[ActiveDir] Logon scripts

[Charlie Hope-Lang]

Morning all,

 

Does the logon script run with the user rights of the user logging on??

 

Ie Can we install an MSI from the logon script with out running installer with 
elevated privileges if the user has user rights to the local machine??

 

 

Cheers

 

Charlie



--


   http://www.channel5.co.uk/

--
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir]

[tmccabe]


ImCr :ý-Â
pmamtsi1.mtl.bceemergis.comsmtp1.emergis.com[EMAIL PROTECTED]c=ca;a=immedia;p=mpact;l=MTL-GW-020207180547P1RP9909
L
669-a-logs@e[EMAIL PROTECTED]o.cEwLsReceived:
 from pmamtsi1.mtl.bceemergis.com (smtp1.emergis.com [192.139.197.95]) by 
MTL-GW-02.bceemergis.com with SMTP (Microsoft Exchange Internet Mail Service Version 
5.5.2653.13)
id P1RP9909; Thu, 18 Jul 2002 01:47:10 -0400
Received: from mail.activedir.org (mail.activedir.org [64.245.160.7])
by pmamtsi1.mtl.bceemergis.com (8.9.3+Sun/8.9.3) with ESMTP id AAA27443
for [EMAIL PROTECTED]; Thu, 18 Jul 2002 00:19:26 -0400 (EDT)
Received: from mail.nucleus.com [207.34.101.2] by mail.activedir.org with ESMTP
  (SMTPD32-6.06) id A1B98000186; Thu, 18 Jul 2002 00:19:05 -0400
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Autoreply: [ActiveDir Digest]
From: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
Message-Id: [EMAIL PROTECTED]
Date: Wed, 17 Jul 2002 22:19:02 -0600
Precedence: bulk
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]

Im away from the office from July 17th back bright and early July 22nd.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] GPO's in W2K AD setup with XP clients

[Abbiss, Mark]

Dear All,

I am planning to use GPO's to control a number of XP clients in a W2K AD
setup. Currently we have no GPO's, other than the default domain policy. I
have imported the .ADM files from XP into a W2K DC and want to use the
Computer Configuration\Administrative Templates\System Restore options to
control who can and cannot restore their system.

The default behaviour is to allow everyone the ability to use system restore
but when attempting it on a workstation, I am confronted with the message
that tells me I do not have sufficient security privilages. If the defualt
behaviour is set to allow restore throughout the domain, where does this
security issue come from ?

I thought perhaps it might be the Computer Configuration local security
settings, so to test I added the group Everyone to all of the various local
security settings.

When I tried again to restore the system I got a new message saying that
system restore is not able to protect the computer and to restart the system
and try restore again !!

How can I use GPO's and System Restore in my environment !?!?!

Many thanks,

Mark

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO's in W2K AD setup with XP clients

[Tony Murray]

Mark

You must have either Administrator or Backup Operator permissions on the computer to 
perform a restore.  

I could be wrong, but I believe the GPO setting makes the restore option available, 
but it does not confer the necessary rights.

Tony

-- Original Message --
From: Abbiss, Mark [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 18 Jul 2002 13:08:39 +0200

Dear All,

I am planning to use GPO's to control a number of XP clients in a W2K AD
setup. Currently we have no GPO's, other than the default domain policy. I
have imported the .ADM files from XP into a W2K DC and want to use the
Computer Configuration\Administrative Templates\System Restore options to
control who can and cannot restore their system.

The default behaviour is to allow everyone the ability to use system restore
but when attempting it on a workstation, I am confronted with the message
that tells me I do not have sufficient security privilages. If the defualt
behaviour is set to allow restore throughout the domain, where does this
security issue come from ?

I thought perhaps it might be the Computer Configuration local security
settings, so to test I added the group Everyone to all of the various local
security settings.

When I tried again to restore the system I got a new message saying that
system restore is not able to protect the computer and to restart the system
and try restore again !!

How can I use GPO's and System Restore in my environment !?!?!

Many thanks,

Mark

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Logon scripts

[John Hicks/MIS/HQ/KEMET/US]

Yes, I beleive that you would have to run it with Elevated priveleges. 






Charlie Hope-Lang [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
07/18/2002 04:16 AM
Please respond to ActiveDir

To:[EMAIL PROTECTED]
cc:(bcc: John Hicks/MIS/HQ/KEMET/US)
Subject:[ActiveDir] Logon scripts


Morning all,

 

Does the logon script run with the user rights of the user logging on??

 

Ie Can we install an MSI from the logon script with out running installer with elevated privileges if the user has user rights to the local machine??

 

 

Cheers

 

Charlie



--


http://www.channel5.co.uk/

--
List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

[David N. Precht]

Can you stop OOOs and autoreplies from hitting the ActiveDir List ?

Thanks.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 18, 2002 00:19
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Autoreply: [ActiveDir Digest]


Im away from the office from July 17th back bright and early July 22nd.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Sites and Services

[Morgan, Joshua]

Are there any issues with renaming the Default-First-Site-Name?

Also can I set up a site and not have a DC in it?






Joshua Morgan
PROFITLAB
Senior Network Engineer
PH: (864) 250-1350 Ext 133
Fax: (413) 581-4936
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info

The greatest glory is not in never failing, but in rising up every time we
fall.
-- Confucius 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

[Andy David]

Could you stop posting these to the list as well? Email him offline if they
bug you.


-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 8:39 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest]


Can you stop OOOs and autoreplies from hitting the ActiveDir List ?

Thanks.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 18, 2002 00:19
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Autoreply: [ActiveDir Digest]


Im away from the office from July 17th back bright and early July 22nd.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

--
The information contained in this email message is privileged and confidential 
information intended only for the use of the individual or entity to whom it is 
addressed.  If the reader of this message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copy of this message is 
strictly prohibited.  If you have received this email in error, please immediately 
notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or 
email ([EMAIL PROTECTED]) and delete the message.  Thank you.

==

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

[David N. Precht]

David, my mistake.  I thought I replaced the list with person in
question.  I didn't.  It was then too late.

My apologies.
Dave

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Andy David
Sent: Thursday, July 18, 2002 08:47
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest]


Could you stop posting these to the list as well? Email him offline if
they bug you.


-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 8:39 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest]


Can you stop OOOs and autoreplies from hitting the ActiveDir List ?

Thanks.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 18, 2002 00:19
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Autoreply: [ActiveDir Digest]


Im away from the office from July 17th back bright and early July 22nd.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


--
The information contained in this email message is privileged and
confidential information intended only for the use of the individual or
entity to whom it is addressed.  If the reader of this message is not
the intended recipient, you are hereby notified that any dissemination,
distribution or copy of this message is strictly prohibited.  If you
have received this email in error, please immediately notify Veronis
Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email
([EMAIL PROTECTED]) and delete the message.  Thank you.


==

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Educating users on proper AD use ;-)

[Robbie Allen]

Title: Message



There 
are a couple options although neither may be ideal.

First, 
you can go to Start - Search - For Files or 
Folders
At the 
bottom of the left pane is "Search for other items:" and underneath that is a 
link for "Computers"

Second 
is after you browse to the domain as you mentioned below, right click on the 
domain and select "Find".
You 
can then save the search by selecting File - Save Search
Problem with this option in its default state is that it executesa 
search whenopened (even if no criteria are entered).

Ibelieve both of these options can be customized to some extent, 
but I haven't seen any documentation on it.

Robbie 
Allen
Cisco 
Systems Enterprise Management
Coauthor of "Managing Enterprise Active Directory 
Services"

  
  -Original Message-From: Ken Rinehart 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 
  2002 11:23 AMTo: [EMAIL PROTECTED]Subject: 
  RE: [ActiveDir] Educating users on proper AD use ;-)
  I 
  got one response telling me I could limit who sees the OrgUnits in AD 
  (obviously) but other than that I haven't heard much.
  
  Ken
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of 
SEYBOLDT,VOLKER (HP-Germany,ex1)Sent: Wednesday, July 17, 
2002 6:35 AMTo: '[EMAIL PROTECTED]'Subject: 
RE: [ActiveDir] Educating users on proper AD use ;-)
Hi 
Ken,

this is an interesting point. Did you get 
any response on this?

Volker

  -Original Message-From: Ken Rinehart 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, July 16, 
  2002 6:39 PMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Educating users on proper AD use ;-)
  Hello 
  I understand that Microsoft wants users to get 
  away from Network Neighborhood and start using features of Active 
  Directory. In most of the books that I have there is mention of this 
  and that "eventually" you won't have to use Network Neighborhood and 
  broadcast based browsing will go away. But what will replace 
  it? I want to turn it off across my officespace so I have no NBT 
  broadcast browsing. 
  I'm at a crossroads where I've just setup a 
  native AD and want to use it "properly" and get users to make a 
  behavioral change when accessing resources. So far I'm familiar with 
  the standard My Network Places - Entire Network - Entire Contents 
  - where there is then a choice for "Microsoft Windows Network" and 
  "Directory - AD Domain" Double clicking this shows you all 
  your OrgUnits but is this something you really want your users to 
  see? Seems way to confusing and I'd rather not having them poking 
  around looking at who my DCs are!. The alternative of course is to 
  right click on your AD domain and choose "Find" which is better but most 
  users will never figure this out. Is there a more direct way of 
  acessing this utility? So I could use a GP to put it on all desktops 
  or something. I'm so tired of browsing :-(
  Ken- 

RE: [ActiveDir] Group into local admin at domain join

[Wicklund, Robert]

Keep in mind.this does not append.it replaces the current access
with whatever you specify in that list.

Robert Wicklund, MCP/MCSE 
Global Crossing Ltd., Manager Network Computing 
95 N. Fitzhugh Street Rochester, NY 14614
ph.  585.255.8936cell 716.721.1825
 

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 17, 2002 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Group into local admin at domain join

I think this is best done as part of the login script.  You can use the
following command as part of the login script:

net localgroup administrators mydom\mygroup /add

or use an ADSI script as part of your login script.

I believe it is also possible to set the group membership using Group
Policy.  The drawback (or advantage) of this approach is that the GPO will
throw out any other groups that may have been added by other processes, e.g.
SMS.

Tony

-- Original Message --
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 17 Jul 2002 15:58:39 +0100


Hi All,

I don't know if this possible :-

I would like another group added to the local administrator group of PC's
when they are joined to the domain, i.e. as the Domain admin group is
automatically added. It would be even better if this could be done at an OU
level...

Any ideas?

Thanks

Robert Rutherford
MIS Department - DEK
+44 (0)1305 208232
+44 (0)7970 122362




This E-mail and any files transmitted with it are in 
commercial confidence and intended solely for the use of
the individual or entity to whom they are addressed.
If you have received this E-mail in error please notify the 
Administrator by E-mail ([EMAIL PROTECTED]).

Any views or opinions expressed are solely those of the
author and do not necessarily represent those of 
DEK Printing Machines Ltd., or its affiliates.

This footnote signifies that this message has been 
checked for viruses using Norton and McAfee.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




Wicklund, Robert.vcf
Description: Binary data

RE: [ActiveDir] Password Change for 100% Remote User Workstations

[Kazimer Jef]

Title: Message



Gene,

Take a look at your VPN connection. Are you logging into the 
workstation, opening a tunnel, and doing their work.

OR

Are you logging into the workstation, opening the tunnel, 
logging out, and logging back into the now connected 
workstation?

If notthe user will not be flagged that their password is about to 
expire, and will end up being locked out.

We had the same issue, and have solved it.

Jef

  
  -Original Message-From: Molloy, Gene S. 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:37 
  PMTo: [EMAIL PROTECTED]Subject: Password 
  Change for 100% Remote User Workstations
  We are having problems with users being able to change their passwords when 
  they expire. The users having the problem are 100% remote. Very 
  rarely do they connect to our private network.
  Most of the time they use VPN over a dial up connection. 
  I am wondering how other people are dealing with this problem. I 
  really do not want to set passwords to never expire.
  Any help would be greatly appreciated.
  Thanks,
  Gene Molloy

RE: [ActiveDir] Password Change for 100% Remote User Workstations

[Molloy, Gene S.]

Title: Message



Jef,

They 
are logging into W2K Pro with cached password information. Connection to 
local Internet POP then launching VPN connection.

That 
is how our typical user works.

Gene

  
  -Original Message-From: Kazimer Jef 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 9:43 
  AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Password Change for 100% Remote User 
  Workstations
  Gene,
  
  Take a look at your VPN connection. Are you logging into 
  the workstation, opening a tunnel, and doing their work.
  
  OR
  
  Are you logging into the workstation, opening the tunnel, 
  logging out, and logging back into the now connected 
  workstation?
  
  If notthe user will not be flagged that their password is about to 
  expire, and will end up being locked out.
  
  We had the same issue, and have solved it.
  
  Jef
  

-Original Message-From: Molloy, Gene 
S. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 
10:37 PMTo: [EMAIL PROTECTED]Subject: 
Password Change for 100% Remote User Workstations
We are having problems with users being able to change their passwords 
when they expire. The users having the problem are 100% remote. 
Very rarely do they connect to our private network.
Most of the time they use VPN over a dial up connection. 
I am wondering how other people are dealing with this problem. I 
really do not want to set passwords to never expire.
Any help would be greatly appreciated.
Thanks,
Gene Molloy

[ActiveDir] Sort of OT: other Protocols

[Morgan, Joshua]

I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers.
This environment experienced problems the other day because of a lack of
name resolution between the Servers.
I was asked by management to look at netbeui as a backup incase standard
TCPIP name Resolution failed...
Here is what I have set up...
On each machine I have 2 Nic's, 1 nic on each machine is dedicated to IP and
1 Nic is dedicated to NetBeui.

Does anyone see any issues with this?







Joshua Morgan
PROFITLAB
Senior Network Engineer
PH: (864) 250-1350 Ext 133
Fax: (413) 581-4936
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info

The greatest glory is not in never failing, but in rising up every time we
fall.
-- Confucius 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Group into local admin at domain join

[Tony Murray]

Robert,

When you say, this does not append, what are you referring to?

a) net localgroup method.  I disagree, this does an append.
b) GPO method.  I agree, this does a replace.  This was the point I was trying (albeit 
not very clearly) to make.

BTW, as Byron pointed out earlier, if using the net localgroup or ADSI method the 
startup script should be used and not the login script.

Tony

-- Original Message --
From: Wicklund, Robert [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 18 Jul 2002 10:18:12 -0400

Keep in mind.this does not append.it replaces the current access
with whatever you specify in that list.

Robert Wicklund, MCP/MCSE 
Global Crossing Ltd., Manager Network Computing 
95 N. Fitzhugh Street Rochester, NY 14614
ph.  585.255.8936cell 716.721.1825
 

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 17, 2002 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Group into local admin at domain join

I think this is best done as part of the login script.  You can use the
following command as part of the login script:

net localgroup administrators mydom\mygroup /add

or use an ADSI script as part of your login script.

I believe it is also possible to set the group membership using Group
Policy.  The drawback (or advantage) of this approach is that the GPO will
throw out any other groups that may have been added by other processes, e.g.
SMS.

Tony

-- Original Message --
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 17 Jul 2002 15:58:39 +0100


Hi All,

I don't know if this possible :-

I would like another group added to the local administrator group of PC's
when they are joined to the domain, i.e. as the Domain admin group is
automatically added. It would be even better if this could be done at an OU
level...

Any ideas?

Thanks

Robert Rutherford
MIS Department - DEK
+44 (0)1305 208232
+44 (0)7970 122362




This E-mail and any files transmitted with it are in 
commercial confidence and intended solely for the use of
the individual or entity to whom they are addressed.
If you have received this E-mail in error please notify the 
Administrator by E-mail ([EMAIL PROTECTED]).

Any views or opinions expressed are solely those of the
author and do not necessarily represent those of 
DEK Printing Machines Ltd., or its affiliates.

This footnote signifies that this message has been 
checked for viruses using Norton and McAfee.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Sort of OT: other Protocols

[Bjelke John A Contr AFRL/VSIO]

What about using hosts files as a fail over for DNS? Seems like less work to
me.
  
 John A. Bjelke
  UNISYS
Systems administrator
505.846.5894
[EMAIL PROTECTED]


-Original Message-
From: Morgan, Joshua [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 8:45 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Sort of OT: other Protocols


I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers.
This environment experienced problems the other day because of a lack of
name resolution between the Servers.
I was asked by management to look at netbeui as a backup incase standard
TCPIP name Resolution failed...
Here is what I have set up...
On each machine I have 2 Nic's, 1 nic on each machine is dedicated to IP and
1 Nic is dedicated to NetBeui.

Does anyone see any issues with this?







Joshua Morgan
PROFITLAB
Senior Network Engineer
PH: (864) 250-1350 Ext 133
Fax: (413) 581-4936
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info

The greatest glory is not in never failing, but in rising up every time we
fall.
-- Confucius 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Sort of OT: other Protocols

[Morgan, Joshua]

The quote from our CIO was that if caught any developer using IP addresses
in their code he would fire them on the spot.






Joshua Morgan
PH: (864) 250-1350 Ext 133
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info


-Original Message-
From: Andy Grafton [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 10:56 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Sort of OT: other Protocols




 I have an Isolated environment that runs SQL 2000 and Windows 2000
Servers.
 This environment experienced problems the other day because of a lack 
 of name resolution between the Servers.

Not answering the question, but if that's the problem and you can get around
it with NetBEUI, why not use the IP addresses of the machines instead of the
name?

All the best,

Andy
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Sort of OT: other Protocols

[Morgan, Joshua]

I have since added that






Joshua Morgan
PH: (864) 250-1350 Ext 133
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info


-Original Message-
From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 11:02 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Sort of OT: other Protocols


What about using hosts files as a fail over for DNS? Seems like less work to
me.
  
 John A. Bjelke
  UNISYS
Systems administrator
505.846.5894
[EMAIL PROTECTED]


-Original Message-
From: Morgan, Joshua [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 8:45 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Sort of OT: other Protocols


I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers.
This environment experienced problems the other day because of a lack of
name resolution between the Servers. I was asked by management to look at
netbeui as a backup incase standard TCPIP name Resolution failed... Here is
what I have set up... On each machine I have 2 Nic's, 1 nic on each machine
is dedicated to IP and 1 Nic is dedicated to NetBeui.

Does anyone see any issues with this?







Joshua Morgan
PROFITLAB
Senior Network Engineer
PH: (864) 250-1350 Ext 133
Fax: (413) 581-4936
[EMAIL PROTECTED]
http://www.profit-lab.com
http://ncontrol.info

The greatest glory is not in never failing, but in rising up every time we
fall.
-- Confucius 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Sort of OT: other Protocols

[Andy Grafton]

 The quote from our CIO was that if caught any developer using IP addresses
 in their code he would fire them on the spot.

And using NetBEUI as a backup protocol on a production system is better?

Andy



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] LDAP failover/load balancing

[Fugleberg, David A]

We have some J2EE application servers which we have configured to authenticate via 
LDAP against our Active Directory.  The configuration of the app server allows only 
one LDAP server to be specified.  If that one DC were to fail, the app servers would 
be unable to find the directory even though we have many other DCs in the domain.  I 
desperately want to put some failover solution in place before that happens.

Are any of you facing similar situations ?  What products or techniques are you using 
to get around the issue ?  I'm thinking either some kind of hardware load balancer 
(like cisco's product) or some kind of an LDAP proxy on another box.  Although I've 
seen it work in the lab, I don't wish to upgrade the DCs to W2K-AS just to get NLB for 
this.

Any suggestions ?

Dave 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] AD and NDS

[John Hicks/MIS/HQ/KEMET/US]

We are in the process of migrating our NT 4 domain to AD. We currently use NDS as our primary directory service. We are using Account Manager to migrate our users and computer accounts into the AD domain form the NT 4 domain. We experienced problems getting IDs created in Novell Console 1 and MMC console to populate the changes in the other directory. Has anyone gone through this process yet? If so, do you have any tips or resources for info on the subject. Both Novell and Microsoft have docs, but they both just bash teh others product. Any help would be greatly appreciated.

Thanks,

Jonathan Hicks
Network Engineer
KEMET Electronics Corp
864-228-4473
[EMAIL PROTECTED]

RE: [ActiveDir] Group into local admin at domain join

[Wicklund, Robert]

Tony,

Option b.  Of courseas alwaysi didn't read the last line.  We are
using a VB script so we execute this in Logon script.  Thanks

Robert Wicklund, MCP/MCSE 
Global Crossing Ltd., Manager Network Computing 
95 N. Fitzhugh Street Rochester, NY 14614
ph.  585.255.8936cell 716.721.1825
 

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 10:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Group into local admin at domain join

Robert,

When you say, this does not append, what are you referring to?

a) net localgroup method.  I disagree, this does an append.
b) GPO method.  I agree, this does a replace.  This was the point I was
trying (albeit not very clearly) to make.

BTW, as Byron pointed out earlier, if using the net localgroup or ADSI
method the startup script should be used and not the login script.

Tony

-- Original Message --
From: Wicklund, Robert [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 18 Jul 2002 10:18:12 -0400

Keep in mind.this does not append.it replaces the current access
with whatever you specify in that list.

Robert Wicklund, MCP/MCSE 
Global Crossing Ltd., Manager Network Computing 
95 N. Fitzhugh Street Rochester, NY 14614
ph.  585.255.8936cell 716.721.1825
 

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 17, 2002 11:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Group into local admin at domain join

I think this is best done as part of the login script.  You can use the
following command as part of the login script:

net localgroup administrators mydom\mygroup /add

or use an ADSI script as part of your login script.

I believe it is also possible to set the group membership using Group
Policy.  The drawback (or advantage) of this approach is that the GPO will
throw out any other groups that may have been added by other processes, e.g.
SMS.

Tony

-- Original Message --
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 17 Jul 2002 15:58:39 +0100


Hi All,

I don't know if this possible :-

I would like another group added to the local administrator group of PC's
when they are joined to the domain, i.e. as the Domain admin group is
automatically added. It would be even better if this could be done at an OU
level...

Any ideas?

Thanks

Robert Rutherford
MIS Department - DEK
+44 (0)1305 208232
+44 (0)7970 122362




This E-mail and any files transmitted with it are in 
commercial confidence and intended solely for the use of
the individual or entity to whom they are addressed.
If you have received this E-mail in error please notify the 
Administrator by E-mail ([EMAIL PROTECTED]).

Any views or opinions expressed are solely those of the
author and do not necessarily represent those of 
DEK Printing Machines Ltd., or its affiliates.

This footnote signifies that this message has been 
checked for viruses using Norton and McAfee.


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




Wicklund, Robert.vcf
Description: Binary data

RE: [ActiveDir] AD and NDS

[Gil Kirkpatrick]

Title: Message



Can 
you describe the problems?

-gil

  
  -Original Message-From: John 
  Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Thursday, 
  July 18, 2002 10:25 AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] AD and 
  NDSWe are in the process 
  of migrating our NT 4 domain to AD. We currently use NDS as our primary 
  directory service. We are using Account Manager to migrate our users and 
  computer accounts into the AD domain form the NT 4 domain. We experienced 
  problems getting IDs created in Novell Console 1 and MMC console to populate 
  the changes in the other directory. Has anyone gone through this process yet? 
  If so, do you have any tips or resources for info on the subject. Both Novell 
  and Microsoft have docs, but they both just bash teh others product. Any help 
  would be greatly appreciated. Thanks, Jonathan 
  Hicks Network Engineer 
  KEMET Electronics Corp 864-228-4473 [EMAIL PROTECTED]

RE: [ActiveDir] New AD announced for web apps.

[Robbie Allen]

Stuart Kwan had mentioned this was coming at the Directory Experts
Conference in May.  Ultimately I think it could be a good thing if Microsoft
starts to treat AD as a separate product instead of just an add-on to
Windows 2000/.NET.  I don't see the benefit to what they are saying about
needing to set-up an entire operating system environment as is now
mandated.  You can setup standalone AD servers that act as LDAP servers
today.  Perhaps they can limit the DNS requirements, but other than that it
still has to go on a Windows OS.  I think this has a lot to do with the
perception of AD as a NOS-only directory and not a true competitor to Sun or
Novell in the app space.

Robbie Allen
Cisco Systems Enterprise Management
Coauthor of Managing Enterprise Active Directory Services

 -Original Message-
 From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, July 18, 2002 1:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] New AD announced for web apps.
 
 
 http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
 vedirectory.xm
 l
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New AD announced for web apps.

[Gil Kirkpatrick]

The big issue using AD as a standalone LDAP server (as Stuart explained at
the DEC) has to do with AD's ties to the Win32 security system...
authentication through Kerberos, generation of Win32 security tokens, SIDs
appearing in ACLs, etc. ADAM removes these ties as I understand it.

-gil

-Original Message-
From: Robbie Allen [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 2:30 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New AD announced for web apps.


Stuart Kwan had mentioned this was coming at the Directory Experts
Conference in May.  Ultimately I think it could be a good thing if Microsoft
starts to treat AD as a separate product instead of just an add-on to
Windows 2000/.NET.  I don't see the benefit to what they are saying about
needing to set-up an entire operating system environment as is now
mandated.  You can setup standalone AD servers that act as LDAP servers
today.  Perhaps they can limit the DNS requirements, but other than that it
still has to go on a Windows OS.  I think this has a lot to do with the
perception of AD as a NOS-only directory and not a true competitor to Sun or
Novell in the app space.

Robbie Allen
Cisco Systems Enterprise Management
Coauthor of Managing Enterprise Active Directory Services

 -Original Message-
 From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 1:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] New AD announced for web apps.
 
 
 http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
 vedirectory.xm
 l
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New AD announced for web apps.

[Myrick, Todd (CIT)]

So this would allow you to use a different security solution like say
Netegrity or Oblix for SSO type applications.  In addition with MMS X you
could create public views of your PKI enabled users and make them LDAP
accessible without exposing a DC or GC.

For us, the more operations we can standardize on 2K .NET platforms the
better.

Todd

-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 6:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New AD announced for web apps.


The big issue using AD as a standalone LDAP server (as Stuart explained at
the DEC) has to do with AD's ties to the Win32 security system...
authentication through Kerberos, generation of Win32 security tokens, SIDs
appearing in ACLs, etc. ADAM removes these ties as I understand it.

-gil

-Original Message-
From: Robbie Allen [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 2:30 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New AD announced for web apps.


Stuart Kwan had mentioned this was coming at the Directory Experts
Conference in May.  Ultimately I think it could be a good thing if Microsoft
starts to treat AD as a separate product instead of just an add-on to
Windows 2000/.NET.  I don't see the benefit to what they are saying about
needing to set-up an entire operating system environment as is now
mandated.  You can setup standalone AD servers that act as LDAP servers
today.  Perhaps they can limit the DNS requirements, but other than that it
still has to go on a Windows OS.  I think this has a lot to do with the
perception of AD as a NOS-only directory and not a true competitor to Sun or
Novell in the app space.

Robbie Allen
Cisco Systems Enterprise Management
Coauthor of Managing Enterprise Active Directory Services

 -Original Message-
 From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 1:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] New AD announced for web apps.
 
 
 http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
 vedirectory.xm
 l
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] how to determine a user rights

[pio eqbal]

Is there any attribute in active directory that would
enable me to determine if a particular user has domain
admin rights?

__
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New AD announced for web apps.

[Robbie Allen]

Why is that an issue for running just a generic LDAP directory?  You can
still do standard LDAP binds against it and each directory has its own way
for securing resources.

Robbie Allen

 -Original Message-
 From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, July 18, 2002 6:27 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 The big issue using AD as a standalone LDAP server (as Stuart 
 explained at
 the DEC) has to do with AD's ties to the Win32 security system...
 authentication through Kerberos, generation of Win32 security 
 tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I
understand it.
 
 -gil
 
 -Original Message-
 From: Robbie Allen [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, July 18, 2002 2:30 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 Stuart Kwan had mentioned this was coming at the Directory Experts
 Conference in May.  Ultimately I think it could be a good 
 thing if Microsoft
 starts to treat AD as a separate product instead of just an add-on to
 Windows 2000/.NET.  I don't see the benefit to what they are 
 saying about
 needing to set-up an entire operating system environment as is now
 mandated.  You can setup standalone AD servers that act as 
 LDAP servers
 today.  Perhaps they can limit the DNS requirements, but 
 other than that it
 still has to go on a Windows OS.  I think this has a lot to 
 do with the
 perception of AD as a NOS-only directory and not a true 
 competitor to Sun or
 Novell in the app space.
 
 Robbie Allen
 Cisco Systems Enterprise Management
 Coauthor of Managing Enterprise Active Directory Services
 
  -Original Message-
  From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 1:21 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] New AD announced for web apps.
  
  
  http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
  vedirectory.xm
  l
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New AD announced for web apps.

[Robbie Allen]

iNetOrgPerson is supported fully in .NET ;-)  Have you seen studies where AD
is much slower than iPlanet/ONE, eDirectory or OpenLDAP in terms of bind
time?  I've heard varying reports.

In my experience, I believe the bigger issues are when you try to
consolidate your NOS and enterprise app directory into one.  The two are
largely not compatible in terms of requirements (e.g. multi-domain vs flat).

Robbie Allen

 -Original Message-
 From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, July 18, 2002 7:06 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 iNetOrgPerson and performance. Some apps can't deal with the 
 default AD schema and doing a simple bind that only does a local 
 password check is a lot quicker than issuing tickets, constructing tokens,
etc.
 
 -gil
 
 -Original Message-
 From: Robbie Allen [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, July 18, 2002 3:59 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 Why is that an issue for running just a generic LDAP 
 directory?  You can
 still do standard LDAP binds against it and each directory 
 has its own way
 for securing resources.
 
 Robbie Allen
 
  -Original Message-
  From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 6:27 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] New AD announced for web apps.
  
  
  The big issue using AD as a standalone LDAP server (as Stuart
  explained at
  the DEC) has to do with AD's ties to the Win32 security system...
  authentication through Kerberos, generation of Win32 security 
  tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I
 understand it.
  
  -gil
  
  -Original Message-
  From: Robbie Allen [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 2:30 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] New AD announced for web apps.
  
  
  Stuart Kwan had mentioned this was coming at the Directory Experts 
  Conference in May.  Ultimately I think it could be a good thing if 
  Microsoft starts to treat AD as a separate product instead 
 of just an 
  add-on to Windows 2000/.NET.  I don't see the benefit to 
 what they are
  saying about
  needing to set-up an entire operating system environment as is now
  mandated.  You can setup standalone AD servers that act as 
  LDAP servers
  today.  Perhaps they can limit the DNS requirements, but 
  other than that it
  still has to go on a Windows OS.  I think this has a lot to 
  do with the
  perception of AD as a NOS-only directory and not a true 
  competitor to Sun or
  Novell in the app space.
  
  Robbie Allen
  Cisco Systems Enterprise Management
  Coauthor of Managing Enterprise Active Directory Services
  
   -Original Message-
   From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, July 18, 2002 1:21 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] New AD announced for web apps.
   
   
   http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
   vedirectory.xm
   l
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] New AD announced for web apps.

[Gil Kirkpatrick]

I'm just recalling what Stuart described as the drivers for ADAM at the DEC.
IIRC, Novell's comparison between AD indicated that eDir was much faster at
binds than AD, but I wouldn't want to put a lot of credence in that
evaluation :)

I also think that you will be able to partition ADAM arbitrarily, ignoring
domain boundaries, much like you can with eDir. Although that probably is
not interesting to most standalong dir implementations.

-gil

-Original Message-
From: Robbie Allen [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 18, 2002 4:25 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] New AD announced for web apps.


iNetOrgPerson is supported fully in .NET ;-)  Have you seen studies where AD
is much slower than iPlanet/ONE, eDirectory or OpenLDAP in terms of bind
time?  I've heard varying reports.

In my experience, I believe the bigger issues are when you try to
consolidate your NOS and enterprise app directory into one.  The two are
largely not compatible in terms of requirements (e.g. multi-domain vs flat).

Robbie Allen

 -Original Message-
 From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 7:06 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 iNetOrgPerson and performance. Some apps can't deal with the
 default AD schema and doing a simple bind that only does a local 
 password check is a lot quicker than issuing tickets, constructing tokens,
etc.
 
 -gil
 
 -Original Message-
 From: Robbie Allen [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 18, 2002 3:59 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] New AD announced for web apps.
 
 
 Why is that an issue for running just a generic LDAP
 directory?  You can
 still do standard LDAP binds against it and each directory 
 has its own way
 for securing resources.
 
 Robbie Allen
 
  -Original Message-
  From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 6:27 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] New AD announced for web apps.
  
  
  The big issue using AD as a standalone LDAP server (as Stuart 
  explained at the DEC) has to do with AD's ties to the Win32 security 
  system... authentication through Kerberos, generation of Win32 
  security tokens, SIDs appearing in ACLs, etc. ADAM removes these 
  ties as I
 understand it.
  
  -gil
  
  -Original Message-
  From: Robbie Allen [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 18, 2002 2:30 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] New AD announced for web apps.
  
  
  Stuart Kwan had mentioned this was coming at the Directory Experts
  Conference in May.  Ultimately I think it could be a good thing if 
  Microsoft starts to treat AD as a separate product instead 
 of just an
  add-on to Windows 2000/.NET.  I don't see the benefit to
 what they are
  saying about
  needing to set-up an entire operating system environment as is now 
  mandated.  You can setup standalone AD servers that act as LDAP 
  servers today.  Perhaps they can limit the DNS requirements, but
  other than that it
  still has to go on a Windows OS.  I think this has a lot to 
  do with the
  perception of AD as a NOS-only directory and not a true 
  competitor to Sun or
  Novell in the app space.
  
  Robbie Allen
  Cisco Systems Enterprise Management
  Coauthor of Managing Enterprise Active Directory Services
  
   -Original Message-
   From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, July 18, 2002 1:21 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] New AD announced for web apps.
   
   
   http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti
   vedirectory.xm
   l
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List