[ActiveDir] Logon scripts
Morning all, Does the logon script run with the user rights of the user logging on?? Ie Can we install an MSI from the logon script with out running installer with elevated privileges if the user has user rights to the local machine?? Cheers Charlie -- http://www.channel5.co.uk/ -- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir]
ImCr :ý-Âpmamtsi1.mtl.bceemergis.comsmtp1.emergis.com[EMAIL PROTECTED]c=ca;a=immedia;p=mpact;l=MTL-GW-020207180547P1RP9909L669-a-logs@e[EMAIL PROTECTED]o.cEwLsReceived: from pmamtsi1.mtl.bceemergis.com (smtp1.emergis.com [192.139.197.95]) by MTL-GW-02.bceemergis.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id P1RP9909; Thu, 18 Jul 2002 01:47:10 -0400 Received: from mail.activedir.org (mail.activedir.org [64.245.160.7]) by pmamtsi1.mtl.bceemergis.com (8.9.3+Sun/8.9.3) with ESMTP id AAA27443 for [EMAIL PROTECTED]; Thu, 18 Jul 2002 00:19:26 -0400 (EDT) Received: from mail.nucleus.com [207.34.101.2] by mail.activedir.org with ESMTP (SMTPD32-6.06) id A1B98000186; Thu, 18 Jul 2002 00:19:05 -0400 To: [EMAIL PROTECTED] Subject: [ActiveDir] Autoreply: [ActiveDir Digest] From: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 22:19:02 -0600 Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Im away from the office from July 17th back bright and early July 22nd. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO's in W2K AD setup with XP clients
Dear All, I am planning to use GPO's to control a number of XP clients in a W2K AD setup. Currently we have no GPO's, other than the default domain policy. I have imported the .ADM files from XP into a W2K DC and want to use the Computer Configuration\Administrative Templates\System Restore options to control who can and cannot restore their system. The default behaviour is to allow everyone the ability to use system restore but when attempting it on a workstation, I am confronted with the message that tells me I do not have sufficient security privilages. If the defualt behaviour is set to allow restore throughout the domain, where does this security issue come from ? I thought perhaps it might be the Computer Configuration local security settings, so to test I added the group Everyone to all of the various local security settings. When I tried again to restore the system I got a new message saying that system restore is not able to protect the computer and to restart the system and try restore again !! How can I use GPO's and System Restore in my environment !?!?! Many thanks, Mark List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO's in W2K AD setup with XP clients
Mark You must have either Administrator or Backup Operator permissions on the computer to perform a restore. I could be wrong, but I believe the GPO setting makes the restore option available, but it does not confer the necessary rights. Tony -- Original Message -- From: Abbiss, Mark [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 18 Jul 2002 13:08:39 +0200 Dear All, I am planning to use GPO's to control a number of XP clients in a W2K AD setup. Currently we have no GPO's, other than the default domain policy. I have imported the .ADM files from XP into a W2K DC and want to use the Computer Configuration\Administrative Templates\System Restore options to control who can and cannot restore their system. The default behaviour is to allow everyone the ability to use system restore but when attempting it on a workstation, I am confronted with the message that tells me I do not have sufficient security privilages. If the defualt behaviour is set to allow restore throughout the domain, where does this security issue come from ? I thought perhaps it might be the Computer Configuration local security settings, so to test I added the group Everyone to all of the various local security settings. When I tried again to restore the system I got a new message saying that system restore is not able to protect the computer and to restart the system and try restore again !! How can I use GPO's and System Restore in my environment !?!?! Many thanks, Mark List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Logon scripts
Yes, I beleive that you would have to run it with Elevated priveleges. Charlie Hope-Lang [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/18/2002 04:16 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc:(bcc: John Hicks/MIS/HQ/KEMET/US) Subject:[ActiveDir] Logon scripts Morning all, Does the logon script run with the user rights of the user logging on?? Ie Can we install an MSI from the logon script with out running installer with elevated privileges if the user has user rights to the local machine?? Cheers Charlie -- http://www.channel5.co.uk/ -- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Autoreply: [ActiveDir Digest]
Can you stop OOOs and autoreplies from hitting the ActiveDir List ? Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 00:19 To: [EMAIL PROTECTED] Subject: [ActiveDir] Autoreply: [ActiveDir Digest] Im away from the office from July 17th back bright and early July 22nd. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Sites and Services
Are there any issues with renaming the Default-First-Site-Name? Also can I set up a site and not have a DC in it? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Autoreply: [ActiveDir Digest]
Could you stop posting these to the list as well? Email him offline if they bug you. -Original Message- From: David N. Precht [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 8:39 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest] Can you stop OOOs and autoreplies from hitting the ActiveDir List ? Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 00:19 To: [EMAIL PROTECTED] Subject: [ActiveDir] Autoreply: [ActiveDir Digest] Im away from the office from July 17th back bright and early July 22nd. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Autoreply: [ActiveDir Digest]
David, my mistake. I thought I replaced the list with person in question. I didn't. It was then too late. My apologies. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy David Sent: Thursday, July 18, 2002 08:47 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest] Could you stop posting these to the list as well? Email him offline if they bug you. -Original Message- From: David N. Precht [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 8:39 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Autoreply: [ActiveDir Digest] Can you stop OOOs and autoreplies from hitting the ActiveDir List ? Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 00:19 To: [EMAIL PROTECTED] Subject: [ActiveDir] Autoreply: [ActiveDir Digest] Im away from the office from July 17th back bright and early July 22nd. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Educating users on proper AD use ;-)
Title: Message There are a couple options although neither may be ideal. First, you can go to Start - Search - For Files or Folders At the bottom of the left pane is "Search for other items:" and underneath that is a link for "Computers" Second is after you browse to the domain as you mentioned below, right click on the domain and select "Find". You can then save the search by selecting File - Save Search Problem with this option in its default state is that it executesa search whenopened (even if no criteria are entered). Ibelieve both of these options can be customized to some extent, but I haven't seen any documentation on it. Robbie Allen Cisco Systems Enterprise Management Coauthor of "Managing Enterprise Active Directory Services" -Original Message-From: Ken Rinehart [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:23 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Educating users on proper AD use ;-) I got one response telling me I could limit who sees the OrgUnits in AD (obviously) but other than that I haven't heard much. Ken -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of SEYBOLDT,VOLKER (HP-Germany,ex1)Sent: Wednesday, July 17, 2002 6:35 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Educating users on proper AD use ;-) Hi Ken, this is an interesting point. Did you get any response on this? Volker -Original Message-From: Ken Rinehart [mailto:[EMAIL PROTECTED]]Sent: Tuesday, July 16, 2002 6:39 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Educating users on proper AD use ;-) Hello I understand that Microsoft wants users to get away from Network Neighborhood and start using features of Active Directory. In most of the books that I have there is mention of this and that "eventually" you won't have to use Network Neighborhood and broadcast based browsing will go away. But what will replace it? I want to turn it off across my officespace so I have no NBT broadcast browsing. I'm at a crossroads where I've just setup a native AD and want to use it "properly" and get users to make a behavioral change when accessing resources. So far I'm familiar with the standard My Network Places - Entire Network - Entire Contents - where there is then a choice for "Microsoft Windows Network" and "Directory - AD Domain" Double clicking this shows you all your OrgUnits but is this something you really want your users to see? Seems way to confusing and I'd rather not having them poking around looking at who my DCs are!. The alternative of course is to right click on your AD domain and choose "Find" which is better but most users will never figure this out. Is there a more direct way of acessing this utility? So I could use a GP to put it on all desktops or something. I'm so tired of browsing :-( Ken-
RE: [ActiveDir] Group into local admin at domain join
Keep in mind.this does not append.it replaces the current access with whatever you specify in that list. Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell 716.721.1825 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Group into local admin at domain join I think this is best done as part of the login script. You can use the following command as part of the login script: net localgroup administrators mydom\mygroup /add or use an ADSI script as part of your login script. I believe it is also possible to set the group membership using Group Policy. The drawback (or advantage) of this approach is that the GPO will throw out any other groups that may have been added by other processes, e.g. SMS. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 15:58:39 +0100 Hi All, I don't know if this possible :- I would like another group added to the local administrator group of PC's when they are joined to the domain, i.e. as the Domain admin group is automatically added. It would be even better if this could be done at an OU level... Any ideas? Thanks Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Wicklund, Robert.vcf Description: Binary data
RE: [ActiveDir] Password Change for 100% Remote User Workstations
Title: Message Gene, Take a look at your VPN connection. Are you logging into the workstation, opening a tunnel, and doing their work. OR Are you logging into the workstation, opening the tunnel, logging out, and logging back into the now connected workstation? If notthe user will not be flagged that their password is about to expire, and will end up being locked out. We had the same issue, and have solved it. Jef -Original Message-From: Molloy, Gene S. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:37 PMTo: [EMAIL PROTECTED]Subject: Password Change for 100% Remote User Workstations We are having problems with users being able to change their passwords when they expire. The users having the problem are 100% remote. Very rarely do they connect to our private network. Most of the time they use VPN over a dial up connection. I am wondering how other people are dealing with this problem. I really do not want to set passwords to never expire. Any help would be greatly appreciated. Thanks, Gene Molloy
RE: [ActiveDir] Password Change for 100% Remote User Workstations
Title: Message Jef, They are logging into W2K Pro with cached password information. Connection to local Internet POP then launching VPN connection. That is how our typical user works. Gene -Original Message-From: Kazimer Jef [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 9:43 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Password Change for 100% Remote User Workstations Gene, Take a look at your VPN connection. Are you logging into the workstation, opening a tunnel, and doing their work. OR Are you logging into the workstation, opening the tunnel, logging out, and logging back into the now connected workstation? If notthe user will not be flagged that their password is about to expire, and will end up being locked out. We had the same issue, and have solved it. Jef -Original Message-From: Molloy, Gene S. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:37 PMTo: [EMAIL PROTECTED]Subject: Password Change for 100% Remote User Workstations We are having problems with users being able to change their passwords when they expire. The users having the problem are 100% remote. Very rarely do they connect to our private network. Most of the time they use VPN over a dial up connection. I am wondering how other people are dealing with this problem. I really do not want to set passwords to never expire. Any help would be greatly appreciated. Thanks, Gene Molloy
[ActiveDir] Sort of OT: other Protocols
I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers. This environment experienced problems the other day because of a lack of name resolution between the Servers. I was asked by management to look at netbeui as a backup incase standard TCPIP name Resolution failed... Here is what I have set up... On each machine I have 2 Nic's, 1 nic on each machine is dedicated to IP and 1 Nic is dedicated to NetBeui. Does anyone see any issues with this? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group into local admin at domain join
Robert, When you say, this does not append, what are you referring to? a) net localgroup method. I disagree, this does an append. b) GPO method. I agree, this does a replace. This was the point I was trying (albeit not very clearly) to make. BTW, as Byron pointed out earlier, if using the net localgroup or ADSI method the startup script should be used and not the login script. Tony -- Original Message -- From: Wicklund, Robert [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 18 Jul 2002 10:18:12 -0400 Keep in mind.this does not append.it replaces the current access with whatever you specify in that list. Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell 716.721.1825 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Group into local admin at domain join I think this is best done as part of the login script. You can use the following command as part of the login script: net localgroup administrators mydom\mygroup /add or use an ADSI script as part of your login script. I believe it is also possible to set the group membership using Group Policy. The drawback (or advantage) of this approach is that the GPO will throw out any other groups that may have been added by other processes, e.g. SMS. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 15:58:39 +0100 Hi All, I don't know if this possible :- I would like another group added to the local administrator group of PC's when they are joined to the domain, i.e. as the Domain admin group is automatically added. It would be even better if this could be done at an OU level... Any ideas? Thanks Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Sort of OT: other Protocols
What about using hosts files as a fail over for DNS? Seems like less work to me. John A. Bjelke UNISYS Systems administrator 505.846.5894 [EMAIL PROTECTED] -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 8:45 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Sort of OT: other Protocols I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers. This environment experienced problems the other day because of a lack of name resolution between the Servers. I was asked by management to look at netbeui as a backup incase standard TCPIP name Resolution failed... Here is what I have set up... On each machine I have 2 Nic's, 1 nic on each machine is dedicated to IP and 1 Nic is dedicated to NetBeui. Does anyone see any issues with this? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Sort of OT: other Protocols
The quote from our CIO was that if caught any developer using IP addresses in their code he would fire them on the spot. Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Andy Grafton [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:56 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Sort of OT: other Protocols I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers. This environment experienced problems the other day because of a lack of name resolution between the Servers. Not answering the question, but if that's the problem and you can get around it with NetBEUI, why not use the IP addresses of the machines instead of the name? All the best, Andy List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Sort of OT: other Protocols
I have since added that Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 11:02 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Sort of OT: other Protocols What about using hosts files as a fail over for DNS? Seems like less work to me. John A. Bjelke UNISYS Systems administrator 505.846.5894 [EMAIL PROTECTED] -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 8:45 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Sort of OT: other Protocols I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers. This environment experienced problems the other day because of a lack of name resolution between the Servers. I was asked by management to look at netbeui as a backup incase standard TCPIP name Resolution failed... Here is what I have set up... On each machine I have 2 Nic's, 1 nic on each machine is dedicated to IP and 1 Nic is dedicated to NetBeui. Does anyone see any issues with this? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Sort of OT: other Protocols
The quote from our CIO was that if caught any developer using IP addresses in their code he would fire them on the spot. And using NetBEUI as a backup protocol on a production system is better? Andy List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] LDAP failover/load balancing
We have some J2EE application servers which we have configured to authenticate via LDAP against our Active Directory. The configuration of the app server allows only one LDAP server to be specified. If that one DC were to fail, the app servers would be unable to find the directory even though we have many other DCs in the domain. I desperately want to put some failover solution in place before that happens. Are any of you facing similar situations ? What products or techniques are you using to get around the issue ? I'm thinking either some kind of hardware load balancer (like cisco's product) or some kind of an LDAP proxy on another box. Although I've seen it work in the lab, I don't wish to upgrade the DCs to W2K-AS just to get NLB for this. Any suggestions ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] AD and NDS
We are in the process of migrating our NT 4 domain to AD. We currently use NDS as our primary directory service. We are using Account Manager to migrate our users and computer accounts into the AD domain form the NT 4 domain. We experienced problems getting IDs created in Novell Console 1 and MMC console to populate the changes in the other directory. Has anyone gone through this process yet? If so, do you have any tips or resources for info on the subject. Both Novell and Microsoft have docs, but they both just bash teh others product. Any help would be greatly appreciated. Thanks, Jonathan Hicks Network Engineer KEMET Electronics Corp 864-228-4473 [EMAIL PROTECTED]
RE: [ActiveDir] Group into local admin at domain join
Tony, Option b. Of courseas alwaysi didn't read the last line. We are using a VB script so we execute this in Logon script. Thanks Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell 716.721.1825 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Group into local admin at domain join Robert, When you say, this does not append, what are you referring to? a) net localgroup method. I disagree, this does an append. b) GPO method. I agree, this does a replace. This was the point I was trying (albeit not very clearly) to make. BTW, as Byron pointed out earlier, if using the net localgroup or ADSI method the startup script should be used and not the login script. Tony -- Original Message -- From: Wicklund, Robert [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 18 Jul 2002 10:18:12 -0400 Keep in mind.this does not append.it replaces the current access with whatever you specify in that list. Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell 716.721.1825 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Group into local admin at domain join I think this is best done as part of the login script. You can use the following command as part of the login script: net localgroup administrators mydom\mygroup /add or use an ADSI script as part of your login script. I believe it is also possible to set the group membership using Group Policy. The drawback (or advantage) of this approach is that the GPO will throw out any other groups that may have been added by other processes, e.g. SMS. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 15:58:39 +0100 Hi All, I don't know if this possible :- I would like another group added to the local administrator group of PC's when they are joined to the domain, i.e. as the Domain admin group is automatically added. It would be even better if this could be done at an OU level... Any ideas? Thanks Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Wicklund, Robert.vcf Description: Binary data
RE: [ActiveDir] AD and NDS
Title: Message Can you describe the problems? -gil -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:25 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD and NDSWe are in the process of migrating our NT 4 domain to AD. We currently use NDS as our primary directory service. We are using Account Manager to migrate our users and computer accounts into the AD domain form the NT 4 domain. We experienced problems getting IDs created in Novell Console 1 and MMC console to populate the changes in the other directory. Has anyone gone through this process yet? If so, do you have any tips or resources for info on the subject. Both Novell and Microsoft have docs, but they both just bash teh others product. Any help would be greatly appreciated. Thanks, Jonathan Hicks Network Engineer KEMET Electronics Corp 864-228-4473 [EMAIL PROTECTED]
RE: [ActiveDir] New AD announced for web apps.
Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] New AD announced for web apps.
The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] New AD announced for web apps.
So this would allow you to use a different security solution like say Netegrity or Oblix for SSO type applications. In addition with MMS X you could create public views of your PKI enabled users and make them LDAP accessible without exposing a DC or GC. For us, the more operations we can standardize on 2K .NET platforms the better. Todd -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 6:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] how to determine a user rights
Is there any attribute in active directory that would enable me to determine if a particular user has domain admin rights? __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] New AD announced for web apps.
Why is that an issue for running just a generic LDAP directory? You can still do standard LDAP binds against it and each directory has its own way for securing resources. Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 6:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] New AD announced for web apps.
iNetOrgPerson is supported fully in .NET ;-) Have you seen studies where AD is much slower than iPlanet/ONE, eDirectory or OpenLDAP in terms of bind time? I've heard varying reports. In my experience, I believe the bigger issues are when you try to consolidate your NOS and enterprise app directory into one. The two are largely not compatible in terms of requirements (e.g. multi-domain vs flat). Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 7:06 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. iNetOrgPerson and performance. Some apps can't deal with the default AD schema and doing a simple bind that only does a local password check is a lot quicker than issuing tickets, constructing tokens, etc. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 3:59 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Why is that an issue for running just a generic LDAP directory? You can still do standard LDAP binds against it and each directory has its own way for securing resources. Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 6:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] New AD announced for web apps.
I'm just recalling what Stuart described as the drivers for ADAM at the DEC. IIRC, Novell's comparison between AD indicated that eDir was much faster at binds than AD, but I wouldn't want to put a lot of credence in that evaluation :) I also think that you will be able to partition ADAM arbitrarily, ignoring domain boundaries, much like you can with eDir. Although that probably is not interesting to most standalong dir implementations. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 4:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. iNetOrgPerson is supported fully in .NET ;-) Have you seen studies where AD is much slower than iPlanet/ONE, eDirectory or OpenLDAP in terms of bind time? I've heard varying reports. In my experience, I believe the bigger issues are when you try to consolidate your NOS and enterprise app directory into one. The two are largely not compatible in terms of requirements (e.g. multi-domain vs flat). Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 7:06 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. iNetOrgPerson and performance. Some apps can't deal with the default AD schema and doing a simple bind that only does a local password check is a lot quicker than issuing tickets, constructing tokens, etc. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 3:59 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Why is that an issue for running just a generic LDAP directory? You can still do standard LDAP binds against it and each directory has its own way for securing resources. Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 6:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 2:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] New AD announced for web apps. Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing to set-up an entire operating system environment as is now mandated. You can setup standalone AD servers that act as LDAP servers today. Perhaps they can limit the DNS requirements, but other than that it still has to go on a Windows OS. I think this has a lot to do with the perception of AD as a NOS-only directory and not a true competitor to Sun or Novell in the app space. Robbie Allen Cisco Systems Enterprise Management Coauthor of Managing Enterprise Active Directory Services -Original Message- From: Myrick, Todd (CIT) [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 1:21 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] New AD announced for web apps. http://www.infoworld.com/articles/hn/xml/02/07/17/020717hnacti vedirectory.xm l List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List