[ActiveDir] AD restore to dissimilar hardware
Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD restore to dissimilar hardware
Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] NT sp6a does it have ADSI
When you install SP6a on a NT4 machine does that include the ADSI components? Regards, Carlos Magalhaes - This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed, whose privacy should be respected. Any views or opinions are solely those of the author and do not necessarily represent those of the Trencor Group, or any of its representatives, unless specifically stated. Email transmission cannot be guaranteed to be secure, error free or without virus contamination. The sender therefore accepts no liability for any errors or omissions in the contents of this message, nor for any virus infection that might result from opening this message. Trencor is not responsible in the event of any third party interception of this email. If you have received this email in error please notify [EMAIL PROTECTED] For more information about Trencor, visit www.trencor.net http://www.trencor.net When you install SP6a on a NT4 machine does that include the ADSI components? Regards, Carlos Magalhaes
RE: [ActiveDir] AD Lab
Title: Message If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receivingUnable toestablishconnection with a GC. Any suggestion would be great.
RE: [ActiveDir] AD restore to dissimilar hardware
i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] NT sp6a does it have ADSI
Nope. Grab it here. http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:06 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NT sp6a does it have ADSI When you install SP6a on a NT4 machine does that include the ADSI components? Regards, Carlos Magalhaes - This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed, whose privacy should be respected. Any views or opinions are solely those of the author and do not necessarily represent those of the Trencor Group, or any of its representatives, unless specifically stated. Email transmission cannot be guaranteed to be secure, error free or without virus contamination. The sender therefore accepts no liability for any errors or omissions in the contents of this message, nor for any virus infection that might result from opening this message. Trencor is not responsible in the event of any third party interception of this email. If you have received this email in error please notify [EMAIL PROTECTED] For more information about Trencor, visit www.trencor.net http://www.trencor.net List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lab
Title: Message If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources Id through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receivingUnable toestablishconnection with a GC. Any suggestion would be great. �
RE: [ActiveDir] AD Lab
Yes, it would. In general, single domains, all DC's should also be GC's. Roger -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed a BDC on the production network, disconnect it from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but, I'm receiving Unable to establish connection with a GC. Any suggestion would be great. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] file replication
The netlogon directory if it is a downlevel client and the sysvol dir if it is a windows 2000 client -Original Message- From: Jim Busick [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 5:34 PM To: ActiveDirList (E-mail) Subject:[ActiveDir] file replication We've just completed an AD upgrade of our PDC and promoted a Win2k member server to DC (the BDC died during the upgrade). Everything seems to be working fine but I can't find the $REPL share on the DC that we promoted. In the NT domain, we set up replication between the PDC and BDC. I guess my question is, if a user authenticates to the promoted DC, where does it get its old NT scripts and policies? Jim Busick Database Network Analyst MCSE Santee School District Santee, CA 92071 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD restore to dissimilar hardware
Hi Jimmy - That certainly looks like a lot of fun - and exciting if you run into any problems ! When are you and Mark-Allen hitting Credit Suisse ? Cheers, Jerry - Original Message - From: Jimmy Andersson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 07, 2003 7:59 AM Subject: RE: [ActiveDir] AD restore to dissimilar hardware Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] NT sp6a does it have ADSI
No sir - you'd have to pick it up separately from here : http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/ -Original Message- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:06 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NT sp6a does it have ADSI When you install SP6a on a NT4 machine does that include the ADSI components? Regards, Carlos Magalhaes - This email and any files transmitted are confidential and intended solely for the use of the individual or entity to which they are addressed, whose privacy should be respected. Any views or opinions are solely those of the author and do not necessarily represent those of the Trencor Group, or any of its representatives, unless specifically stated. Email transmission cannot be guaranteed to be secure, error free or without virus contamination. The sender therefore accepts no liability for any errors or omissions in the contents of this message, nor for any virus infection that might result from opening this message. Trencor is not responsible in the event of any third party interception of this email. If you have received this email in error please notify [EMAIL PROTECTED] For more information about Trencor, visit www.trencor.net http://www.trencor.net List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lab
Title: Message When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources Id through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message-From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message-From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receiving"Unable toestablishconnection with a GC. Any suggestion would be great. �
RE: [ActiveDir] AD Lab
Title: Message Agreed -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab Right - - but if you have more than one DC I recommend making one of the ones without FSMO roles the GC -Original Message-From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources Id through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message-From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message-From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receiving"Unable toestablishconnection with a GC. Any suggestion would be great. �
RE: [ActiveDir] AD Lab
Title: Message I thought it is the best and safest way not to make the exchange server being part of any administration/network roles (FSMO, GC, etc..) aside from being a DC member? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig CerinoSent: Tuesday, January 07, 2003 10:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab Right - - but if you have more than one DC I recommend making one of the ones without FSMO roles the GC -Original Message-From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message-From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources Id through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message-From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message-From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receiving"Unable toestablishconnection with a GC. Any suggestion would be great.
RE: [ActiveDir] AD restore to dissimilar hardware
Is this the only DC you have? If not, why don't you just build a new box and run DCpromo to make it a DC with new data replicated from your other DCs? Diane -Original Message- From: osman filiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 5:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lab
Hey Roger, Say more about expanding certain groups... that's one I was unaware of. And also, don't GC create some additional indices that DCs don't normally have? -gil -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab That's not entirely correct. All the information is indeed there, but global catalogs do a few things DCs don't (like expanding certain groups) and therefore you need GC's. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources I'd through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us; 313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed a BDC on the production network, disconnect it from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but, I'm receiving Unable to establish connection with a GC. Any suggestion would be great. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD restore to dissimilar hardware
Osman, Forget it, it will not work. See my cut/paste from the last posting I did on this. Microsoft even says that restoring AD from scratch is pretty much impossible without similar hardware. It's not in a document but PSS told me this. Having move DC's around is the way to keep you network going. Multiple physical sites is the way to go. Like I said read the story below: SNIP After have been trough this myself in the last couple of weeks and spending a large amount of hours on the phone with MS PSS, this is what my conclusion is. There are 2 ways to build a AD test environment. First way: -Do a system disk and system state backup. -Take a machine that has the same hardware for your lab. (Vendor, raid controller, disks, NIC's, video card, memory, firmware levels) If any of the components are not the same it will take you a lot of hours to find out why it does not work and which component is not working. Even with something as simple as the amount of CPU's. -Do a system disk and system state restore according to MS Active Directory Disaster Recovery document. (Authoritative restore, restore 2 times, one to org location, one to alternate location, ntdsutil. Reboot, wait for sysvol share, copy sysvol data, etc. etc. etc. Lot of work (many hours, but it can work, but like I said if it is not exactly the same hardware forget it, only $245 with PSS will get it to work. Second way: -Install the machine that will run your AD in your lab as a DC in your production first. Let it sync up everything and pull it of the wire. (30 minutes). -Seize all the FSMO roles. -Clean up the metadata Q216498 (delete all the servers that are no longer in the AD and that will not be restored). -Delete the servers that you are not going to restore out of Sites and Services. -Reboot -Run DCDIAG / V C:\output.txt Then search this file for any errors -Check the eventlog for any errors. I always thought that the first way was the preferred way to do it, but after talking to a AD guru at PSS, I learned that the preferred way is number two. Basically what he said is that if you have more that 1 physical site in your company, put a DC there for DR, if not, you better have identical HW available when you need to do a DR, they cannot guarantee it will work on completely different hardware. Good luck! Fred SNIP -Original Message- From: osman filiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD restore to dissimilar hardware
What about the other option? -Build a restore server -boot into DS recovery mode -do an authoritative restore of AD Keep in mind that system state includes system specific information, so restoring the full system state would by design require the same hardware. On the other hand, restoring just AD doesn't require identical hardware. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Osman, Forget it, it will not work. See my cut/paste from the last posting I did on this. Microsoft even says that restoring AD from scratch is pretty much impossible without similar hardware. It's not in a document but PSS told me this. Having move DC's around is the way to keep you network going. Multiple physical sites is the way to go. Like I said read the story below: SNIP After have been trough this myself in the last couple of weeks and spending a large amount of hours on the phone with MS PSS, this is what my conclusion is. There are 2 ways to build a AD test environment. First way: -Do a system disk and system state backup. -Take a machine that has the same hardware for your lab. (Vendor, raid controller, disks, NIC's, video card, memory, firmware levels) If any of the components are not the same it will take you a lot of hours to find out why it does not work and which component is not working. Even with something as simple as the amount of CPU's. -Do a system disk and system state restore according to MS Active Directory Disaster Recovery document. (Authoritative restore, restore 2 times, one to org location, one to alternate location, ntdsutil. Reboot, wait for sysvol share, copy sysvol data, etc. etc. etc. Lot of work (many hours, but it can work, but like I said if it is not exactly the same hardware forget it, only $245 with PSS will get it to work. Second way: -Install the machine that will run your AD in your lab as a DC in your production first. Let it sync up everything and pull it of the wire. (30 minutes). -Seize all the FSMO roles. -Clean up the metadata Q216498 (delete all the servers that are no longer in the AD and that will not be restored). -Delete the servers that you are not going to restore out of Sites and Services. -Reboot -Run DCDIAG / V C:\output.txt Then search this file for any errors -Check the eventlog for any errors. I always thought that the first way was the preferred way to do it, but after talking to a AD guru at PSS, I learned that the preferred way is number two. Basically what he said is that if you have more that 1 physical site in your company, put a DC there for DR, if not, you better have identical HW available when you need to do a DR, they cannot guarantee it will work on completely different hardware. Good luck! Fred SNIP -Original Message- From: osman filiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ:
RE: [ActiveDir] AD Lab
I believe the GCs do a number of additional processes, including changing the index structure. From Design Considerations for Windows 2000 Active Directory with Exchange 2000 Server in Mind (in Technet): Universal Groups also carry some baggage with their usage. Universal group membership must be determined at the time of logon. Because the scope of Universal groups is universal, propagation of this group type is done through the global catalog. Thus, not only does the Universal group itself replicate globally, but the membership of that group also replicates. Universal groups with a large membership generate additional replication overhead the membership of the Universal group changes. Taking another angle - in a single domain, why WOULDN'T you make all your DC's Global Catalogs as well? There's no replication hit for it... -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab Hey Roger, Say more about expanding certain groups... that's one I was unaware of. And also, don't GC create some additional indices that DCs don't normally have? -gil -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab That's not entirely correct. All the information is indeed there, but global catalogs do a few things DCs don't (like expanding certain groups) and therefore you need GC's. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources I'd through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us; 313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed a BDC on the production network, disconnect it from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but, I'm receiving Unable to establish connection with a GC. Any suggestion would be great. List info : http://www.activedir.org/mail_list.htm List FAQ:
RE: [ActiveDir] AD Lab
Indexes are defined in the schema, and the schema is the same throughout the forest. As far as I know, there are no additional indexes on GCs. Little known fact: Active Directory knows to short circuit certain operations that require a GC if it knows it is in a single domain environment. For example, when processing native mode user logons a DC in a single domain environment knows that it does not need to contact a GC to expand the user's Universal Group memberships - it just has to look in the local domain for all group memberships. The same cannot be said for all AD-aware applications, including things like Exchange 2000 or more mundane things like the Object Picker on Windows client machines. For good reasons, many of these apps don't try to make special cases for certain environments and always expect a GC to be present. For this reason, it is a best practice to make all DCs into GCs in a single domain environment. There is virtually no overhead in making a DC into a GC (in a single domain environment). The DC simply registers in DNS as a GC, opens the GC port, and responds appropriately to GC queries. Cheers, Stuart [This posting is provided AS IS with no warranties, and confers no rights.] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:20 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab I believe the GCs do a number of additional processes, including changing the index structure. From Design Considerations for Windows 2000 Active Directory with Exchange 2000 Server in Mind (in Technet): Universal Groups also carry some baggage with their usage. Universal group membership must be determined at the time of logon. Because the scope of Universal groups is universal, propagation of this group type is done through the global catalog. Thus, not only does the Universal group itself replicate globally, but the membership of that group also replicates. Universal groups with a large membership generate additional replication overhead the membership of the Universal group changes. Taking another angle - in a single domain, why WOULDN'T you make all your DC's Global Catalogs as well? There's no replication hit for it... -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab Hey Roger, Say more about expanding certain groups... that's one I was unaware of. And also, don't GC create some additional indices that DCs don't normally have? -gil -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab That's not entirely correct. All the information is indeed there, but global catalogs do a few things DCs don't (like expanding certain groups) and therefore you need GC's. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources I'd through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us; 313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
RE: [ActiveDir] AD restore to dissimilar hardware
It means my active directory, domain died? From: Van Donk, Fred [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 10:23:21 -0500 Osman, Forget it, it will not work. See my cut/paste from the last posting I did on this. Microsoft even says that restoring AD from scratch is pretty much impossible without similar hardware. It's not in a document but PSS told me this. Having move DC's around is the way to keep you network going. Multiple physical sites is the way to go. Like I said read the story below: SNIP After have been trough this myself in the last couple of weeks and spending a large amount of hours on the phone with MS PSS, this is what my conclusion is. There are 2 ways to build a AD test environment. First way: -Do a system disk and system state backup. -Take a machine that has the same hardware for your lab. (Vendor, raid controller, disks, NIC's, video card, memory, firmware levels) If any of the components are not the same it will take you a lot of hours to find out why it does not work and which component is not working. Even with something as simple as the amount of CPU's. -Do a system disk and system state restore according to MS Active Directory Disaster Recovery document. (Authoritative restore, restore 2 times, one to org location, one to alternate location, ntdsutil. Reboot, wait for sysvol share, copy sysvol data, etc. etc. etc. Lot of work (many hours, but it can work, but like I said if it is not exactly the same hardware forget it, only $245 with PSS will get it to work. Second way: -Install the machine that will run your AD in your lab as a DC in your production first. Let it sync up everything and pull it of the wire. (30 minutes). -Seize all the FSMO roles. -Clean up the metadata Q216498 (delete all the servers that are no longer in the AD and that will not be restored). -Delete the servers that you are not going to restore out of Sites and Services. -Reboot -Run DCDIAG / V C:\output.txt Then search this file for any errors -Check the eventlog for any errors. I always thought that the first way was the preferred way to do it, but after talking to a AD guru at PSS, I learned that the preferred way is number two. Basically what he said is that if you have more that 1 physical site in your company, put a DC there for DR, if not, you better have identical HW available when you need to do a DR, they cannot guarantee it will work on completely different hardware. Good luck! Fred SNIP -Original Message- From: osman filiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
[ActiveDir] Extend AD for Exchange
Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. begin:vcard n:Shukovsky;John tel;cell:609-226-7553 tel;work:609-292-5921 x-mozilla-html:FALSE org:NJ Department of Human Services;Network Operations adr:;; version:2.1 fn:John Shukovsky end:vcard
RE: [ActiveDir] AD Lab
Thanks Stuart... -gil -Original Message- From: Stuart Kwan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab Indexes are defined in the schema, and the schema is the same throughout the forest. As far as I know, there are no additional indexes on GCs. Little known fact: Active Directory knows to short circuit certain operations that require a GC if it knows it is in a single domain environment. For example, when processing native mode user logons a DC in a single domain environment knows that it does not need to contact a GC to expand the user's Universal Group memberships - it just has to look in the local domain for all group memberships. The same cannot be said for all AD-aware applications, including things like Exchange 2000 or more mundane things like the Object Picker on Windows client machines. For good reasons, many of these apps don't try to make special cases for certain environments and always expect a GC to be present. For this reason, it is a best practice to make all DCs into GCs in a single domain environment. There is virtually no overhead in making a DC into a GC (in a single domain environment). The DC simply registers in DNS as a GC, opens the GC port, and responds appropriately to GC queries. Cheers, Stuart [This posting is provided AS IS with no warranties, and confers no rights.] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:20 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab I believe the GCs do a number of additional processes, including changing the index structure. From Design Considerations for Windows 2000 Active Directory with Exchange 2000 Server in Mind (in Technet): Universal Groups also carry some baggage with their usage. Universal group membership must be determined at the time of logon. Because the scope of Universal groups is universal, propagation of this group type is done through the global catalog. Thus, not only does the Universal group itself replicate globally, but the membership of that group also replicates. Universal groups with a large membership generate additional replication overhead the membership of the Universal group changes. Taking another angle - in a single domain, why WOULDN'T you make all your DC's Global Catalogs as well? There's no replication hit for it... -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:46 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab Hey Roger, Say more about expanding certain groups... that's one I was unaware of. And also, don't GC create some additional indices that DCs don't normally have? -gil -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:50 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab That's not entirely correct. All the information is indeed there, but global catalogs do a few things DCs don't (like expanding certain groups) and therefore you need GC's. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources I'd through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us; 313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print
RE: [ActiveDir] AD restore to dissimilar hardware
How?Is there a way to restore only active directory?I know that system state is restored for all. From: Roger Seielstad [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 10:57:37 -0500 What about the other option? -Build a restore server -boot into DS recovery mode -do an authoritative restore of AD Keep in mind that system state includes system specific information, so restoring the full system state would by design require the same hardware. On the other hand, restoring just AD doesn't require identical hardware. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 10:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Osman, Forget it, it will not work. See my cut/paste from the last posting I did on this. Microsoft even says that restoring AD from scratch is pretty much impossible without similar hardware. It's not in a document but PSS told me this. Having move DC's around is the way to keep you network going. Multiple physical sites is the way to go. Like I said read the story below: SNIP After have been trough this myself in the last couple of weeks and spending a large amount of hours on the phone with MS PSS, this is what my conclusion is. There are 2 ways to build a AD test environment. First way: -Do a system disk and system state backup. -Take a machine that has the same hardware for your lab. (Vendor, raid controller, disks, NIC's, video card, memory, firmware levels) If any of the components are not the same it will take you a lot of hours to find out why it does not work and which component is not working. Even with something as simple as the amount of CPU's. -Do a system disk and system state restore according to MS Active Directory Disaster Recovery document. (Authoritative restore, restore 2 times, one to org location, one to alternate location, ntdsutil. Reboot, wait for sysvol share, copy sysvol data, etc. etc. etc. Lot of work (many hours, but it can work, but like I said if it is not exactly the same hardware forget it, only $245 with PSS will get it to work. Second way: -Install the machine that will run your AD in your lab as a DC in your production first. Let it sync up everything and pull it of the wire. (30 minutes). -Seize all the FSMO roles. -Clean up the metadata Q216498 (delete all the servers that are no longer in the AD and that will not be restored). -Delete the servers that you are not going to restore out of Sites and Services. -Reboot -Run DCDIAG / V C:\output.txt Then search this file for any errors -Check the eventlog for any errors. I always thought that the first way was the preferred way to do it, but after talking to a AD guru at PSS, I learned that the preferred way is number two. Basically what he said is that if you have more that 1 physical site in your company, put a DC there for DR, if not, you better have identical HW available when you need to do a DR, they cannot guarantee it will work on completely different hardware. Good luck! Fred SNIP -Original Message- From: osman filiz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware i have read this document and i apply the steps i repaired the windows but still there is blue screen... From: Jimmy Andersson [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 7 Jan 2003 13:59:23 +0100 Disaster Recovery of Active Directory on Dissimilar Hardware: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532; Regards, /Jimmy -- Jimmy Andersson, Q Advice AB Microsoft MVP - Active Directory www.qadvice.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of osman filiz Sent: Tuesday, January 07, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD restore to dissimilar hardware Hi, I have one domain controller that has hardware problem about RAID Card; now i cannot fix it and i want to restore active directory to another pc with IDE controller.But i can't...After restoring active directory it gives the blue screen message while startup : 0x007B INACCESSIBLE BOOT DEVICE. Ýs it possible to restore AD to dissimilar hard disk controller platform? Any comment? _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info :
RE: [ActiveDir] Extend AD for Exchange
Post the first 4 lines of your exschema.ldf file and let's see. The error looks pretty clear to me. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Extend AD for Exchange Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Extend AD for Exchange
What is the file you are importing, it is saying that the error in on line 3? -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject:[ActiveDir] Extend AD for Exchange File: Card for John Shukovsky Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD restore to dissimilar hardware
I'm trying to remember how to do that, but it was something I was playing
with in the lab a while ago.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: osman filiz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 11:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
How?Is there a way to restore only active directory?I know
that system state
is restored for all.
From: Roger Seielstad [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Date: Tue, 7 Jan 2003 10:57:37 -0500
What about the other option?
-Build a restore server
-boot into DS recovery mode
-do an authoritative restore of AD
Keep in mind that system state includes system specific
information, so
restoring the full system state would by design require the
same hardware.
On the other hand, restoring just AD doesn't require
identical hardware.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 10:23 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Osman,
Forget it, it will not work. See my cut/paste from the last
posting I did on this.
Microsoft even says that restoring AD from scratch is pretty
much impossible without similar hardware. It's not in a
document but PSS told me this.
Having move DC's around is the way to keep you network going.
Multiple physical sites is the way to go. Like I said read
the story below:
SNIP
After have been trough this myself in the last couple of
weeks and spending a large amount of hours on the phone with
MS PSS, this is what my conclusion is.
There are 2 ways to build a AD test environment.
First way:
-Do a system disk and system state backup.
-Take a machine that has the same hardware for your lab.
(Vendor, raid controller, disks, NIC's, video card, memory,
firmware levels) If any of the components are not the same it
will take you a lot of hours to find out why it does not work
and which component is not working. Even with something as
simple as the amount of CPU's.
-Do a system disk and system state restore according to MS
Active Directory Disaster Recovery document. (Authoritative
restore, restore 2 times, one to org location, one to
alternate location, ntdsutil. Reboot, wait for sysvol share,
copy sysvol data, etc. etc. etc.
Lot of work (many hours, but it can work, but like I said if
it is not exactly the same hardware forget it, only $245 with
PSS will get it to work.
Second way:
-Install the machine that will run your AD in your lab as a
DC in your production first. Let it sync up everything and
pull it of the wire. (30 minutes).
-Seize all the FSMO roles.
-Clean up the metadata Q216498 (delete all the servers that
are no longer in the AD and that will not be restored).
-Delete the servers that you are not going to restore out of
Sites and Services.
-Reboot
-Run DCDIAG / V C:\output.txt Then search this file for
any errors
-Check the eventlog for any errors.
I always thought that the first way was the preferred way to
do it, but after talking to a AD guru at PSS, I learned that
the preferred way is number two. Basically what he said is
that if you have more that 1 physical site in your company,
put a DC there for DR, if not, you better have identical HW
available when you need to do a DR, they cannot guarantee it
will work on completely different hardware.
Good luck!
Fred
SNIP
-Original Message-
From: osman filiz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 8:19 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
i have read this document and i apply the steps i repaired
the windows but
still there is blue screen...
From: Jimmy Andersson [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Date: Tue, 7 Jan 2003 13:59:23 +0100
Disaster Recovery of Active Directory on Dissimilar Hardware:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532;
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
www.qadvice.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
osman filiz
RE: [ActiveDir] AD restore to dissimilar hardware
Look at the procedures to do an authoritative restore. You can restore the
system state to an alternate location, and you should be able to restore the
entire AD, from the root level, in your lab.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: osman filiz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 11:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
How?Is there a way to restore only active directory?I know
that system state
is restored for all.
From: Roger Seielstad [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Date: Tue, 7 Jan 2003 10:57:37 -0500
What about the other option?
-Build a restore server
-boot into DS recovery mode
-do an authoritative restore of AD
Keep in mind that system state includes system specific
information, so
restoring the full system state would by design require the
same hardware.
On the other hand, restoring just AD doesn't require
identical hardware.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
-Original Message-
From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 10:23 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Osman,
Forget it, it will not work. See my cut/paste from the last
posting I did on this.
Microsoft even says that restoring AD from scratch is pretty
much impossible without similar hardware. It's not in a
document but PSS told me this.
Having move DC's around is the way to keep you network going.
Multiple physical sites is the way to go. Like I said read
the story below:
SNIP
After have been trough this myself in the last couple of
weeks and spending a large amount of hours on the phone with
MS PSS, this is what my conclusion is.
There are 2 ways to build a AD test environment.
First way:
-Do a system disk and system state backup.
-Take a machine that has the same hardware for your lab.
(Vendor, raid controller, disks, NIC's, video card, memory,
firmware levels) If any of the components are not the same it
will take you a lot of hours to find out why it does not work
and which component is not working. Even with something as
simple as the amount of CPU's.
-Do a system disk and system state restore according to MS
Active Directory Disaster Recovery document. (Authoritative
restore, restore 2 times, one to org location, one to
alternate location, ntdsutil. Reboot, wait for sysvol share,
copy sysvol data, etc. etc. etc.
Lot of work (many hours, but it can work, but like I said if
it is not exactly the same hardware forget it, only $245 with
PSS will get it to work.
Second way:
-Install the machine that will run your AD in your lab as a
DC in your production first. Let it sync up everything and
pull it of the wire. (30 minutes).
-Seize all the FSMO roles.
-Clean up the metadata Q216498 (delete all the servers that
are no longer in the AD and that will not be restored).
-Delete the servers that you are not going to restore out of
Sites and Services.
-Reboot
-Run DCDIAG / V C:\output.txt Then search this file for
any errors
-Check the eventlog for any errors.
I always thought that the first way was the preferred way to
do it, but after talking to a AD guru at PSS, I learned that
the preferred way is number two. Basically what he said is
that if you have more that 1 physical site in your company,
put a DC there for DR, if not, you better have identical HW
available when you need to do a DR, they cannot guarantee it
will work on completely different hardware.
Good luck!
Fred
SNIP
-Original Message-
From: osman filiz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 07, 2003 8:19 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
i have read this document and i apply the steps i repaired
the windows but
still there is blue screen...
From: Jimmy Andersson [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD restore to dissimilar hardware
Date: Tue, 7 Jan 2003 13:59:23 +0100
Disaster Recovery of Active Directory on Dissimilar Hardware:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263532;
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
www.qadvice.com
-Original
Re: [ActiveDir] Extend AD for Exchange
dn: cn=Object-GUID,CN=Schema,CN=Configuration,DC=dhs,DC=state,DC=nj,DC=us,DC=lab changetype: add objectclass: Attribute-Schema Access-Category: 1 Attribute-ID: 1.2.840.113556.1.2.618 Roger Seielstad wrote: Post the first 4 lines of your exschema.ldf file and let's see. The error looks pretty clear to me. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Extend AD for Exchange Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. begin:vcard n:Shukovsky;John tel;cell:609-226-7553 tel;work:609-292-5921 x-mozilla-html:FALSE org:NJ Department of Human Services;Network Operations adr:;; version:2.1 fn:John Shukovsky end:vcard
RE: [ActiveDir] Extend AD for Exchange
Doesn't seem to like Attribute-Schema. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 1:39 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Extend AD for Exchange dn: cn=Object-GUID,CN=Schema,CN=Configuration,DC=dhs,DC=state,DC=n j,DC=us,DC=lab changetype: add objectclass: Attribute-Schema Access-Category: 1 Attribute-ID: 1.2.840.113556.1.2.618 Roger Seielstad wrote: Post the first 4 lines of your exschema.ldf file and let's see. The error looks pretty clear to me. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Extend AD for Exchange Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Extend AD for Exchange
exschema.ldf ,, yes Salandra, Justin A. wrote: What is the file you are importing, it is saying that the error in on line 3? -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject:[ActiveDir] Extend AD for Exchange File: Card for John Shukovsky Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. begin:vcard n:Shukovsky;John tel;cell:609-226-7553 tel;work:609-292-5921 x-mozilla-html:FALSE org:NJ Department of Human Services;Network Operations adr:;; version:2.1 fn:John Shukovsky end:vcard
[ActiveDir] Replication Schedule
Hi, In a hub-spoke topology with preferred bridgehead servers, I have set inter-site replication of the four naming contexts (between 2 domains) to be NOT available during peak (local) logon times 8am - 10am. How can I confirm that it is the spoke that this is restricted at and not, in our case GMT + 1? Thanks in advance. _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Extend AD for Exchange
Try attributeSchema. Also make sure you are running this on the schema master and that schema updates are enabled. -gil -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:39 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Extend AD for Exchange dn: cn=Object-GUID,CN=Schema,CN=Configuration,DC=dhs,DC=state,DC=nj,DC=us,DC=lab changetype: add objectclass: Attribute-Schema Access-Category: 1 Attribute-ID: 1.2.840.113556.1.2.618 Roger Seielstad wrote: Post the first 4 lines of your exschema.ldf file and let's see. The error looks pretty clear to me. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: John Shukovsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Extend AD for Exchange Can any help with this error message? I am enterprise\schema admin, registry setting was made. I am following KB327757 C:\Schemaldifde -i -f exschema.ldf -s dhs-root-labdc1 Connecting to dhs-root-labdc1 Logging in as current user using SSPI Importing directory from file exschema.ldf Loading entries. Add error on line 3: No Such Attribute The server side error is The parameter is incorrect. 0 entries modified successfully. An error has occurred in the program This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail, including any attachments, may be intended solely for the personal and confidential use of the sender and recipient (s) named above. This message may include advisory, consultative and/or deliberative material and, as such, would be privileged and confidential and not a public document. Any Information in this e-mail identifying a client of the department of Human Services is confidential. If you have received this e-mail in error, you must not review, transmit, convert to hard copy, copy, use or disseminate this e-mail or any attachments to it and you must delete this message. You are requested to notify the sender by return e-mail. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] site replication, bridgehead server problem
While I don't have any hard evidence to back this up, my gut level response is that DC4 is contacting DC1 because of the FSMO roles - most likely the Infrastructure and RID masters (almost definitely the latter). I'd wager you're going to have to make the bridgehead in site 1 the FSMO holding box. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 3:27 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] site replication, bridgehead server problem Hi All! We have a single master domain spread over two sites. Site1 has 3 DCs (DC1, DC2, DC3). DC1 holds the FSMO roles. DC2 is a GC. Site2 has only 1 DC (DC4). It is also a GC. Because of the slow link between Site1 and Site2 and with firewalls on each end (what fun!), we are trying to assign Bridgehead servers on each site. With Site2 only having 1 DC, it (DC4) should automatically be the bridgehead server for that site. We have identified DC2 as the bridgehead server for Site1. Firewall logs indicate that DC4 still wants to communicate with DC1, along with DC2. In addition, replmon (on DC2), when asked to show bridgehead servers for the enterprise, shows the following: InboundOutbound DC4XX DC1X DC2 X Intrasite transport is IP. Bridge all site links has been unchecked on the Transport properties dialog box. All respective DCs have been rebooted. We really would like DC4 to communicate with DC2 only. Can anyone tell me what we're missing? I have come across Technet articles that talk about restricting RPC calls to a specific range of ports as a workaround for dynamic RPC regarding AD and FRS replication. Anyone have any experience with doing this? Also, with all the email going on about global catalog servers, I thought the rule was that you DIDN'T want to run a GC on an DC that holds the Infrastructure Master role. Any thoughts are appreciated! Thanks. Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD restore to dissimilar hardware
Hi Osman I had the same problem and I spent much time to solve. It's possible but difficult. You must read ALL you find with this search ATAPI, IDE, ULTRA-ATA, in technet. You find very information, not only in a site (sic.) where you can by directly (if you can boot in windows also if with problems) create a multi hardawre boot machine (Yes not every problems with different Hard disk engines ) or indirectly (recover console in the original o in clone with problems machine). I use this system from that time (one year) and so I have ONLY a prototype than by GHOST image autoinstall every machine from That machine. If you have a Domain Controller you will need to add time for the sync and re-align (very previous e-mail told it). Alternatively, www.sysinterals.com have several utilities (free and not) to operate by serail cable RS232 beetwen a functional machine and the machine doesn't functioning. They say also having tools for your situation but I don't know it. Bye _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] What's your group naming convention?
We're looking to establish a naming standard for local and global groups and I'm interested in any thoughts, suggestions, examples, etc. -- David List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] What's your group naming convention?
I like to name the groups based on the purpose of the group is... --Kevinm M, WLKMMAS, Exchange MVP, And Beyond -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Adner Sent: Tuesday, January 07, 2003 6:43 PM To: [EMAIL PROTECTED] We're looking to establish a naming standard for local and global groups and I'm interested in any thoughts, suggestions, examples, etc. -- David List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD restore to dissimilar hardware
Thanks... From: stefano tufillaro [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD restore to dissimilar hardware Date: Tue, 07 Jan 2003 21:38:01 + Hi Osman I had the same problem and I spent much time to solve. It's possible but difficult. You must read ALL you find with this search ATAPI, IDE, ULTRA-ATA, in technet. You find very information, not only in a site (sic.) where you can by directly (if you can boot in windows also if with problems) create a multi hardawre boot machine (Yes not every problems with different Hard disk engines ) or indirectly (recover console in the original o in clone with problems machine). I use this system from that time (one year) and so I have ONLY a prototype than by GHOST image autoinstall every machine from That machine. If you have a Domain Controller you will need to add time for the sync and re-align (very previous e-mail told it). Alternatively, www.sysinterals.com have several utilities (free and not) to operate by serail cable RS232 beetwen a functional machine and the machine doesn't functioning. They say also having tools for your situation but I don't know it. Bye _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lab
Title: Message Right - - but if you have more than one DC I recommend making one of the ones without FSMO roles the GC -Original Message- From: Van Donk, Fred [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab When you have one domain there is not really a need for multiple GC's. Every DC already has a full copy of the AD. GC's play a more important role when you have a forest with multiple domains in it. But there needs to be at least one GC in the forest. Even with one domain. Fred -Original Message- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Lab If you only have one DC in each site - -- yer pretty much tied to doing that. If you have the resources Id through a second DC in each site - - make that your GC. Jus my 2 cents -Original Message- From: Pelle, Joe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 8:17 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD Lab If we have one domain - but multiple sites - would it be a best practice to put a global catalog on the domain controller(s) at each site? KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;313994 Thanks! Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -Original Message- From: Rene Chakraborty [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD Lab Got to make that BDC a Global Catalog Server before you more it over. Sites and Services Rene - Original Message - From: Don Murawski (Lenox) To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:08 PM Subject: [ActiveDir] AD Lab Has anyone setup a AD Lab and had Global Catalog problems? I installed aBDCon the productionnetwork, disconnectit from the production and connected it to the lab network. Seize the FSMO roles. I'm able to join the domain but,I'm receivingUnable toestablishconnection with a GC. Any suggestion would be great. �
[ActiveDir] site replication, bridgehead server problem
Hi All! We have a single master domain spread over two sites. Site1 has 3 DCs (DC1, DC2, DC3). DC1 holds the FSMO roles. DC2 is a GC. Site2 has only 1 DC (DC4). It is also a GC. Because of the slow link between Site1 and Site2 and with firewalls on each end (what fun!), we are trying to assign Bridgehead servers on each site. With Site2 only having 1 DC, it (DC4) should automatically be the bridgehead server for that site. We have identified DC2 as the bridgehead server for Site1. Firewall logs indicate that DC4 still wants to communicate with DC1, along with DC2. In addition, replmon (on DC2), when asked to show bridgehead servers for the enterprise, shows the following: InboundOutbound DC4XX DC1X DC2 X Intrasite transport is IP. Bridge all site links has been unchecked on the Transport properties dialog box. All respective DCs have been rebooted. We really would like DC4 to communicate with DC2 only. Can anyone tell me what we're missing? I have come across Technet articles that talk about restricting RPC calls to a specific range of ports as a workaround for dynamic RPC regarding AD and FRS replication. Anyone have any experience with doing this? Also, with all the email going on about global catalog servers, I thought the rule was that you DIDN'T want to run a GC on an DC that holds the Infrastructure Master role. Any thoughts are appreciated! Thanks. Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
