> The account need to a member of local administrators and also a member of
>> ORA_DBA group on the oracle server.
>>
>> Yechiel
>>
>>
>> On 09/02/2011 00:07, Joe Smith wrote:
>>
>> Where is there a document on setting up oracle users to administrator the
>> database on Windows servers?
>>
>> Our admin wants to use domain accounts with Active Directory , but that
>> does not sound right to me.
>>
>> I have looked on metalink and the install docs but have not found anything
>> yet.
>>
>> Can somebody point to a document?
>>
>>
>>
>
>
> --
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>







      

• References:
  • Re: os accounts on windows servers
    • From: Martin Bach

Other related posts:

• » os accounts on windows servers- Joe Smith
• » RE: os accounts on windows servers- Allen, Brandon
• » RE: os accounts on windows servers- TJ Kiernan
• » Re: os accounts on windows servers- Yechiel Adar
• » Re: os accounts on windows servers- Niall Litchfield
• » Re: os accounts on windows servers- Paul Drake
• » Re: os accounts on windows servers- Guillermo Alan Bort
• » Re: os accounts on windows servers- Subodh Deshpande
• » RE: os accounts on windows servers- Taylor, Chris David
• » Re: os accounts on windows servers- Martin Bach
• » Re: os accounts on windows servers - Mostafa Eletriby

1. Home
2. oracle-l
3. Archive
4. 02-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---