RE: [ActiveDir] Password Problem
Title: Message Does the password actually change on these users? Its a strange situation, because when the password is changed on a DC, the time it was set is recorded and the expiry date is subsequently calculated from that value. Presumably, the clocks are synching properly on all of the machines? Also, have you checked that the replication topology is ok; one DC could be authenticating users/changing passwords then failing to connect to the other DCs to replicate the change? That would also explain why the policy is being applied successfully, as it could have an old copy of the GPOs. Darren. -Original Message- From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED]] Sent: 04 October 2002 09:10 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Password Problem Subject: Password Problem Hi Guys, There are a couple of incidents in the bank thatusers are trying to change their passwords and even once this is done the passwords still shows as about to expire the next day, A couple of points on this have been found - The problem is very intermmitent and does not happen consitently or to all the user/desktops in the smae OU's - Investigation shows that some of the machines experiencing this are not getting the latest interactive logon message which would indicate that the default domain GPO is not being applied to these machines - A secedit /refresh and enforce shows as being succesful in the logs, and has proven itself to be succesful by removing the user from the local admin group even after I manually added the user into the local admins group manually. Any other ideas from any one? Thanks __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ This e-mail is from Energis Communications Ltd, 50 Victoria Embankment, London, EC4Y 0DE, UnitedKingdom, No: 2630471.This e-mail is confidential to the addressee and may be privileged. The viewsexpressed are personal and do not necessarily reflect those of Energis. If you are notthe intended recipient please notify the sender immediately by calling our switchboard on+44 (0) 20 7206 and do not disclose to another person or use, copy or forwardall or any of it in any form.
RE: [ActiveDir] Cleaning out old machine accounts
I did this a while back with some perl that looped round and pinged all the machine accounts in a domain, logging whether they were up or not. I probably still have the code lying around, but it would need to be modified to your needs. Contact me off list if you are interested... Cheers, Paul Burns, Clyde [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/10/2002 20:28 Please respond to ActiveDir To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc: Subject:RE: [ActiveDir] Cleaning out old machine accounts I used this back in NT4 days. It might be worth your time to take a look and see if will work in an AD environment. http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q197478; -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 11:36 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Cleaning out old machine accounts Our AD was upgraded from a NT domain. We have a bunch of old machine accounts. What is the best method to tell if a machine no longer exists or hasn't connected to the network? Thanks,jb -- Jason Benway [EMAIL PROTECTED] 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
Can work with IP addresses. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: 04 October 2002 15:22 To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - ATTENTION: No legal consequences can be derived from the content of this e-mail and/or its attachments. Neither is sender committed to these. The content of this e-mail is exclusively intended for addressee(s) and information purposes. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Sender accepts no liability for any damage resulting from the use and/or acceptation of the content of this e-mail. Always scan attachments for viruses before opening them. - List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleaning out old machine accounts
ADMT can report on machines with expired passwords. HTH dave -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED]] Sent: 03 October 2002 16:36 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Cleaning out old machine accounts Our AD was upgraded from a NT domain. We have a bunch of old machine accounts. What is the best method to tell if a machine no longer exists or hasn't connected to the network? Thanks,jb -- Jason Benway [EMAIL PROTECTED] 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Unable to browse across the subnets/gateways
Title: Message Thanks for the suggestions Kevin, but unfortunately the solution isn't so nice. My ICP$ admin share is messed up and that is what is causing my problems. Now all I have to do is figure out how to fix that part. Thanks for the input, Chuck -Original Message-From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 4:50 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Unable to browse across the subnets/gateways What are the subnets? And what is the gateway config. Also, When you say browse do you mean Network neighborhood? If so play with the LMHosts file to see if you can force resolution if you can it is probably a WINS issue. Are the servers WINS clients? Do the registrations look OK? Can the XP/2k systems log on? Can they ping via FQDN and IP? Make sure you separate the hostname function and the NetBIOS function when you troubleshoot this one. If it is Net Neighborhood :( then it is probably a WINS issue or browser service issue. Are there error in the System event log? Kevin -Original Message-From: Charles Carerros [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 3:37 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Unable to browse across the subnets/gateways Okay, Situation: I have two subnets (subnet A and subnet B) with gateways between then. All my DCs (and the rest of my server farm) is onsubnet A.There are clients on both subnets.All the theclients are either Windows XP or Windows 2000 Prof patched to current standards. The servers areall Windows 2000 fullypatched. Problem: For some reason I am unable to browse the network from any client on the subnets B.On subnet A I can only browse those computers and servers that are located onsubnet A. Attempted Fixes: I have reviewed my current services. I checked my WINS servers. I can locate all machines if I search Active Directory using the Find Computers options. The IPC$ is mapped. Any suggestions would be helpful. Thanks, Chuck
RE: [ActiveDir] OT: Unable to browse across the subnets/gateways
Title: Message IPC$? If so you just need to kill it and recreate it. Net use ipc$ /d /y Net use ipc$ /user:username password Also this isnt an admin share as such, it is really just a authenticated connection that other communications will piggy back on to use those credentials. (In a really simple form). I think this should do it if you believe that connection is corrupt. Kevin -Original Message- From: Charles Carerros [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 10:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Unable to browse across the subnets/gateways Thanks for the suggestions Kevin, but unfortunately the solution isn't so nice. My ICP$ admin share is messed up and that is what is causing my problems. Now all I have to do is figure out how to fix that part. Thanks for the input, Chuck -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Unable to browse across the subnets/gateways What are the subnets? And what is the gateway config. Also, When you say browse do you mean Network neighborhood? If so play with the LMHosts file to see if you can force resolution if you can it is probably a WINS issue. Are the servers WINS clients? Do the registrations look OK? Can the XP/2k systems log on? Can they ping via FQDN and IP? Make sure you separate the hostname function and the NetBIOS function when you troubleshoot this one. If it is Net Neighborhood :( then it is probably a WINS issue or browser service issue. Are there error in the System event log? Kevin -Original Message- From: Charles Carerros [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 3:37 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Unable to browse across the subnets/gateways Okay, Situation: I have two subnets (subnet A and subnet B) with gateways between then. All my DCs (and the rest of my server farm) is onsubnet A.There are clients on both subnets.All the theclients are either Windows XP or Windows 2000 Prof patched to current standards. The servers areall Windows 2000 fullypatched. Problem: For some reason I am unable to browse the network from any client on the subnets B.On subnet A I can only browse those computers and servers that are located onsubnet A. Attempted Fixes: I have reviewed my current services. I checked my WINS servers. I can locate all machines if I search Active Directory using the Find Computers options. The IPC$ is mapped. Any suggestions would be helpful. Thanks, Chuck
RE: [ActiveDir] OT:VPNs
Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
I prefer to use fully qualified domain names whenever possible. It comes in very handy when you change Internet providers, because, oh, say yours files bankrupcy then starts experiencing intermittent, extended downtimes. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
I agree, you can always keep a domain name the same on all VPN clients. If you ever need to change the ip or move the hardware used by the VPN you won't have to change it on the client side, the domain name will simply resolves to the new ip when you change it in DNS. Makes a lot less work in the long run. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs I prefer to use fully qualified domain names whenever possible. It comes in very handy when you change Internet providers, because, oh, say yours files bankrupcy then starts experiencing intermittent, extended downtimes. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
Justin, For both VPN pipes - we use the domain names at my company. There is a slight bit more configuration but you will never have to reconfigure anything (in a perfect world) unlike if you use IP addresses and you start having problems with your ISP and decided to switch. Example --- right now we have 3 ISPs coming in. Our main service is provided by Genuity --- but with all the money they are hemorrhaging lately you never know if they are going to shut their doors. By law they have to give you 30 days notice that they are shutting down. If in fact they do --- reconfiguring both VPN pipes is one less thing we have to worry about as we use the domain name rather than the IPs. Too wordy?? -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
Thanks everyone, you have helped us answer a questions by one of out child facilities. -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:24 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT:VPNs Justin, For both VPN pipes - we use the domain names at my company. There is a slight bit more configuration but you will never have to reconfigure anything (in a perfect world) unlike if you use IP addresses and you start having problems with your ISP and decided to switch. Example --- right now we have 3 ISPs coming in. Our main service is provided by Genuity --- but with all the money they are hemorrhaging lately you never know if they are going to shut their doors. By law they have to give you 30 days notice that they are shutting down. If in fact they do --- reconfiguring both VPN pipes is one less thing we have to worry about as we use the domain name rather than the IPs. Too wordy?? -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Start TLS on LDAP (389)
Hi, Does anyone know if we can Start TLS on Active Directory port LDAP 389? I am trying to understand how we make secure connections to AD. If we have to use LDAPS, I need to know that quite soon. Rgds, -- Frank P. Ooms[EMAIL PROTECTED] Principal IT Systems Architect Schlumberger IT Standards Planning Tel: +31 70 3105454 Fax: +31 70 05 463 Mobile: +31 6 51280369 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:VPNs
Hahahahah Roger - you just gave a MUCH shorter version of my response. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs I prefer to use fully qualified domain names whenever possible. It comes in very handy when you change Internet providers, because, oh, say yours files bankrupcy then starts experiencing intermittent, extended downtimes. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT:VPNs Do you know what the advantages and disadvantages are for using domain names or ip addresses? -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT:VPNs It depends on your preference - you can do either. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:VPNs I have a general question for everyone. Do VPN's require the use of a domain name or do they strictly rely on just IP Addresses? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS in a domain tree model.
In your particular case, I would: - on the root domain DNS, delegate CHILD to the CHILD DNS server. - on the CHILD DNS server, set it to forward to the root domain DNS server. - ensure that all root domain controllers use DNS servers authoritative for the root domain only. - ensure that all CHILD domain controllers use DNS servers authoritative for the CHILD domain only. That should do it. Linton -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:48 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DNS in a domain tree model. What is the best way to configure DNS in a domain tree model? If I have a parent domain running AD Integrated DNS and I go to DC Promo a child domain to make it a new child domain of an existing tree, the DNS must reference the Parent DNS so that DC Promo can find the forest root. After the DC Promo is done, even though the new domain controller in the child domain is a DNS Server with itself listed as an alternate, it did not have a DNS zone created, because AD Integrated do not replicate over domain boundaries. Therefore how do I make it so that DNS works correctly and the local administrators can update DNS via DHCP or manually and have those changes also in the root. I have a test environment called TESTLAB.LOCAL My child domain is called CHILD.TESTLAB.LOCAL My DNS in the root has a zone for TESTLAB.LOCAL After I ran DC Promo I had another folder in TESTLAB.LOCAL called CHILD What did I do wrong? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS in a domain tree model.
Linton explains one way to do this, I'll explain another way, that we use here with great success. Forest is 2 domains, empty root and a production domain. In our case, we're using a non-contiguous namespace (dom.net and dom.com, respectively), however this would work for a contiguous namespace as well. For the empty root (dom.net), the DCs host only the dom.net domain. On the DCs for the production domain (dom.com), they host dom.com, and pull a standard secondary of dom.net. Therefore, they have full knowledge of the forest root. After bringing up the production domain (dom.com), the dom.net DNS servers are set with forwarders to their local dom.com DC/DNS boxes - which makes them fully aware of all dom.com. Clients all resolve off the dom.com (our production domain, with all user and machine accounts) DNS servers. We also host about 10 legacy domains, as well as a few internal splits of our public facing domains, all on the dom.com DCs. Either way - set the second domain controller up, create the zone for its domain (and enable updates), and either have it pull a secondary of or forward to the root zone. Then run DCPromo. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:48 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DNS in a domain tree model. What is the best way to configure DNS in a domain tree model? If I have a parent domain running AD Integrated DNS and I go to DC Promo a child domain to make it a new child domain of an existing tree, the DNS must reference the Parent DNS so that DC Promo can find the forest root. After the DC Promo is done, even though the new domain controller in the child domain is a DNS Server with itself listed as an alternate, it did not have a DNS zone created, because AD Integrated do not replicate over domain boundaries. Therefore how do I make it so that DNS works correctly and the local administrators can update DNS via DHCP or manually and have those changes also in the root. I have a test environment called TESTLAB.LOCAL My child domain is called CHILD.TESTLAB.LOCAL My DNS in the root has a zone for TESTLAB.LOCAL After I ran DC Promo I had another folder in TESTLAB.LOCAL called CHILD What did I do wrong? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS in a domain tree model.
What I want to accomplish is each DNS server querying directly to the Internet and not forwarding to my server first. How would I delegate a zone to the Child? -Original Message- From: Linton Smith (WBTQ) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 12:17 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] DNS in a domain tree model. In your particular case, I would: - on the root domain DNS, delegate CHILD to the CHILD DNS server. - on the CHILD DNS server, set it to forward to the root domain DNS server. - ensure that all root domain controllers use DNS servers authoritative for the root domain only. - ensure that all CHILD domain controllers use DNS servers authoritative for the CHILD domain only. That should do it. Linton -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:48 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DNS in a domain tree model. What is the best way to configure DNS in a domain tree model? If I have a parent domain running AD Integrated DNS and I go to DC Promo a child domain to make it a new child domain of an existing tree, the DNS must reference the Parent DNS so that DC Promo can find the forest root. After the DC Promo is done, even though the new domain controller in the child domain is a DNS Server with itself listed as an alternate, it did not have a DNS zone created, because AD Integrated do not replicate over domain boundaries. Therefore how do I make it so that DNS works correctly and the local administrators can update DNS via DHCP or manually and have those changes also in the root. I have a test environment called TESTLAB.LOCAL My child domain is called CHILD.TESTLAB.LOCAL My DNS in the root has a zone for TESTLAB.LOCAL After I ran DC Promo I had another folder in TESTLAB.LOCAL called CHILD What did I do wrong? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS in a domain tree model.
take a look at http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q255248; and it will show you how. Tim Hines, MCSA, MCSE (2000 NT4) - Original Message - From: Salandra, Justin A. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 04, 2002 12:23 PM Subject: RE: [ActiveDir] DNS in a domain tree model. What I want to accomplish is each DNS server querying directly to the Internet and not forwarding to my server first. How would I delegate a zone to the Child? -Original Message- From: Linton Smith (WBTQ) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 12:17 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS in a domain tree model. In your particular case, I would: - on the root domain DNS, delegate CHILD to the CHILD DNS server. - on the CHILD DNS server, set it to forward to the root domain DNS server. - ensure that all root domain controllers use DNS servers authoritative for the root domain only. - ensure that all CHILD domain controllers use DNS servers authoritative for the CHILD domain only. That should do it. Linton -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:48 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DNS in a domain tree model. What is the best way to configure DNS in a domain tree model? If I have a parent domain running AD Integrated DNS and I go to DC Promo a child domain to make it a new child domain of an existing tree, the DNS must reference the Parent DNS so that DC Promo can find the forest root. After the DC Promo is done, even though the new domain controller in the child domain is a DNS Server with itself listed as an alternate, it did not have a DNS zone created, because AD Integrated do not replicate over domain boundaries. Therefore how do I make it so that DNS works correctly and the local administrators can update DNS via DHCP or manually and have those changes also in the root. I have a test environment called TESTLAB.LOCAL My child domain is called CHILD.TESTLAB.LOCAL My DNS in the root has a zone for TESTLAB.LOCAL After I ran DC Promo I had another folder in TESTLAB.LOCAL called CHILD What did I do wrong? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleaning out old machine accounts
Attached is a Perl script I wrote a while back to manage inactive computer objects. It does the following: * Iterate through each domain controller for a domain (uses Net::DNS) * Find all disabled computer accounts (via userAccountControl) * Find all inactive computer accounts (via pwdLastSet) * Deletes the disabled computer accounts * Disables the inactive computer accounts In a nut shell, the script will disable any inactive computers it finds, and then in the next invocation of the script, it will delete the disabled computer accounts. The script is meant to be run on a weekly or monthly basis. You can customize it to find inactive computers x number of months old. You could modify the script to directly delete the inactive computer accounts, but when dealing with 60,000 computer objects, I'm a little paranoid :-) Robbie Allen Burns, Clyde [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/10/2002 20:28 Please respond to ActiveDir To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc: Subject:RE: [ActiveDir] Cleaning out old machine accounts I used this back in NT4 days. It might be worth your time to take a look and see if will work in an AD environment. http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q197478; -Original Message- From: Jason Benway [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 11:36 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Cleaning out old machine accounts Our AD was upgraded from a NT domain. We have a bunch of old machine accounts. What is the best method to tell if a machine no longer exists or hasn't connected to the network? Thanks,jb -- Jason Benway [EMAIL PROTECTED] 1250 S.Beechtree Grand Haven, MI 49417 616-847-8474 Fax: 616-850-1208 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ inactive_computers.pl Description: Binary data inactive_computers.pl Description: Binary data
[ActiveDir] Missed a step?
I think I may have missed a step in configuring something I had a AD Native Mode forest root with a Connection Agreement through the ADC to an Exchange 5.5 server. Now that I have a child domain, how do I configure a new ADC Connection agreement from AD in the child domain to the mail server in the forest root. I have the Connection agreement configured but when I go to create a user I do not get prompted to generate an e-mail account. When I right click on users and go to exchange tasks there is no option to create a mailbox. Any help is appreciated Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS in a domain tree model.
If each must forward to the Internet directly, then Roger's solution would be best in this case (each acting as secondary for your other DNS zones). With many domains and DNS servers, this can get pretty ugly, however. Why not have the CHILD DNS server forward to the root DNS server, and then have the root DNS server forward to the Internet? You get the same effect. Linton -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 12:24 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS in a domain tree model. What I want to accomplish is each DNS server querying directly to the Internet and not forwarding to my server first. How would I delegate a zone to the Child? -Original Message- From: Linton Smith (WBTQ) [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 12:17 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] DNS in a domain tree model. In your particular case, I would: - on the root domain DNS, delegate CHILD to the CHILD DNS server. - on the CHILD DNS server, set it to forward to the root domain DNS server. - ensure that all root domain controllers use DNS servers authoritative for the root domain only. - ensure that all CHILD domain controllers use DNS servers authoritative for the CHILD domain only. That should do it. Linton -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:48 AM To: ActiveDir (E-mail) Subject: [ActiveDir] DNS in a domain tree model. What is the best way to configure DNS in a domain tree model? If I have a parent domain running AD Integrated DNS and I go to DC Promo a child domain to make it a new child domain of an existing tree, the DNS must reference the Parent DNS so that DC Promo can find the forest root. After the DC Promo is done, even though the new domain controller in the child domain is a DNS Server with itself listed as an alternate, it did not have a DNS zone created, because AD Integrated do not replicate over domain boundaries. Therefore how do I make it so that DNS works correctly and the local administrators can update DNS via DHCP or manually and have those changes also in the root. I have a test environment called TESTLAB.LOCAL My child domain is called CHILD.TESTLAB.LOCAL My DNS in the root has a zone for TESTLAB.LOCAL After I ran DC Promo I had another folder in TESTLAB.LOCAL called CHILD What did I do wrong? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Start TLS on LDAP (389)
Frank, Unless you have a particular need to use TLS, I'd forego it and use SSL over LDAP. It's easy to set up and manage. Here's a Q Article to guide you step by step on implementation: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247078 Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Frank Ooms Sent: Friday, October 04, 2002 10:33 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Start TLS on LDAP (389) Hi, Does anyone know if we can Start TLS on Active Directory port LDAP 389? I am trying to understand how we make secure connections to AD. If we have to use LDAPS, I need to know that quite soon. Rgds, -- Frank P. Ooms[EMAIL PROTECTED] Principal IT Systems Architect Schlumberger IT Standards Planning Tel: +31 70 3105454 Fax: +31 70 05 463 Mobile: +31 6 51280369 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Start TLS on LDAP (389)
Support for Start TLS defined in RFC 2830 (http://www.ietf.org/rfc/rfc2830.txt) is not available until .NET AD. If you have a copy of .NET you can play with TLS via LDP Options TLS StartTLS/StopTLS. As far as W2K AD goes, you'll need to use SSL as Rick mentioned. For the curious, MSDN has a pretty good overview of TLS (URL may break): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se curity/transport_layer_security_tls_protocol.asp Robbie Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Frank Ooms Sent: Friday, October 04, 2002 10:33 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Start TLS on LDAP (389) Hi, Does anyone know if we can Start TLS on Active Directory port LDAP 389? I am trying to understand how we make secure connections to AD. If we have to use LDAPS, I need to know that quite soon. Rgds, -- Frank P. Ooms[EMAIL PROTECTED] Principal IT Systems Architect Schlumberger IT Standards Planning Tel: +31 70 3105454 Fax: +31 70 05 463 Mobile: +31 6 51280369 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange 5.5 upgrade to 2000
Jennifer - you can do what you need right now. When one of our satellite offices was still in mixed mode they were running Exchange 5.0 on and NT4.0 box. This box was also a BDC (formerly the PDC until AD servers were introduced. I recommend you upgrade your 5.5 box to SP6 (if it's not already there.) Set up an ADC between the Exchange 5.5 box and one of your AD DC's and allow replication to begin. Then when you are ready --- install a separate (preferably new/clean box) Win 2K Exch 2K server into that exchange site (remembering to run setup with the /ForestPrep and DomainPrep switches separately) - migrate your mailboxes over to the 2K box decommission the 5.5 box and switch to Exchange Native Mode (which is different than Win2K [AD] NATIVE MODE). Then when you are sure you have no remaining NT 4.0 domain controllers --- switch to Windows 2000 Native Mode. Craig Craig P. Cerino MCSE, MCP+I Systems Administrator TIE SOLUTIONS, Inc [EMAIL PROTECTED] www.tiesolutions.com -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 2:07 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Exchange 5.5 upgrade to 2000 We are currently in mixed mode and cannot switch to native. We currently have e5.5 and plan to upgrade to e2k next month. (since we aren't in native, we can't do a migrations using the adc - right?) can i setup my new exchange server (offline) with w2k and e5.5 and then upgrade to 2000 then take down the production 5.5 and put the new 2k box into production? any gotchas? can i do this? thanks!! -- Thank you Jenn Fountain 215.712.5156 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange 5.5 upgrade to 2000
Exactly, but also ... Before you setup the ADC(remember to install this from the E2K CD), run the NTDSNoMAtch utility on your Exch5.5 box. This utility identifies multiple NT accounts that have the same mailbox associated with them. In W2K/E2K, mailboxes can only have one user/account associated with them. Once you have you list of problem mailboxes, manally make whatever changes you want. Run NTDSNoMAtch until no problems are found. Now you're ready for the ADC install. Dave K. -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 1:07 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Exchange 5.5 upgrade to 2000 We are currently in mixed mode and cannot switch to native. We currently have e5.5 and plan to upgrade to e2k next month. (since we aren't in native, we can't do a migrations using the adc - right?) can i setup my new exchange server (offline) with w2k and e5.5 and then upgrade to 2000 then take down the production 5.5 and put the new 2k box into production? any gotchas? can i do this? thanks!! -- Thank you Jenn Fountain 215.712.5156 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Netlogon Service
Title: Message Does anyone know what adverse effects a "Directory Service" will experience if the NETLOGON Service is Disabled on aDomain Controller??? Thanks, Yusuf __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
RE: [ActiveDir] Exchange 5.5 upgrade to 2000
How do you configure two domains and parent and a child to replicate and create mailboxes for user accounts in both domains to a 5.5 server in the parent domain -Original Message- From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 2:31 PM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] Exchange 5.5 upgrade to 2000 Exactly, but also ... Before you setup the ADC(remember to install this from the E2K CD), run the NTDSNoMAtch utility on your Exch5.5 box. This utility identifies multiple NT accounts that have the same mailbox associated with them. In W2K/E2K, mailboxes can only have one user/account associated with them. Once you have you list of problem mailboxes, manally make whatever changes you want. Run NTDSNoMAtch until no problems are found. Now you're ready for the ADC install. Dave K. -Original Message- From: Jennifer Fountain [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 1:07 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Exchange 5.5 upgrade to 2000 We are currently in mixed mode and cannot switch to native. We currently have e5.5 and plan to upgrade to e2k next month. (since we aren't in native, we can't do a migrations using the adc - right?) can i setup my new exchange server (offline) with w2k and e5.5 and then upgrade to 2000 then take down the production 5.5 and put the new 2k box into production? any gotchas? can i do this? thanks!! -- Thank you Jenn Fountain 215.712.5156 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Netlogon Service
Title: Message The Net Logon serviceverifies logon requests and controls replication of the user accounts database domain wide. Raun Holmes Network Administration Travelers Group -Original Message-From: Mayet, Yusuf Y [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 2:49 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Netlogon Service Does anyone know what adverse effects a "Directory Service" will experience if the NETLOGON Service is Disabled on aDomain Controller??? Thanks, Yusuf __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___
[ActiveDir] AD and NDS
We are working on deploying active directory in our environment. We currently use Netware 5.1 and NDS. We are trying to use Novell account management and Edir 8.6.2 in conjunction with AD. We are having a ton of problems getting this setup to work in our test lab. Has anyone else had any experience getting these products working together properly. We have worked with Novel and as usual their support is no help. Also does anyone have any experiences with Microsoft's MSDSS product? Any help or suggestions would be greatly appreciated. Thanks
RE: [ActiveDir] AD and NDS
I have worked quite a bit with MSDSS. It is really pretty straight forward. I have also done a few larger Netware 5.1 AD migrations where we used MSDSS and then used Aelitas (my company) Domain Migration Wizard to manage the enterprise project. Any specific questions about MSDSS? Kevin -Original Message- From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 5:06 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD and NDS We are working on deploying active directory in our environment. We currently use Netware 5.1 and NDS. We are trying to use Novell account management and Edir 8.6.2 in conjunction with AD. We are having a ton of problems getting this setup to work in our test lab. Has anyone else had any experience getting these products working together properly. We have worked with Novel and as usual their support is no help. Also does anyone have any experiences with Microsoft's MSDSS product? Any help or suggestions would be greatly appreciated. Thanks
Re: [ActiveDir] AD and NDS
We evaluated Account Management 2.1 but with eDir 8.5. If you're using the new DirXML 1.1 version of AM, I don't have any experience with it. Our testing was very disappointing and we ended up abandoning the product. We're a very large, distributed environment and have many, many NDS partitions with user accounts. Since AM requires the AM server (a Win 2000 DC, typically) to hold a copy of every partition with a user account you want to sync, it was impossible for us to get it to work. This was after trying to work with Novell for weeks, who kept insisting it would work -- until they agreed it wouldn't with AM 2.1. Now, DirXML 1.1 is supposed to allow us to point to the NDS servers, but we haven't deployed that yet. We are working on deploying active directory in our environment. We currently use Netware 5.1 and NDS. We are trying to use Novell account management and Edir 8.6.2 in conjunction with AD. We are having a ton of problems getting this setup to work in our test lab. Has anyone else had any experience getting these products working together properly. We have worked with Novel and as usual their support is no help. Also does anyone have any experiences with Microsoft's MSDSS product? Any help or suggestions would be greatly appreciated. Thanks -- David List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD and NDS
Thanks for the feedback. That reconfirms my thoughts on the product. The 8.6.2 version has the same problems that we were having with 8.5.2. I am glad to see that we are not the only ones having problems with this sorry product. Thanks David Adner [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/04/2002 08:24 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [ActiveDir] AD and NDS We evaluated Account Management 2.1 but with eDir 8.5. If you're using the new DirXML 1.1 version of AM, I don't have any experience with it. Our testing was very disappointing and we ended up abandoning the product. We're a very large, distributed environment and have many, many NDS partitions with user accounts. Since AM requires the AM server (a Win 2000 DC, typically) to hold a copy of every partition with a user account you want to sync, it was impossible for us to get it to work. This was after trying to work with Novell for weeks, who kept insisting it would work -- until they agreed it wouldn't with AM 2.1. Now, DirXML 1.1 is supposed to allow us to point to the NDS servers, but we haven't deployed that yet. We are working on deploying active directory in our environment. We currently use Netware 5.1 and NDS. We are trying to use Novell account management and Edir 8.6.2 in conjunction with AD. We are having a ton of problems getting this setup to work in our test lab. Has anyone else had any experience getting these products working together properly. We have worked with Novel and as usual their support is no help. Also does anyone have any experiences with Microsoft's MSDSS product? Any help or suggestions would be greatly appreciated. Thanks -- David List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/