RE: [ActiveDir] Script to find last logged on date
Title: Message You could check the password age (assuming users are forced to change their passwords every now and then). Andries -Original Message-From: Byrne, Steve [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 3:59 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Script to find last logged on date Hi, I'm looking for a way to find user accounts that have not been used for more than 6 months. Does anyone know where I can find a script to do this?Thanks, SB - ATTENTION: No legal consequences can be derived from the content of this e-mail and/or its attachments. Neither is sender committed to these. The content of this e-mail is exclusively intended for addressee(s) and information purposes. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Sender accepts no liability for any damage resulting from the use and/or acceptation of the content of this e-mail. Always scan attachments for viruses before opening them. -
RE: [ActiveDir] Gathering Computer Account Info via script
Chris, you may want to create an ldap query in your vb script to what ever container you are trying to enumerate and run through each object in that container, write that to a csv (or text, whatever you need), and then move on to the next container. Nested for loops would probably be the best thing. Something like AdsPath=LDAP://dc name/ou=lowest level of container,ou=container,ou=container,dc=etc,dc=etc, etc for your entire FQDN; Then do a foreach adsobj to return whatever values you are looking for. The properties you can pull and some tips on how to get the data can be found here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad /win2k3_entry_attributes_all.asp Hope this helps! John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] The more corrupt the state, the more numerous the laws. - Cornelius Tacitus -Original Message- From: England, Christopher M [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 7:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Gathering Computer Account Info via script Greetings all, I need to query a portion of the Active Directory (the OUs that I control) and get a list of computer objects and some associated data (Operating System name and version, for example). Can I do this with VBS/WSH? Thanks in advance for any help! Chris Christopher England Server Administrator College Information Technology Office Indiana University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script to find last logged on date
Title: Message Usrstat.exe from the Resource Kit displays the user name, full name, and last logon date and time for each user in the domain.Regards,/Jimmy --Jimmy Andersson, Q Advice ABMicrosoft MVP - Active Directory www.qadvice.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Byrne, SteveSent: Tuesday, December 17, 2002 3:59 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Script to find last logged on date Hi, I'm looking for a way to find user accounts that have not been used for more than 6 months. Does anyone know where I can find a script to do this?Thanks, SB
RE: [ActiveDir] Script to find last logged on date
Try the 30-day trial of RealLastLogon at tools4ever.com http://www.tools4ever.com/Products/rll/description.htm -Original Message- From: Byrne, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 8:59 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Script to find last logged on date Hi, I'm looking for a way to find user accounts that have not been used for more than 6 months. Does anyone know where I can find a script to do this? Thanks, SB List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS logs
Title: Message We use Sawmill (http://www.sawmill.net/) It is not very expensive and provides a great deal of analysis with little investment in time for setup. HTH Arron === Arron S. King Network Systems Administrator Ohio Dominican University [EMAIL PROTECTED] v: 614.251.4515 f: 614.252.2650 -Original Message-From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, December 17, 2002 9:17 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] IIS logs is there a utility out there to help you parse thru and read your IIS logs easier? the text logs show so much data.. it would be nice to have a product that would import the logs and make it look nicer.. and easier to read. Michael Ross Exchange Administrator Panduit Corp (708) 532-1800 x 1238 This message represents the official view of the voices in my head
RE: [ActiveDir] IIS logs
Title: Message I downloaded MS's LogParser 2.0 tool just a couple of weeks ago but I just checked and the link to it comes up blank. Looks like they took it off the downloads. I like the tool, it supports SQL syntax and will work on many formats besides IIS. Contact me offline if you want to try it. Jim Busick Database Network Analyst MCSE Santee School District Santee, CA 92071 -Original Message-From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]]Sent: Tuesday, December 17, 2002 6:17 AMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] IIS logs is there a utility out there to help you parse thru and read your IIS logs easier? the text logs show so much data.. it would be nice to have a product that would import the logs and make it look nicer.. and easier to read. Michael Ross Exchange Administrator Panduit Corp (708) 532-1800 x 1238 This message represents the official view of the voices in my head
RE: [ActiveDir] NT/AD Backup Solutions?
Have you looked into Backup Exec by Veritas Software? -Original Message- From: Canzoneri, Kurt [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 11:45 AM To: '[EMAIL PROTECTED]' Subject:[ActiveDir] NT/AD Backup Solutions? Hi All, We are currently looking at new backup software vendors. The two we have narrowed it down to are CommVault and BakBone. My question, has anyone had experience with either of them good or bad. Kurt Canzoneri, MCSE Network / System Engineer EIG Valassis / POD 47585 Galleon Drive Plymouth, MI 48170 Tel 734.354.2496 Fax 734.354.2694 [EMAIL PROTECTED] www.valassis.com This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS logs
I just started playing with Analog from http://www.analog.cx -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 9:17 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] IIS logs is there a utility out there to help you parse thru and read your IIS logs easier? the text logs show so much data.. it would be nice to have a product that would import the logs and make it look nicer.. and easier to read. Michael Ross Exchange Administrator Panduit Corp (708) 532-1800 x 1238 This message represents the official view of the voices in my head List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Root domain naming
Im in the middle of having an argument with the IT manager about the top-level domain name for our new A.D. deployment. The manager wants to use a nonstandard name for the domain (ie. Dc1.domain.gd) for the root domain. My position, which Ive read a number of places, is that we should use a standard, registered, name for the root. The managers contention is that this domain will never be live on the Net and so we can do whatever we want. As I said, Ive always read that you should use a registered name as your root, even if you arent going to be live, but there are never reasons given why this is good. What reasons should I go back to my manager with? Brad Martin
RE: [ActiveDir] Root domain naming
Title: Message That is the only reason I have heard that may make it worth the extra $10 bucks a year to register your name. Wouldn't this have also been the case if you merged with a company with the same NetBIOS name in NT 4.0? What is the probability of this happening? -Original Message-From: Hutchins, Mike [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:12 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Root domain naming If you ever (never say never) merge with someone else and they have the same forest name, you are hosified... We used root01.org and registered it. No ns records for it anywhere. no conflicts.. -Original Message-From: Brad Martin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:10 AMTo: Active Directory Mailing ListSubject: [ActiveDir] Root domain naming Im in the middle of having an argument with the IT manager about the top-level domain name for our new A.D. deployment. The manager wants to use a nonstandard name for the domain (ie. Dc1.domain.gd) for the root domain. My position, which Ive read a number of places, is that we should use a standard, registered, name for the root. The managers contention is that this domain will never be live on the Net and so we can do whatever we want. As I said, Ive always read that you should use a registered name as your root, even if you arent going to be live, but there are never reasons given why this is good. What reasons should I go back to my manager with? Brad Martin
RE: [ActiveDir] Little Questions
I would think putting Exchange aware a/v on all Exchange servers (regardless) would be a good idea. This should provide protection from internally-spawned viruses (say from a user who might have outlook connected to a POP3 server Exchange at the same time, or perhaps a user who gets a virus from a download etc) About 2 years ago we only had SMTP gateway level A/V. I've managed to block out the name of the particular virus; but we had a user who connected his outlook profile to our exchange server and his own pop 3 account at the same time. Picked up the virus of the moment, and it spread like wildfire. Now we have an Exchange-aware A/V that acutally scans the store, and uses the anti-virus api to scan messages as they are sent. We have not had a single outbreak since. HTH Arron === Arron S. King Network Systems Administrator Ohio Dominican University [EMAIL PROTECTED] v: 614.251.4515 f: 614.252.2650 -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Outlook XP makes me want to throw it out the wind ow!
An update: I have tried to remove the user profile and recreate a new one. Same result happens of being prompter for a password, and then being rejected. I have removed the account from Outlook and created a new one that points to the user's account in Ex2k sp3. Same result. I have followed MS KB Q321652 which talks about missing one or more values in the registry for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols. I looke dup the registry entry, noticed one of them were missing, added the missing string and rebooted. Same result. I have taken password authentication to none. Same Result. I have removed the local area connection in her Windows XP, installed a new local area connection, and made sure that TCP/IP was in there. Same Result. I however can not uninstall TCP/IP, just uncheck it. I have released and renewed ipconfig. Same result. I have put her computer on DHCP. It was a static IP before, and we have DHCP running in the office for laptop users. Same result. Just to re-fresh everyone on this problem: # I have been battling a problem with one of my user's machines for the past week. She is running Windows XP Pro, Office XP Pro SP1. Whenever she starts up her Outlook, she gets prompter for the username, password and server. I put the information in exactly as it should be (and have verified with my AD on the server) and I get the following message: Your login information was incorrect. Check your username and domain, then type in your password again. If your account is new or if your administrator requested a password change you need to click Change Password then logon with your new password. I re-check the info in the AD on the server via VNC so I am right there at her terminal doing double checks. I re-enter the password, and get the message again. I change the password on the AD, then enter the new password on her Outlook (usually use 1 as the password so I know I type it correct) and still get the above error. I need to get this resolved for her as she is in charge of accounting and has made my life hell in the past because since I am the IT Manager I should be all knowing, all powerful (a common misconception by those users that know no better) So, please if anyone knows what I can do to resolve this, please let me know. I'm at my wits end! ## Thanks, Chris List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD and LDAP and single sign on for UNIX
Using SFU is probably the most clear path to integration. However that tool allows Unix machines to authenticate against AD, not necessarily the other way around I think. The PDF that was posted is good reading. It indicates that LDAP is NOT an authentication protocol. They chose to build a system, which has good design but requires C++ programming and it is not future proof. There are password synching tools and metadirectories but these still require separate login processes for each directory. I have wrestled with the concept myself and a clear victory was not achieved. One difficulty is in getting servers and clients to honor the same token/credential set after login. So the user does not have to log in again and again. Kerberos was hoped to be that mechanism (at least between NT and UNIX) but the MS implementation is somewhat proprietary. There is a way to make it work. But it was not worth the effort for our use. Roger Seielstad roger.seielstad@inovisTo: '[EMAIL PROTECTED]' [EMAIL PROTECTED] .com cc: Sent by: Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX [EMAIL PROTECTED] tivedir.org 12/17/2002 06:56 AM Please respond to ActiveDir As with many things, it depends. Between things like Services for Unix (from MS) and some competitors, there are password sync capabilities. There is a Technet article on getting Solaris (version 8) to authenticate via Kerberos against AD. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Byrne, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 9:51 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD and LDAP and single sign on for UNIX Is it possible to get our users to authenticate to our UNIX boxes using their AD account? I was hoping I could use LDAP List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD and LDAP and single sign on for UNIX
Title: Message Thanks, I will look into a commercial product as I think it will save me time in the long run.. A lot of people I have spoken to are under the impression that AD LDAP can be used as an authentication protocol. I see now this is not true, however I did read somewhere that LDAP v3 can support some type of encryption to allow secure transfer of sensitive data. Is this true? -Original Message-From: Márcio Schneider [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 18 December 2002 2:24 a.m.To: [EMAIL PROTECTED]Subject: RES: [ActiveDir] AD and LDAP and single sign on for UNIX Both roads. You can do the auth via kerberos, and retrieve user and group info from AD. It works, I tested here. See www.padl.com for more info. Regards, Márcio Schneider -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Em nome de Byrne, SteveEnviada em: terça-feira, 17 de dezembro de 2002 01:38Para: '[EMAIL PROTECTED]'Assunto: RE: [ActiveDir] AD and LDAP and single sign on for UNIX Should I go down the Kerberos road or the LDAP road... What do others prefer to do? -Original Message-From: Larry A. Duncan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 December 2002 4:19 p.m.To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX It's slow to load, but this PDF has some good information about using LDAP as the singular provider. http://www.dayioglu.net/presentations/ldap-auth.pdf Larry A. Duncan, MCSA/MCSE Solutions Architect, CompTrends Consulting [EMAIL PROTECTED] http://www.comptrends.com/ ph. 615.598.0241 DMOZ: Systems_Management/InstallersLAUNCHCast Radio: 1237556939 Columnist: myITForum.com Author: Windows .NET Magazine -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Byrne, SteveSent: Monday, December 16, 2002 8:51 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] AD and LDAP and single sign on for UNIX Is it possible to get our users to authenticate to our UNIX boxes using their AD account? I was hoping I could use LDAP
RE: [ActiveDir] Little Questions
Shawn, Any recommendations on a SMTP getway scanner (hardware or software) ? Dave K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Exchange Antivirus on both mail servers if your Exchange antivirus product is scanning the information store (your on Exchange 5.5 I believe). You need coverage on your Exchange servers for internal messaging (messages not originating from the Internet). There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI will scan message as they enter the information store and MAPI will scan messages as the user accesses them in the information store. Choose a product that will scan using either or a combination of both interfaces. We use a SMTP gateway scanner to scan mail as it enters the company. This box forwards mail to our Exchange Organization. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Little Questions
Trend Interscan Viruswall is the best one, IMO. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 2:45 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Little Questions Shawn, Any recommendations on a SMTP getway scanner (hardware or software) ? Dave K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Exchange Antivirus on both mail servers if your Exchange antivirus product is scanning the information store (your on Exchange 5.5 I believe). You need coverage on your Exchange servers for internal messaging (messages not originating from the Internet). There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI will scan message as they enter the information store and MAPI will scan messages as the user accesses them in the information store. Choose a product that will scan using either or a combination of both interfaces. We use a SMTP gateway scanner to scan mail as it enters the company. This box forwards mail to our Exchange Organization. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Little Questions
We use Norton Antivirus for Gateways version 2.something. They have a newer version 3.0 that will allow spam filtering by sender name and/or spam lists(Spam lists by subscription $$$ from Mail Abuse Prevention systems, L.L.C). I also use this product to block attachments :-) -Original Message- From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 2:45 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Little Questions Shawn, Any recommendations on a SMTP getway scanner (hardware or software) ? Dave K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Exchange Antivirus on both mail servers if your Exchange antivirus product is scanning the information store (your on Exchange 5.5 I believe). You need coverage on your Exchange servers for internal messaging (messages not originating from the Internet). There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI will scan message as they enter the information store and MAPI will scan messages as the user accesses them in the information store. Choose a product that will scan using either or a combination of both interfaces. We use a SMTP gateway scanner to scan mail as it enters the company. This box forwards mail to our Exchange Organization. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Little Questions
I second that. Antigen is very good. I would suggest keeping different vendor's AV solutions on your SMTP Gateway vs. your Exchange servers... If one of them doesn't catch it, the heuristics of the other AV engine (or the newer defs that one vendor releases before the other) might, increasing your odds of defeating exploits, worms and viruses. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Antigen from Sybari Software -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Kinnamon Sent: Tuesday, December 17, 2002 11:45 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Little Questions Shawn, Any recommendations on a SMTP getway scanner (hardware or software) ? Dave K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Little Questions Exchange Antivirus on both mail servers if your Exchange antivirus product is scanning the information store (your on Exchange 5.5 I believe). You need coverage on your Exchange servers for internal messaging (messages not originating from the Internet). There are two virus scanning API's for Exchange 5.5, MAPI and VAPI. VAPI will scan message as they enter the information store and MAPI will scan messages as the user accesses them in the information store. Choose a product that will scan using either or a combination of both interfaces. We use a SMTP gateway scanner to scan mail as it enters the company. This box forwards mail to our Exchange Organization. -Original Message- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 10:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Little Questions Hello everyone, I have some little questions. If you have two exchange servers do you need to have Exchange Antivirus on both or just the server with the Internet Mail Connector on it? Having a Exchange server in a forest root and an exchange server in a child domain, the exchange server in the child domain requires what kind of admin access? Does the server need to utilize the admin account from the child domain or the forest root? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD and LDAP and single sign on for UNIX
You can use SSL to encrypt an LDAP conversation just like HTTP. This increases security but it is not a substitute for authentication. You can also write your own SSPI if you know how to that could handle authentication for you, but that is only half of the problem. Byrne, Steve [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/17/2002 02:29 PM Please respond to ActiveDir To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc: Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX Thanks, I will look into a commercial product as I think it will save me time in the long run.. A lot of people I have spoken to are under the impression that AD LDAP can be used as an authentication protocol. I see now this is not true, however I did read somewhere that LDAP v3 can support some type of encryption to allow secure transfer of sensitive data. Is this true? -Original Message- From: Márcio Schneider [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 18 December 2002 2:24 a.m. To: [EMAIL PROTECTED] Subject: RES: [ActiveDir] AD and LDAP and single sign on for UNIX Both roads. You can do the auth via kerberos, and retrieve user and group info from AD. It works, I tested here. See www.padl.com for more info. Regards, Márcio Schneider -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Em nome de Byrne, Steve Enviada em: terça-feira, 17 de dezembro de 2002 01:38 Para: '[EMAIL PROTECTED]' Assunto: RE: [ActiveDir] AD and LDAP and single sign on for UNIX Should I go down the Kerberos road or the LDAP road... What do others prefer to do? -Original Message- From: Larry A. Duncan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 17 December 2002 4:19 p.m. To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and LDAP and single sign on for UNIX It's slow to load, but this PDF has some good information about using LDAP as the singular provider. http://www.dayioglu.net/presentations/ldap-auth.pdf Larry A. Duncan, MCSA/MCSE Solutions Architect, CompTrends Consulting [EMAIL PROTECTED] http://www.comptrends.com/ ph. 615.598.0241 DMOZ: Systems_Management/Installers LAUNCHCast Radio: 1237556939 Columnist: myITForum.com Author: Windows .NET Magazine -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Byrne, Steve Sent: Monday, December 16, 2002 8:51 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD and LDAP and single sign on for UNIX Is it possible to get our users to authenticate to our UNIX boxes using their AD account? I was hoping I could use LDAP
[ActiveDir] the ADC (yeah, baby!)
Title: the ADC (yeah, baby!) When creating the ADC to work with E5.5 and AD, what do you elect to do with the accounts the ADC creates? We're using a migration tool that will migrate users, and having the ADC create disabled users or contacts or enabled users seems like all bad choices (since the migration tool will create these same users WITH sID HISTORY)... All thoughts and suggestions are welcome! Thanks! Joe
RE: [ActiveDir] the ADC (yeah, baby!) - Oh Behave!
Title: the ADC (yeah, baby!) Highly highly highly recommend you go thru your exchange 5.5 user directory with NTDSNoMatch. http://support.microsoft.com/default.aspx?scid=KB;en-us;q274173If you get a one to one mapping between exch5.5 accounts and AD users it makes life alot easier. Of course Im making some assumptions about your setup. (like the fact you have exchange 5.5 in your AD mixed or native mode forest) Give us some more details about your current setup if thats an incorrect assumption. Clyde Burns -Original Message-From: Pelle, Joe [mailto:[EMAIL PROTECTED]]Sent: Tuesday, December 17, 2002 4:32 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] the ADC (yeah, baby!) When creating the ADC to work with E5.5 and AD, what do you elect to do with the accounts the ADC creates? We're using a migration tool that will migrate users, and having the ADC create disabled users or contacts or enabled users seems like all bad choices (since the migration tool will create these same users WITH sID HISTORY)... All thoughts and suggestions are welcome! Thanks! Joe
[ActiveDir] Newbie Style Question
Title: the ADC (yeah, baby!) I have found on Microsofts website a script that creates a share on a remote computer. I have also found a script on their site that will create a folder locally only. Does anyone have a script for creating a folder remotely so I can run the following script on it. Const FILE_SHARE = 0Const MAXIMUM_CONNECTIONS = 25strComputer = .Set objWMIService = GetObject(winmgmts: _ {impersonationLevel=impersonate}!\\ strComputer \root\cimv2)Set objNewShare = objWMIService.Get(Win32_Share)errReturn = objNewShare.Create _ (C:\Finance, FinanceShare, FILE_SHARE, _ MAXIMUM_CONNECTIONS, Public share for the Finance group.) Wscript.Echo errReturn We are trying to automate as much as possible the account creation process including the creation of our Home Directories. John Exum Harding University
[ActiveDir] the ADC (yeah, baby!)
Return Receipt Your [ActiveDir] the ADC (yeah, baby!) document : was Jim Katoe/MindShare/NewYork/Media received by: at: 12/17/2002 05:08:29 PM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] the ADC (yeah, baby!)
Title: Message Ah... Will merging them enable the account then? Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Hutchins, Mike [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 4:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] the ADC (yeah, baby!) create disabled accounts, then merge them.. -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] the ADC (yeah, baby!) When creating the ADC to work with E5.5 and AD, what do you elect to do with the accounts the ADC creates? We're using a migration tool that will migrate users, and having the ADC create disabled users or contacts or enabled users seems like all bad choices (since the migration tool will create these same users WITH sID HISTORY)... All thoughts and suggestions are welcome! Thanks! Joe