[ActiveDir] Problem: Using JNDI to add new entries

[Rafael Torres]

Hi there,

I'm building and JAVA application, using JNDI to 
store and retrive objects in LDAP.
I'm using Active Directory as the LDAP server and 
have modified the schema to match my needs.

Has a test, I have created a new objectClass using 
MMC console and theActive Directory Schema snap-in. 
I called the new objectClass 'ee-teste' and set has 
it's mandatory attributes the attribute 'cn' and has it's optional atributes the 
'mail' attribute.

I have an organizationalUnit with the 
DN=OU=EExtender,DC=eextender,DC=pt and I'm trying to create a new entry of type 
'ee-teste', but keep getting a SchemaViolationException. 
If I try to create a standard Active Directory 
object, like 'locality', my code works fine. But with my object it 
crashes.
Can anyone help me. I'm stuck here and can't see 
the solution.

Thx.

Here's the code I'm using:


String jndiURL = "ldap://192.168.65.199:389/";String initialContextFactory = 
"com.sun.jndi.ldap.LdapCtxFactory";String authenticationMode = 
"simple";String contextReferral = 
"ignore";//String securityProtocol = 
"ssl";//String principal = "cn=Directory Manager, ou=EExtender, 
dc=eextender, dc=pt";String principal = "[EMAIL PROTECTED]";String credentials = 
"password";Hashtable env = new 
Hashtable();env.put(Context.INITIAL_CONTEXT_FACTORY, 
initialContextFactory);env.put(Context.PROVIDER_URL, 
jndiURL);env.put(Context.SECURITY_AUTHENTICATION, 
authenticationMode);env.put(Context.SECURITY_PRINCIPAL, 
principal);env.put(Context.SECURITY_CREDENTIALS, 
credentials);env.put(Context.REFERRAL, 
contextReferral);//env.put(Context.SECURITY_PROTOCOL, 
securityProtocol);//env.put("java.naming.ldap.factory.socket","javax.net.ssl.SSLSocketFactory");env.put("java.naming.ldap.version","3");

DirContext ctx = null;

try {ctx = new 
InitialDirContext(env);

BasicAttributes attrs = new 
BasicAttributes();

BasicAttribute ocs = new 
BasicAttribute("objectclass");ocs.add("ee-teste");attrs.put(ocs);

BasicAttribute cn = new 
BasicAttribute("cn", 
"abrek");attrs.put(cn);BasicAttribute 
mail = new BasicAttribute( "mail", "[EMAIL PROTECTED]" 
);attrs.put(mail);

ctx.createSubcontext("cn=abrek,OU=EExtender,DC=eextender,DC=pt", 
attrs);
ctx.close();} catch 
(NameAlreadyBoundException nex) {System.out.println("User 
ID is already in use, please select a different user ID ...");} 
catch (Exception ex) {System.out.println("Failed to create 
user account... Please verify the user 
information...");ex.printStackTrace();}


And the returned Exception:

javax.naming.directory.SchemaViolationException: 
[LDAP: error code 65 - 2099: UpdErr: DSID-03050BA2, problem 6002 
(OBJ_CLASS_VIOLATION), data 0


Rafael M. Torres ([EMAIL PROTECTED])-Infopulse 
PortugalPr. dos Poveiros, 56, 2º4000-393 Porto, PortugalTel: +351 
223 389 103Fax: +351 223 389 104ICQ: 86290812

RE: [ActiveDir] Authentication ?

[Craig Cerino]

Title: Message









If you run DCPROMO on them and make them a
DC they will.



Which youll have to do anyway  or
downgrade them to member servers 



-Original Message-
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Authentication ?





Considering switching to native mode
within a month.











Is there any different in
authentication methods in native mode than mixed?





Some reason their seems to be a
debate around my company about some applications may be affected?





It's my understanding that making
the switch to native mode means that 4.0 DC's will not longer be able to
replicate.





















Don L Murawski

Sr. Network Administrator - MCSE
4.0, 2000

WorldTravel BTI

1055 Lenox
  Park Blvd

Suite 420

Atlanta, GA 30319

Phone: (404) 923-9468

Fax: (404)
949-6710

Cell: (678)
549-1264

RE: [ActiveDir] Authentication ?

[EALES, Jack - FPIL]

Title: Message



switching to native mode means having NO more NT4.0 BDC's... that's when 
it becomes a Native domain - rather than mixed...

  
  -Original Message-From: Craig Cerino 
  [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 
  12:41To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Authentication ?
  
  If you run DCPROMO on 
  them and make them a DC they will.
  
  Which you'll have to 
  do anyway  or downgrade them to member servers 
  
  
  -Original 
  Message-From: Don 
  Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 7:16 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Authentication 
  ?
  
  
  Considering switching to native 
  mode within a month.
  
  
  
  Is there any different in 
  authentication methods in native mode than 
  mixed?
  
  Some reason their seems to be a 
  debate around my company about some applications may be 
  affected?
  
  It's my understanding that making 
  the switch to native mode means that 4.0 DC's will not longer be able to 
  replicate.
  
  
  
  
  
  
  Don L 
  Murawski
  Sr. Network Administrator - MCSE 
  4.0, 2000
  WorldTravel 
  BTI
  1055 Lenox 
  Park Blvd
  Suite 
  420
  Atlanta, 
  GA 
  30319
  Phone: (404) 
  923-9468
  Fax: (404) 
  949-6710
  Cell: 
  (678) 549-1264
  
  

RE: [ActiveDir] Authentication ?

[Craig Cerino]

Title: Message









Right - - but if he wants to keep what used to be his PDC and BDCs in the loop they will either
have to be made DCs by running DCPROM - - or get them out of the replication loop
by making them member servers or removing them from the domain



-Original Message-
From: EALES, Jack - FPIL
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Authentication ?





switching to native mode
means having NO more NT4.0 BDC's... that's when it becomes a Native domain -
rather than mixed...





-Original Message-
From: Craig Cerino
[mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Authentication ?

If you run DCPROMO on
them and make them a DC they will.



Which you'll have to do
anyway  or downgrade them to member servers 



-Original Message-
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Authentication ?





Considering switching to native mode
within a month.











Is there any different in authentication
methods in native mode than mixed?





Some reason their seems to be a
debate around my company about some applications may be affected?





It's my understanding that making
the switch to native mode means that 4.0 DC's will not longer be able to replicate.





















Don L Murawski

Sr. Network Administrator - MCSE
4.0, 2000

WorldTravel BTI

1055 Lenox
  Park Blvd

Suite 420

Atlanta, GA 30319

Phone: (404) 923-9468

Fax: (404)
949-6710

Cell: (678)
549-1264

RE: [ActiveDir] Justications to Migrate to Active Directory

[Andy David]

Theres a lot of room there for all of us.


-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:33 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory


Bruce is just riding on my coat tails

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] 
 Sent: Wednesday, January 15, 2003 4:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 I agree with Martin Tuip.
 
 Regards,
 /Jimmy
 --
 Jimmy Andersson, Q Advice AB
 Microsoft MVP - Active Directory
  www.qadvice.com 
 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
 Sent: Wednesday, January 15, 2003 9:18 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 
 I agree on that with you. Windows 2000 has been as stable as 
 a rock. So
 besides that and the retiring of the support it should be an easy one.
 
 
 
 Martin Tuip
 MVP Exchange
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, January 15, 2003 8:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 To date, I haven't found an instance where NT4 was more 
 stable than Win2k.
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: Jeremy Young [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 15, 2003 12:50 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  I don't know if this will be of any importance, but I have seen 
  several instances where windows 2000 is much more stable than NT4.  
  Case in point, I was working for a defense contractor and we had 5 
  mail servers(exch. 5.5) and they notoriously went down.  If we
  didn't reboot
  the servers once a week, they would go down.  We took one 
 of the lower
  tasked servers(500 users) and put it on windows 2000 and 
  didn't have to
  reboot it for a month and it was still running like a champ.
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of Roger 
  Seielstad
  Sent: Wednesday, January 15, 2003 11:10 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  Add to that the fact that Exchange 5.5 is end of support at the same
  time, and its pretty much a no brainer.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:46 AM
   To: [EMAIL PROTECTED]
   Subject: RE: [ActiveDir] Justications to Migrate to 
 Active Directory
   
   
   Cliff,
   
   I think that the link below says it all:
   
   
 http://microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp
   
   No more support for NT4 after the end of this year.
   
   -Original Message-
   From: Clifford Airhart [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:37 AM
   To: [EMAIL PROTECTED]
   Subject: [ActiveDir] Justications to Migrate to Active Directory
   
   
   I am currently compiling information and trying to find good 
   justifications to migrate our Windows NT base network to Active 
   Directory. We are a medium size company. We don't have any direct 
   requirements to implement AD, like we must upgrade to 
   Exchange2000(which requires AD). I can see a few benefits, but my 
   management wants to see quantified justifications. For 
 example, by 
   migrating to AD you can save 1 hour in setting up a new user with 
   RIS.
   
   Does anyone know I good website that would show time saved or
   something more concrete and specific than Microsoft's marketing 
   jargon?
   
   Has anyone gone through a similar experience with their company?
   
   I would appreciate your insights and advice!!!  Thanks!!!
   
   
   Cliff Airhart
   Answer Financial Inc.
   Senior Systems Administrator - Server Support / eBusiness 
   [EMAIL PROTECTED] 818.644.4225 We answer to you.
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
   http://www.mail-archive.com/activedir%40mail.activedir.org/
   
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   

RE: [ActiveDir] Authentication ?

[Roger Seielstad]

There are precious few change to a domain when it goes native mode, the most
important being that you can no longer have NT4 BDCs within that domain. It
doesn't mean you can't have them in other mixed mode domains, just not in
any Native Mode ones.

You can have as many NT4 member servers as you want, though.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 16, 2003 7:16 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] Authentication ?
 
 
 Considering switching to native mode within a month.
  
 Is there any different in authentication methods in native 
 mode than mixed?
 Some reason their seems to be a debate around my company 
 about some applications may be affected?
 It's my understanding that making the switch to native mode 
 means that 4.0 DC's will not longer be able to replicate.
  
  
  
 Don L Murawski
 Sr. Network Administrator - MCSE 4.0, 2000
 WorldTravel BTI
 1055 Lenox Park Blvd
 Suite 420
 Atlanta, GA 30319
 Phone: (404) 923-9468
 Fax: (404) 949-6710
 Cell: (678) 549-1264
  
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Justications to Migrate to Active Directory

[Craig Cerino]

Alrighty then 

-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 8:53 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory

I've known Roger for a few years now, so the answer is : Both g


-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 8:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory


Is that a stroke cause Roger is so intelligent  - - --  - - -or a crack
cause you think he's a big guy and wears a giant coat? :o)

-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 8:11 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory

Theres a lot of room there for all of us.


-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:33 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory


Bruce is just riding on my coat tails

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] 
 Sent: Wednesday, January 15, 2003 4:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 I agree with Martin Tuip.
 
 Regards,
 /Jimmy
 --
 Jimmy Andersson, Q Advice AB
 Microsoft MVP - Active Directory
  www.qadvice.com 
 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
 Sent: Wednesday, January 15, 2003 9:18 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 
 I agree on that with you. Windows 2000 has been as stable as 
 a rock. So
 besides that and the retiring of the support it should be an easy one.
 
 
 
 Martin Tuip
 MVP Exchange
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, January 15, 2003 8:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 To date, I haven't found an instance where NT4 was more 
 stable than Win2k.
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: Jeremy Young [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 15, 2003 12:50 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  I don't know if this will be of any importance, but I have seen 
  several instances where windows 2000 is much more stable than NT4.  
  Case in point, I was working for a defense contractor and we had 5 
  mail servers(exch. 5.5) and they notoriously went down.  If we
  didn't reboot
  the servers once a week, they would go down.  We took one 
 of the lower
  tasked servers(500 users) and put it on windows 2000 and 
  didn't have to
  reboot it for a month and it was still running like a champ.
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of Roger 
  Seielstad
  Sent: Wednesday, January 15, 2003 11:10 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  Add to that the fact that Exchange 5.5 is end of support at the same
  time, and its pretty much a no brainer.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:46 AM
   To: [EMAIL PROTECTED]
   Subject: RE: [ActiveDir] Justications to Migrate to 
 Active Directory
   
   
   Cliff,
   
   I think that the link below says it all:
   
   
 http://microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp
   
   No more support for NT4 after the end of this year.
   
   -Original Message-
   From: Clifford Airhart [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:37 AM
   To: [EMAIL PROTECTED]
   Subject: [ActiveDir] Justications to Migrate to Active Directory
   
   
   I am currently compiling information and trying to find good 
   justifications to migrate our Windows NT base network to Active 
   Directory. We are a medium size company. We don't have any direct 
   requirements to implement AD, like we must upgrade to 
   Exchange2000(which requires AD). I can see a few benefits, but my 
   management wants to see quantified justifications. For 
 example, by 
   migrating to AD you can save 1 

RE: [ActiveDir] Justications to Migrate to Active Directory

[Andy David]

I've known Roger for a few years now, so the answer is : Both g


-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 8:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory


Is that a stroke cause Roger is so intelligent  - - --  - - -or a crack
cause you think he's a big guy and wears a giant coat? :o)

-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 8:11 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory

Theres a lot of room there for all of us.


-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:33 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Justications to Migrate to Active Directory


Bruce is just riding on my coat tails

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] 
 Sent: Wednesday, January 15, 2003 4:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 I agree with Martin Tuip.
 
 Regards,
 /Jimmy
 --
 Jimmy Andersson, Q Advice AB
 Microsoft MVP - Active Directory
  www.qadvice.com 
 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
 Sent: Wednesday, January 15, 2003 9:18 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 
 I agree on that with you. Windows 2000 has been as stable as 
 a rock. So
 besides that and the retiring of the support it should be an easy one.
 
 
 
 Martin Tuip
 MVP Exchange
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On Behalf Of 
 Roger Seielstad
 Sent: Wednesday, January 15, 2003 8:21 PM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 To date, I haven't found an instance where NT4 was more 
 stable than Win2k.
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: Jeremy Young [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 15, 2003 12:50 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  I don't know if this will be of any importance, but I have seen 
  several instances where windows 2000 is much more stable than NT4.  
  Case in point, I was working for a defense contractor and we had 5 
  mail servers(exch. 5.5) and they notoriously went down.  If we
  didn't reboot
  the servers once a week, they would go down.  We took one 
 of the lower
  tasked servers(500 users) and put it on windows 2000 and 
  didn't have to
  reboot it for a month and it was still running like a champ.
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of Roger 
  Seielstad
  Sent: Wednesday, January 15, 2003 11:10 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  Add to that the fact that Exchange 5.5 is end of support at the same
  time, and its pretty much a no brainer.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:46 AM
   To: [EMAIL PROTECTED]
   Subject: RE: [ActiveDir] Justications to Migrate to 
 Active Directory
   
   
   Cliff,
   
   I think that the link below says it all:
   
   
 http://microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp
   
   No more support for NT4 after the end of this year.
   
   -Original Message-
   From: Clifford Airhart [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 11:37 AM
   To: [EMAIL PROTECTED]
   Subject: [ActiveDir] Justications to Migrate to Active Directory
   
   
   I am currently compiling information and trying to find good 
   justifications to migrate our Windows NT base network to Active 
   Directory. We are a medium size company. We don't have any direct 
   requirements to implement AD, like we must upgrade to 
   Exchange2000(which requires AD). I can see a few benefits, but my 
   management wants to see quantified justifications. For 
 example, by 
   migrating to AD you can save 1 hour in setting up a new user with 
   RIS.
   
   Does anyone know I good website that would show time saved or
   something more concrete and specific than Microsoft's marketing 
   jargon?
   
   Has anyone gone through a 

RE: [ActiveDir] Justications to Migrate to Active Directory

[Roger Seielstad]

All that work with Swiss-boy-ardee for that? That's the best you got?

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Andy David [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 16, 2003 8:11 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 Theres a lot of room there for all of us.
 
 
 -Original Message-
 From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 16, 2003 7:33 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
 
 
 Bruce is just riding on my coat tails
 
 --
 Roger D. Seielstad - MCSE
 Sr. Systems Administrator
 Inovis - Formerly Harbinger and Extricity
 Atlanta, GA
 
 
  -Original Message-
  From: Jimmy Andersson [mailto:[EMAIL PROTECTED]] 
  Sent: Wednesday, January 15, 2003 4:41 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  I agree with Martin Tuip.
  
  Regards,
  /Jimmy
  --
  Jimmy Andersson, Q Advice AB
  Microsoft MVP - Active Directory
   www.qadvice.com 
  
  
  
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of Martin Tuip
  Sent: Wednesday, January 15, 2003 9:18 PM
  To: [EMAIL PROTECTED]
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  
  I agree on that with you. Windows 2000 has been as stable as 
  a rock. So
  besides that and the retiring of the support it should be 
 an easy one.
  
  
  
  Martin Tuip
  MVP Exchange
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]] On Behalf Of 
  Roger Seielstad
  Sent: Wednesday, January 15, 2003 8:21 PM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] Justications to Migrate to Active Directory
  
  
  To date, I haven't found an instance where NT4 was more 
  stable than Win2k.
  
  --
  Roger D. Seielstad - MCSE
  Sr. Systems Administrator
  Inovis - Formerly Harbinger and Extricity
  Atlanta, GA
  
  
   -Original Message-
   From: Jeremy Young [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 12:50 PM
   To: [EMAIL PROTECTED]
   Subject: RE: [ActiveDir] Justications to Migrate to 
 Active Directory
   
   
   I don't know if this will be of any importance, but I have seen 
   several instances where windows 2000 is much more stable 
 than NT4.  
   Case in point, I was working for a defense contractor and 
 we had 5 
   mail servers(exch. 5.5) and they notoriously went down.  If we
   didn't reboot
   the servers once a week, they would go down.  We took one 
  of the lower
   tasked servers(500 users) and put it on windows 2000 and 
   didn't have to
   reboot it for a month and it was still running like a champ.
   
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED]] On Behalf Of Roger 
   Seielstad
   Sent: Wednesday, January 15, 2003 11:10 AM
   To: '[EMAIL PROTECTED]'
   Subject: RE: [ActiveDir] Justications to Migrate to 
 Active Directory
   
   
   Add to that the fact that Exchange 5.5 is end of support 
 at the same
   time, and its pretty much a no brainer.
   
   --
   Roger D. Seielstad - MCSE
   Sr. Systems Administrator
   Inovis - Formerly Harbinger and Extricity
   Atlanta, GA
   
   
-Original Message-
From: Van Donk, Fred [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 11:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Justications to Migrate to 
  Active Directory


Cliff,

I think that the link below says it all:


  http://microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp

No more support for NT4 after the end of this year.

-Original Message-
From: Clifford Airhart [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 11:37 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Justications to Migrate to Active Directory


I am currently compiling information and trying to find good 
justifications to migrate our Windows NT base network to Active 
Directory. We are a medium size company. We don't have 
 any direct 
requirements to implement AD, like we must upgrade to 
Exchange2000(which requires AD). I can see a few 
 benefits, but my 
management wants to see quantified justifications. For 
  example, by 
migrating to AD you can save 1 hour in setting up a new 
 user with 
RIS.

Does anyone know I good website that would show time saved or
something more concrete and specific than Microsoft's marketing 
jargon?

Has anyone gone 

RE: [ActiveDir] AD 2 AD Migration

[Abbiss, Mark]

Have a look at Fastlane Migrator...awesome but a bit pricey

Mark Abbiss

EADS Headquarters
81663 Muenchen
Deutschland
Phone : +49 (0)89 607-34776
Email:[EMAIL PROTECTED]


-Original Message-
From: Mulder, Joeri (NL - Amsterdam) [mailto:[EMAIL PROTECTED]]
Sent: Donnerstag, 16. Januar 2003 16:05
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD 2 AD Migration


Hello,
 
Does anyone have experience migrating users and groups from one forest to
another? Is ADMT v2.0 the best tool to do this?
 
Greets,
--Joeri--.+-wȆi0g-튺+Yb�mPi⁳0潳-튺+bᳲڪf.+-j!硶0j!墊or戠yثI⚊V+v*
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD 2 AD Migration

[Jimmy Andersson]

It's a great tool.
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt.asp
http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
 www.qadvice.com 




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Mulder, Joeri (NL - Amsterdam)
Sent: Thursday, January 16, 2003 4:05 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD 2 AD Migration


Hello,
 
Does anyone have experience migrating users and groups from one forest to another? Is 
ADMT v2.0 the best tool to do this?
 
Greets,
--Joeri--i .i jívҕ

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Authentication ?

[Kevin Gent]

Title: Message



The only way his NT 4 PDCs and BDCs are going to become DCs in 
a Win2K domain is to purchase W2K and upgrade them.

  - Original Message - 
  From: 
  Craig 
  Cerino 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, January 16, 2003 8:07 
  AM
  Subject: RE: [ActiveDir] Authentication 
  ?
  
  
  Right - - but if he 
  wants to keep what used to be 
  his PDC and BDC’s in the loop they will either have to be made DCs by running 
  DCPROM - - or get them out of the replication loop by making them member 
  servers or removing them from the domain
  
  -Original 
  Message-From: EALES, 
  Jack - FPIL [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 7:51 
  AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authentication 
  ?
  
  
  switching to native 
  mode means having NO more NT4.0 BDC's... that's when it becomes a Native 
  domain - rather than mixed...
  
-Original 
Message-From: Craig 
Cerino [mailto:[EMAIL PROTECTED]] Sent: 16 January 
2003 12:41To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Authentication 
?
If you 
run DCPROMO on them and make them a DC they 
will.

Which 
you'll have to do anyway  or downgrade them to member servers 


-Original 
Message-From: Don 
Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
2003 7:16 
AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Authentication 
?


Considering switching to native 
mode within a month.



Is there any different in 
authentication methods in native mode than 
mixed?

Some reason their seems to be a 
debate around my company about some applications may be 
affected?

It's my understanding that 
making the switch to native mode means that 4.0 DC's will not longer be able 
to replicate.






Don L 
Murawski
Sr. Network Administrator - MCSE 
4.0, 2000
WorldTravel 
BTI
1055 
Lenox Park Blvd
Suite 
420
Atlanta, 
GA 
30319
Phone: (404) 
923-9468
Fax: 
(404) 949-6710
Cell: 
(678) 549-1264

RE: [ActiveDir] Authentication ?

[Craig Cerino]

Title: Message









Unless I am reading his email wrong - - - 



He is considering going to NATIVE mode
which means one of two things:


 He already HAS Win2K Srv and a few 2k servers on the wire
 He is planning to purchase WIN2K Srv




In EITHER case
(which is just assumed since he is considering migrating) he would still have to RUN DCPROMO to upgrade the PDC and BDCs or make
them member servers or remove them from the domain.



Don  we havent heard form
you since you opened the thread - - please let us know what is the case so we
can stop bickering and help you.



Guys - -I am not trying to argue - -
unfortunately vocal inflection and tone just dont translate well via
email - - - my apologies if it appears as if Im yelling or picking a
fight.







-Original Message-
From: Kevin Gent
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir]
Authentication ?





The only way his NT 4 PDCs and BDCs are going to
become DCs in a Win2K domain is to purchase W2K and upgrade them.







- Original Message - 





From: Craig Cerino






To: [EMAIL PROTECTED]






Sent: Thursday, January 16, 2003 8:07 AM





Subject: RE:
[ActiveDir] Authentication ?









Right - - but if he wants
to keep what used to be his PDC and
BDCs in the loop they will either have to be made DCs by running DCPROM
- - or get them out of the replication loop by making them member servers or
removing them from the domain



-Original Message-
From: EALES, Jack - FPIL
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Authentication ?





switching
to native mode means having NO more NT4.0 BDC's... that's when it becomes a
Native domain - rather than mixed...





-Original Message-
From: Craig Cerino
[mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Authentication ?

If you
run DCPROMO on them and make them a DC they will.



Which
you'll have to do anyway  or downgrade them to member servers 



-Original Message-
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Authentication ?





Considering switching to native mode
within a month.











Is there any different in
authentication methods in native mode than mixed?





Some reason their seems to be a
debate around my company about some applications may be affected?





It's my understanding that making
the switch to native mode means that 4.0 DC's will not longer be able to
replicate.





















Don L Murawski

Sr. Network Administrator - MCSE
4.0, 2000

WorldTravel BTI

1055 Lenox
  Park Blvd

Suite 420

Atlanta, GA 30319

Phone: (404) 923-9468

Fax: (404)
949-6710

Cell: (678)
549-1264

RE: [ActiveDir] Authentication ?

[Don Murawski (Lenox)]

Title: Message



Let me 
clear upmy question!

I have 
NO 4.0 BDCs, AllWin2k DC's, but have a lot of legacy clients and 
applications.
Switching to native mode, I'm assuming should have NOT impact on these 
applications or systems.


  
  -Original Message-From: Craig Cerino 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 
  11:14 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Authentication ?
  
  Unless I am reading 
  his email wrong - - - 
  
  He is considering 
  going to NATIVE mode which means one of two 
  things:
  
He already HAS Win2K Srv and a 
few 2k servers on the wire 
He is planning to purchase WIN2K 
Srv 
  
  In 
  EITHER case (which is
  just assumed since he is considering migrating) he would still have 
  to RUN DCPROMO to upgrade the PDC and BDCs or make them member servers or 
  remove them from the domain.
  
  Don - we haven't 
  heard form you since you opened the thread - - please let us know what is the 
  case so we can stop bickering and help you.
  
  Guys - -I am not 
  trying to argue - - unfortunately vocal inflection and tone just don't 
  translate well via email - - - my apologies if it appears as if I'm yelling or 
  picking a fight.
  
  
  
  -Original 
  Message-From: Kevin Gent 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 11:13 
  AMTo: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] Authentication 
  ?
  
  
  The only way his NT 4 PDCs and BDCs are 
  going to become DCs in a Win2K domain is to purchase W2K and upgrade 
  them.
  

- Original Message - 


From: Craig 
Cerino 

To: [EMAIL PROTECTED] 


Sent: 
Thursday, January 16, 
2003 8:07 
AM

Subject: RE: 
[ActiveDir] Authentication ?


Right 
- - but if he wants to keep what used to 
be his PDC and BDC's in the loop they will either have to be made 
DCs by running DCPROM - - or get them out of the replication loop by making 
them member servers or removing them from the 
domain

-Original 
Message-From: EALES, 
Jack - FPIL [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
2003 7:51 
AMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authentication 
?


switching to native 
mode means having NO more NT4.0 BDC's... that's when it becomes a Native 
domain - rather than mixed...
-Original 
  Message-From: Craig 
  Cerino [mailto:[EMAIL PROTECTED]] Sent: 16 January 
  2003 12:41To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
  Authentication ?
  If 
  you run DCPROMO on them and make them a DC they 
  will.
  
  Which you'll have 
  to do anyway  or downgrade them to member servers 
  
  
  -Original 
  Message-From: Don 
  Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 7:16 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] Authentication 
  ?
  
  
  Considering 
  switching to native mode within a 
month.
  
  
  
  Is there any 
  different in authentication methods in native mode than 
  mixed?
  
  Some reason their 
  seems to be a debate around my company about some applications may be 
  affected?
  
  It's my 
  understanding that making the switch to native mode means that 4.0 DC's 
  will not longer be able to replicate.
  
  
  
  
  
  
  Don L 
  Murawski
  Sr. Network 
  Administrator - MCSE 4.0, 2000
  WorldTravel 
  BTI
  1055 
  Lenox Park Blvd
  Suite 
  420
  Atlanta, 
  GA 
  30319
  Phone: (404) 
  923-9468
  Fax: 
  (404) 949-6710
  Cell: 
  (678) 549-1264
  
  

RE: [ActiveDir] Authentication ?

[Tony Murray]

Correct - there should be no impact.

Tony

-- Original Message --
From: Don Murawski (Lenox) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 16 Jan 2003 11:29:23 -0500

Let me clear up my question!
 
I have NO 4.0 BDCs, All Win2k DC's,  but have a lot of legacy clients and
applications.
Switching to native mode, I'm assuming should have NOT impact on these
applications or systems.
 
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?


Unless I am reading his email wrong - - - 
 
He is considering going to NATIVE mode which means one of two things:
1.  He already HAS Win2K Srv and a few 2k servers on the wire 

2.  He is planning to purchase WIN2K Srv 
 
In EITHER case (which is just assumed since he is considering migrating) he
would still have to RUN DCPROMO to upgrade the PDC and BDCs or make them
member servers or remove them from the domain.
 
Don - we haven't heard form you since you opened the thread - - please let
us know what is the case so we can stop bickering and help you.
 
Guys - -I am not trying to argue - - unfortunately vocal inflection and tone
just don't translate well via email - - - my apologies if it appears as if
I'm yelling or picking a fight.
 
 
 
-Original Message-
From: Kevin Gent [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Authentication ?
 
The only way his NT 4 PDCs and BDCs are going to become DCs in a Win2K
domain is to purchase W2K and upgrade them.
- Original Message - 
From: Craig  mailto:[EMAIL PROTECTED] Cerino 
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  
Sent: Thursday, January 16, 2003 8:07 AM
Subject: RE: [ActiveDir] Authentication ?
 
Right - - but if he wants to keep what used to be his PDC and BDC's in the
loop they will either have to be made DCs by running DCPROM - - or get them
out of the replication loop by making them member servers or removing them
from the domain
 
-Original Message-
From: EALES, Jack - FPIL [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Authentication ?
 
switching to native mode means having NO more NT4.0 BDC's... that's when it
becomes a Native domain - rather than mixed...
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?
If you run DCPROMO on them and make them a DC they will.
 
Which you'll have to do anyway  or downgrade them to member servers 
 
-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Authentication ?
 
Considering switching to native mode within a month.
 
Is there any different in authentication methods in native mode than mixed?
Some reason their seems to be a debate around my company about some
applications may be affected?
It's my understanding that making the switch to native mode means that 4.0
DC's will not longer be able to replicate.
 
 
 
Don L Murawski
Sr. Network Administrator - MCSE 4.0, 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax: (404) 949-6710
Cell: (678) 549-1264
 



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Authentication ?

[Fugleberg, David A]

Title: Message



We had 
no issues when we went native...similar situation: Single domain, lots of NT4 
clients and member servers, as well as W2K clients and member servers. A 
month or so afterthe last of the NT4 BDCs was removed, we made the switch 
with no complaints. This domain had been upgraded from NT4 back in 2000, 
so there's all kinds of old stuff on it. YMMV if your old stuff is not 
similar to our old stuff, but that was our experience.
Dave

  -Original Message-From: Don Murawski (Lenox) 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 
  2003 10:29 AMTo: '[EMAIL PROTECTED]'Subject: 
  RE: [ActiveDir] Authentication ?
  Let 
  me clear upmy question!
  
  I 
  have NO 4.0 BDCs, AllWin2k DC's, but have a lot of legacy clients 
  and applications.
  Switching to native mode, I'm assuming should have NOT impact on these 
  applications or systems.
  
  

-Original Message-From: Craig Cerino 
[mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 
11:14 AMTo: [EMAIL PROTECTED]Subject: RE: 
[ActiveDir] Authentication ?

Unless I am reading 
his email wrong - - - 

He is considering 
going to NATIVE mode which means one of two 
things:

  He already HAS Win2K Srv and a 
  few 2k servers on the wire 
  He is planning to purchase 
  WIN2K Srv 

In 
EITHER case (which is 
just assumed since he is considering migrating) he would still 
have to RUN DCPROMO to upgrade the PDC and BDCs or make them member servers 
or remove them from the domain.

Don - we haven't 
heard form you since you opened the thread - - please let us know what is 
the case so we can stop bickering and help you.

Guys - -I am not 
trying to argue - - unfortunately vocal inflection and tone just don't 
translate well via email - - - my apologies if it appears as if I'm yelling 
or picking a fight.



-Original 
Message-From: Kevin 
Gent [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
2003 11:13 
AMTo: 
[EMAIL PROTECTED]Subject: Re: [ActiveDir] Authentication 
?


The only way his NT 4 PDCs and BDCs are 
going to become DCs in a Win2K domain is to purchase W2K and upgrade 
them.

  
  - Original 
  Message - 
  
  From: Craig 
  Cerino 
  
  To: [EMAIL PROTECTED] 
  
  
  Sent: 
  Thursday, January 16, 
  2003 8:07 
  AM
  
  Subject: RE: 
  [ActiveDir] Authentication ?
  
  
  Right - - but if 
  he wants to keep what used to 
  be his PDC and BDC's in the loop they will either have to be 
  made DCs by running DCPROM - - or get them out of the replication loop by 
  making them member servers or removing them from the 
  domain
  
  -Original 
  Message-From: EALES, 
  Jack - FPIL [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 7:51 
  AMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] 
  Authentication ?
  
  
  switching to 
  native mode means having NO more NT4.0 BDC's... that's when it becomes a 
  Native domain - rather than mixed...
  
-Original 
Message-From: 
Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: 16 January 
2003 12:41To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] 
Authentication ?
If 
you run DCPROMO on them and make them a DC they 
will.

Which you'll 
have to do anyway  or downgrade them to member servers 


-Original 
Message-From: Don 
Murawski (Lenox) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
2003 7:16 
AMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Authentication 
?


Considering 
switching to native mode within a 
month.



Is there any 
different in authentication methods in native mode than 
mixed?

Some reason 
their seems to be a debate around my company about some applications may 
be affected?

It's my 
understanding that making the switch to native mode means that 4.0 DC's 
will not longer be able to replicate.






Don L 
Murawski
Sr. Network 
Administrator - MCSE 4.0, 2000
WorldTravel 
BTI
1055 
Lenox Park Blvd
Suite 
420
Atlanta, 
GA 
30319
Phone: (404) 
923-9468
Fax: 
(404) 949-6710
Cell: 
(678) 549-1264

RE: [ActiveDir] Authentication ?

[Craig Cerino]

I agree

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?

Correct - there should be no impact.

Tony

-- Original Message --
From: Don Murawski (Lenox) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 16 Jan 2003 11:29:23 -0500

Let me clear up my question!
 
I have NO 4.0 BDCs, All Win2k DC's,  but have a lot of legacy clients
and
applications.
Switching to native mode, I'm assuming should have NOT impact on these
applications or systems.
 
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?


Unless I am reading his email wrong - - - 
 
He is considering going to NATIVE mode which means one of two things:
1.  He already HAS Win2K Srv and a few 2k servers on the wire 

2.  He is planning to purchase WIN2K Srv 
 
In EITHER case (which is just assumed since he is considering migrating)
he
would still have to RUN DCPROMO to upgrade the PDC and BDCs or make them
member servers or remove them from the domain.
 
Don - we haven't heard form you since you opened the thread - - please
let
us know what is the case so we can stop bickering and help you.
 
Guys - -I am not trying to argue - - unfortunately vocal inflection and
tone
just don't translate well via email - - - my apologies if it appears as
if
I'm yelling or picking a fight.
 
 
 
-Original Message-
From: Kevin Gent [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Authentication ?
 
The only way his NT 4 PDCs and BDCs are going to become DCs in a Win2K
domain is to purchase W2K and upgrade them.
- Original Message - 
From: Craig  mailto:[EMAIL PROTECTED] Cerino 
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  
Sent: Thursday, January 16, 2003 8:07 AM
Subject: RE: [ActiveDir] Authentication ?
 
Right - - but if he wants to keep what used to be his PDC and BDC's in
the
loop they will either have to be made DCs by running DCPROM - - or get
them
out of the replication loop by making them member servers or removing
them
from the domain
 
-Original Message-
From: EALES, Jack - FPIL [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Authentication ?
 
switching to native mode means having NO more NT4.0 BDC's... that's when
it
becomes a Native domain - rather than mixed...
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?
If you run DCPROMO on them and make them a DC they will.
 
Which you'll have to do anyway  or downgrade them to member servers 
 
-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Authentication ?
 
Considering switching to native mode within a month.
 
Is there any different in authentication methods in native mode than
mixed?
Some reason their seems to be a debate around my company about some
applications may be affected?
It's my understanding that making the switch to native mode means that
4.0
DC's will not longer be able to replicate.
 
 
 
Don L Murawski
Sr. Network Administrator - MCSE 4.0, 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax: (404) 949-6710
Cell: (678) 549-1264
 



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Authentication ?

[Craig Cerino]

Title: Message









As long as all DCs
on the wire are 2k ---by definition - - -youll
be ok



-Original Message-
From: Fugleberg, David A
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:54 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Authentication ?





We had no issues when we
went native...similar situation: Single domain, lots of NT4 clients and member
servers, as well as W2K clients and member servers. A month or so
afterthe last of the NT4 BDCs was removed, we made the switch with no
complaints. This domain had been upgraded from NT4 back in 2000, so
there's all kinds of old stuff on it. YMMV if your old stuff is not
similar to our old stuff, but that was our experience.





Dave





-Original Message-
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 10:29 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Authentication ?



Let me clear upmy
question!











I have NO 4.0 BDCs,
AllWin2k DC's, but have a lot of legacy clients and applications.





Switching to native mode,
I'm assuming should have NOT impact on these applications or systems.











-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]]

Sent: Thursday, January 16, 2003 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Authentication ?

Unless I am reading his
email wrong - - - 



He is considering going
to NATIVE mode which means one of two things:

1. He already HAS Win2K Srv and a few 2k servers on the wire 

2. He is planning to purchase WIN2K Srv 



In EITHER case
(which is just assumed since he is considering migrating) he would still have to RUN DCPROMO to upgrade the PDC and BDCs or
make them member servers or remove them from the domain.



Don - we haven't heard
form you since you opened the thread - - please let us know what is the case so
we can stop bickering and help you.



Guys - -I am not trying
to argue - - unfortunately vocal inflection and tone just don't translate well
via email - - - my apologies if it appears as if I'm yelling or picking a
fight.







-Original Message-
From: Kevin Gent
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir]
Authentication ?





The only way his NT 4 PDCs and BDCs are going to
become DCs in a Win2K domain is to purchase W2K and upgrade them.







- Original Message - 





From: Craig Cerino 





To: [EMAIL PROTECTED]






Sent: Thursday, January 16, 2003 8:07 AM





Subject: RE:
[ActiveDir] Authentication ?









Right -
- but if he wants to keep what used to be his
PDC and BDC's in the loop they will either have to be made DCs by running
DCPROM - - or get them out of the replication loop by making them member
servers or removing them from the domain



-Original Message-
From: EALES, Jack - FPIL
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir]
Authentication ?





switching
to native mode means having NO more NT4.0 BDC's... that's when it becomes a
Native domain - rather than mixed...





-Original Message-
From: Craig Cerino
[mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication
?

If you
run DCPROMO on them and make them a DC they will.



Which
you'll have to do anyway  or downgrade them to member servers 



-Original Message-
From: Don Murawski (Lenox)
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir]
Authentication ?





Considering switching to native mode
within a month.











Is there any different in
authentication methods in native mode than mixed?





Some reason their seems to be a
debate around my company about some applications may be affected?





It's my understanding that making
the switch to native mode means that 4.0 DC's will not longer be able to
replicate.





















Don L Murawski

Sr. Network Administrator - MCSE
4.0, 2000

WorldTravel BTI

1055 Lenox
  Park Blvd

Suite 420

Atlanta, GA 30319

Phone: (404) 923-9468

Fax: (404)
949-6710

Cell: (678)
549-1264

[ActiveDir] ISA Server/Security

[Travis Riddle]

Hello,



I was wondering if anyone has read or looked at ISA Server
and Beyond: Real World Security Solutions for Microsoft Enterprise Networks by Tom
Shinder and had comments about the book, or maybe recommendations for other ISA
books that are worth purchasing.



I am also interested books and/or mailing lists concerning
network security in general if anyone has suggestions there.



Thank you,



Travis

RE: [ActiveDir] Authentication ?

[Crenshaw, Jason]

Tony is correct; there is no impact on legacy clients and applications.  If
you are all W2K DC's now, you are using the same existing authentication
mechanism you will be using in native mode.  

Most gained benefit - Universal Groups
Newsworthy Side note - no down-level NT 4.0 DC's

Jason

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 9:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?

Correct - there should be no impact.

Tony

-- Original Message --
From: Don Murawski (Lenox) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 16 Jan 2003 11:29:23 -0500

Let me clear up my question!
 
I have NO 4.0 BDCs, All Win2k DC's,  but have a lot of legacy clients and
applications.
Switching to native mode, I'm assuming should have NOT impact on these
applications or systems.
 
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?


Unless I am reading his email wrong - - - 
 
He is considering going to NATIVE mode which means one of two things:
1.  He already HAS Win2K Srv and a few 2k servers on the wire 

2.  He is planning to purchase WIN2K Srv 
 
In EITHER case (which is just assumed since he is considering migrating) he
would still have to RUN DCPROMO to upgrade the PDC and BDCs or make them
member servers or remove them from the domain.
 
Don - we haven't heard form you since you opened the thread - - please let
us know what is the case so we can stop bickering and help you.
 
Guys - -I am not trying to argue - - unfortunately vocal inflection and tone
just don't translate well via email - - - my apologies if it appears as if
I'm yelling or picking a fight.
 
 
 
-Original Message-
From: Kevin Gent [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Authentication ?
 
The only way his NT 4 PDCs and BDCs are going to become DCs in a Win2K
domain is to purchase W2K and upgrade them.
- Original Message - 
From: Craig  mailto:[EMAIL PROTECTED] Cerino 
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  
Sent: Thursday, January 16, 2003 8:07 AM
Subject: RE: [ActiveDir] Authentication ?
 
Right - - but if he wants to keep what used to be his PDC and BDC's in the
loop they will either have to be made DCs by running DCPROM - - or get them
out of the replication loop by making them member servers or removing them
from the domain
 
-Original Message-
From: EALES, Jack - FPIL [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Authentication ?
 
switching to native mode means having NO more NT4.0 BDC's... that's when it
becomes a Native domain - rather than mixed...
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?
If you run DCPROMO on them and make them a DC they will.
 
Which you'll have to do anyway  or downgrade them to member servers 
 
-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Authentication ?
 
Considering switching to native mode within a month.
 
Is there any different in authentication methods in native mode than mixed?
Some reason their seems to be a debate around my company about some
applications may be affected?
It's my understanding that making the switch to native mode means that 4.0
DC's will not longer be able to replicate.
 
 
 
Don L Murawski
Sr. Network Administrator - MCSE 4.0, 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax: (404) 949-6710
Cell: (678) 549-1264
 



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Problem: Using JNDI to add new entries

[Gil Kirkpatrick]

Title: Message



Rafael,

If you 
could post the complete schema definition for your new class it would help. Some 
things to look at:

If 
your new class is derived from something other than "top", there may be 
additional mandatory attributes.

What 
did you define for "possSuperiors" and "systemPossSuperiors" for your new class? 
These define what class of container you may create your new objects 
in.

-gil

  
  -Original Message-From: Rafael Torres 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 5:33 AMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Problem: Using JNDI to add new entries 
  Hi there,
  
  I'm building and JAVA application, using JNDI to 
  store and retrive objects in LDAP.
  I'm using Active Directory as the LDAP server and 
  have modified the schema to match my needs.
  
  Has a test, I have created a new objectClass 
  using MMC console and theActive Directory Schema snap-in. 
  I called the new objectClass 'ee-teste' and set 
  has it's mandatory attributes the attribute 'cn' and has it's optional 
  atributes the 'mail' attribute.
  
  I have an organizationalUnit with the 
  DN=OU=EExtender,DC=eextender,DC=pt and I'm trying to create a new entry of 
  type 'ee-teste', but keep getting a SchemaViolationException. 
  If I try to create a standard Active Directory 
  object, like 'locality', my code works fine. But with my object it 
  crashes.
  Can anyone help me. I'm stuck here and can't see 
  the solution.
  
  Thx.
  
  Here's the code I'm using:
  
  
  String jndiURL = "ldap://192.168.65.199:389/";String initialContextFactory = 
  "com.sun.jndi.ldap.LdapCtxFactory";String authenticationMode = 
  "simple";String contextReferral = 
  "ignore";//String securityProtocol = 
  "ssl";//String principal = "cn=Directory Manager, 
  ou=EExtender, dc=eextender, dc=pt";String principal = 
  "[EMAIL PROTECTED]";String credentials = 
  "password";Hashtable env = new 
  Hashtable();env.put(Context.INITIAL_CONTEXT_FACTORY, 
  initialContextFactory);env.put(Context.PROVIDER_URL, 
  jndiURL);env.put(Context.SECURITY_AUTHENTICATION, 
  authenticationMode);env.put(Context.SECURITY_PRINCIPAL, 
  principal);env.put(Context.SECURITY_CREDENTIALS, 
  credentials);env.put(Context.REFERRAL, 
  contextReferral);//env.put(Context.SECURITY_PROTOCOL, 
  securityProtocol);//env.put("java.naming.ldap.factory.socket","javax.net.ssl.SSLSocketFactory");env.put("java.naming.ldap.version","3");
  
  DirContext ctx = null;
  
  try {ctx = new 
  InitialDirContext(env);
  
  BasicAttributes attrs = new 
  BasicAttributes();
  
  BasicAttribute ocs = new 
  BasicAttribute("objectclass");ocs.add("ee-teste");attrs.put(ocs);
  
  BasicAttribute cn = new 
  BasicAttribute("cn", 
  "abrek");attrs.put(cn);BasicAttribute 
  mail = new BasicAttribute( "mail", "[EMAIL PROTECTED]" 
  );attrs.put(mail);
  
  ctx.createSubcontext("cn=abrek,OU=EExtender,DC=eextender,DC=pt", 
  attrs);
  ctx.close();} catch 
  (NameAlreadyBoundException nex) 
  {System.out.println("User ID is already in use, please 
  select a different user ID ...");} catch (Exception ex) 
  {System.out.println("Failed to create user account... 
  Please verify the user 
  information...");ex.printStackTrace();}
  
  
  And the returned Exception:
  
  javax.naming.directory.SchemaViolationException: 
  [LDAP: error code 65 - 2099: UpdErr: DSID-03050BA2, problem 6002 
  (OBJ_CLASS_VIOLATION), data 0
  
  
  Rafael M. Torres ([EMAIL PROTECTED])-Infopulse 
  PortugalPr. dos Poveiros, 56, 2º4000-393 Porto, PortugalTel: +351 
  223 389 103Fax: +351 223 389 104ICQ: 
86290812

RE: [ActiveDir] AD 2 AD Migration

[Debbie Ellis]

Try DMA from Net IQ  Really good

http://www.netiq.com/products/migrate/default.asp



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mulder, Joeri (NL -
Amsterdam)
Sent: Thursday, January 16, 2003 10:05 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD 2 AD Migration



Hello,

 

Does anyone have experience migrating users and groups from one forest
to another? Is ADMT v2.0 the best tool to do this?

 

Greets,

--Joeri--i .i jívҕ

RE: [ActiveDir] Problem: Using JNDI to add new entries

[Fugleberg, David A]

I'm 
not a JNDI expert, but here's a thought...are you able to create an entry of 
your new objectclass via any other means ? For example, can you 
successfully create one by making an LDIF file and importing it with LDIFDE or 
ldapmodify ? If so, then at least you know your schema definitions are OK 
and you can concentrate on your code. If not, you'll have to look harder 
at your definition to make sure, for example, that that it's OK to put an object 
of that type into that OU, etc. If you've already tried all that, then 
nevermind.

Dave

  -Original Message-From: Rafael Torres 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 2003 
  6:33 AMTo: [EMAIL PROTECTED]Subject: 
  [ActiveDir] Problem: Using JNDI to add new entries 
  Hi there,
  
  I'm building and JAVA application, using JNDI to 
  store and retrive objects in LDAP.
  I'm using Active Directory as the LDAP server and 
  have modified the schema to match my needs.
  
  Has a test, I have created a new objectClass 
  using MMC console and theActive Directory Schema snap-in. 
  I called the new objectClass 'ee-teste' and set 
  has it's mandatory attributes the attribute 'cn' and has it's optional 
  atributes the 'mail' attribute.
  
  I have an organizationalUnit with the 
  DN=OU=EExtender,DC=eextender,DC=pt and I'm trying to create a new entry of 
  type 'ee-teste', but keep getting a SchemaViolationException. 
  If I try to create a standard Active Directory 
  object, like 'locality', my code works fine. But with my object it 
  crashes.
  Can anyone help me. I'm stuck here and can't see 
  the solution.
  
  Thx.
  
  Here's the code I'm using:
  
  
  String jndiURL = "ldap://192.168.65.199:389/";String initialContextFactory = 
  "com.sun.jndi.ldap.LdapCtxFactory";String authenticationMode = 
  "simple";String contextReferral = 
  "ignore";//String securityProtocol = 
  "ssl";//String principal = "cn=Directory Manager, 
  ou=EExtender, dc=eextender, dc=pt";String principal = 
  "[EMAIL PROTECTED]";String credentials = 
  "password";Hashtable env = new 
  Hashtable();env.put(Context.INITIAL_CONTEXT_FACTORY, 
  initialContextFactory);env.put(Context.PROVIDER_URL, 
  jndiURL);env.put(Context.SECURITY_AUTHENTICATION, 
  authenticationMode);env.put(Context.SECURITY_PRINCIPAL, 
  principal);env.put(Context.SECURITY_CREDENTIALS, 
  credentials);env.put(Context.REFERRAL, 
  contextReferral);//env.put(Context.SECURITY_PROTOCOL, 
  securityProtocol);//env.put("java.naming.ldap.factory.socket","javax.net.ssl.SSLSocketFactory");env.put("java.naming.ldap.version","3");
  
  DirContext ctx = null;
  
  try {ctx = new 
  InitialDirContext(env);
  
  BasicAttributes attrs = new 
  BasicAttributes();
  
  BasicAttribute ocs = new 
  BasicAttribute("objectclass");ocs.add("ee-teste");attrs.put(ocs);
  
  BasicAttribute cn = new 
  BasicAttribute("cn", 
  "abrek");attrs.put(cn);BasicAttribute 
  mail = new BasicAttribute( "mail", "[EMAIL PROTECTED]" 
  );attrs.put(mail);
  
  ctx.createSubcontext("cn=abrek,OU=EExtender,DC=eextender,DC=pt", 
  attrs);
  ctx.close();} catch 
  (NameAlreadyBoundException nex) 
  {System.out.println("User ID is already in use, please 
  select a different user ID ...");} catch (Exception ex) 
  {System.out.println("Failed to create user account... 
  Please verify the user 
  information...");ex.printStackTrace();}
  
  
  And the returned Exception:
  
  javax.naming.directory.SchemaViolationException: 
  [LDAP: error code 65 - 2099: UpdErr: DSID-03050BA2, problem 6002 
  (OBJ_CLASS_VIOLATION), data 0
  
  
  Rafael M. Torres ([EMAIL PROTECTED])-Infopulse 
  PortugalPr. dos Poveiros, 56, 2º4000-393 Porto, PortugalTel: +351 
  223 389 103Fax: +351 223 389 104ICQ: 
86290812

[ActiveDir] LDAP

[daviss]

I apologize if this is received twice.
Scenario:
AS400 system with username restriction of 10 characters. Considering
installing a card with W2k AD installed. Specifically we will be running
Windows 2K server on an Integrated xSeries server. This will allow us to
enroll existing AS400 users  groups on a W2k server. This allows us one
point for administration of both AS400 and W2k set of users.
We currently have a domain controller, or W2k w/AD installation. We did not
restrict the usernames to 10 characters on this system. Other systems that
will be authenticating their usernames against it are also not limited to
10 characters. Our goal is single sign on. We would like to have the users
on the AS400/W2K system to authenticate or replicate to our current W2k AD
installation. The problem is the limitation of usernames. My question is,
is there anyway around having to change all the usernames on the other
systems to match the 10 character limitation? Can I have the usernames on
the AS400 W2K installation link to the current W2k server? I thought with
LDAP you could have numerous names linked to one. If so, how can I do this?
Your help is greatly appreciated.
*
Sincerely,
Stacey Davis
Wan Technician
Network Services Department
Anderson News Company
Phone (865) 584-9765 ext. 1566
Email [EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ISA Server/Security

[Jim Busick]

Sunbelt hosts a Windows security list and a Windows firewall 
list.

http://lyris.sunbelt-software.com/scripts/lyris.pl?site=www.ntsoftdist.comid=201224565

  -Original Message-From: Travis Riddle 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 2003 9:01 
  AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
  ISA Server/Security
  
  Hello,
  
  I was wondering if anyone has read 
  or looked at ISA Server and Beyond: Real World Security Solutions for 
  Microsoft Enterprise Networks by Tom Shinder and had comments about the book, 
  or maybe recommendations for other ISA books that are worth 
  purchasing.
  
  I am also interested books and/or 
  mailing lists concerning network security in general if anyone has suggestions 
  there.
  
  Thank you,
  
  Travis

RE: [ActiveDir] Authentication ?

[Ayers, Diane]

Title: Message



Ditto for us. Heavily mixed environment (~20K users) with no impact 
from going native. Go for it :-)

Diane

  -Original Message-From: Fugleberg, David A 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 2003 
  8:54 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Authentication ?
  We 
  had no issues when we went native...similar situation: Single domain, lots of 
  NT4 clients and member servers, as well as W2K clients and member 
  servers. A month or so afterthe last of the NT4 BDCs was removed, 
  we made the switch with no complaints. This domain had been upgraded 
  from NT4 back in 2000, so there's all kinds of old stuff on it. YMMV if 
  your old stuff is not similar to our old stuff, but that was our 
  experience.
  Dave
  
-Original Message-From: Don Murawski (Lenox) 
[mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 
2003 10:29 AMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] 
Authentication ?
Let me clear upmy question!

I 
have NO 4.0 BDCs, AllWin2k DC's, but have a lot of legacy 
clients and applications.
Switching to native mode, I'm assuming should have NOT impact on 
these applications or systems.


  
  -Original Message-From: Craig Cerino 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 
  11:14 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Authentication ?
  
  Unless I am 
  reading his email wrong - - - 
  
  He is considering 
  going to NATIVE mode which means one of two 
  things:
  
He already HAS Win2K Srv and 
a few 2k servers on the wire 
He is planning to purchase 
WIN2K Srv 
  
  In 
  EITHER case (which 
  is just assumed since he is considering migrating) he would still 
  have to RUN DCPROMO to upgrade the PDC and BDCs or make them member 
  servers or remove them from the domain.
  
  Don - we haven't 
  heard form you since you opened the thread - - please let us know what is 
  the case so we can stop bickering and help 
  you.
  
  Guys - -I am not 
  trying to argue - - unfortunately vocal inflection and tone just don't 
  translate well via email - - - my apologies if it appears as if I'm 
  yelling or picking a fight.
  
  
  
  -Original 
  Message-From: Kevin 
  Gent [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
  2003 11:13 
  AMTo: 
  [EMAIL PROTECTED]Subject: Re: [ActiveDir] 
  Authentication ?
  
  
  The only way his NT 4 PDCs and BDCs 
  are going to become DCs in a Win2K domain is to purchase W2K and upgrade 
  them.
  

- Original 
Message - 

From: Craig 
Cerino 

To: [EMAIL PROTECTED] 


Sent: 
Thursday, January 16, 
2003 8:07 
AM

Subject: RE: 
[ActiveDir] Authentication ?


Right - - but 
if he wants to keep what used to 
be his PDC and BDC's in the loop they will either have to be 
made DCs by running DCPROM - - or get them out of the replication loop 
by making them member servers or removing them from the 
domain

-Original 
Message-From: 
EALES, Jack - FPIL [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 
2003 7:51 
AMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] 
Authentication ?


switching to 
native mode means having NO more NT4.0 BDC's... that's when it becomes a 
Native domain - rather than mixed...

  -Original 
  Message-From: 
  Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: 16 January 
  2003 12:41To: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
  Authentication ?
  If you run 
  DCPROMO on them and make them a DC they 
  will.
  
  Which you'll 
  have to do anyway  or downgrade them to member servers 
  
  
  -Original 
  Message-From: 
  Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
  Sent: 
  Thursday, January 16, 
  2003 7:16 
  AMTo: 
  [EMAIL PROTECTED]Subject: [ActiveDir] 
  Authentication ?
  
  
  Considering 
  switching to native mode within a 
  month.
  
  
  
  Is there any 
  different in authentication methods in native mode than 
  mixed?
  
  Some reason 
  their seems to be a debate around my company about some applications 
  may be affected?
  
  It's my 
  understanding that 

[ActiveDir] LDAP messy situation

[daviss]

I posted a request for help last week, but have more information today...
Scenario:
An AS400 system, which holds user profiles limited to 10 character
usernames. This system will have a card installed with W2k server
installed. Specifically, we will be running a Windows server on an
integrated xSeries server which will allow us to enroll existing AS400
users and groups on a Windows server. This should allow for a single point
of administration for both AS400 and Windows users. From what I understand,
the AS400 will propagate the W2k server that exists on the box with
username and passwords. These users will have the same username and
password limitations as on the AS400.

We also have a AD server used for domain authentication. This server has
the same users only is used in the windows environment. When we setup
this server, we set it up with out limiting the usernames. We didn't
foresee this possible problem.  Our goal is to move towards single sign on.
We have certain applications using this system for authentication
currently, none of which are restricted by username limits.

Has anyone done this before?
Can you make the W2k server on the AS400 system, a child of the current
domain controller? If so, can you link the limited usernames to the
unlimited usernames on the existing W2k server through AD LDAP? Or will I
need to change each username on each system to match the restricted
usernames?
I guess, is there any way around changing all the usernames? The goal is
for all users to exist on one server for a single point of administration,
and to achieve single sign on.  To change usernames on all the systems
involved could be a huge problem.
Your help is greatly appreciated.
*
Sincerely,
Stacey Davis
Wan Technician
Network Services Department
Anderson News Company
Phone (865) 584-9765 ext. 1566
Email [EMAIL PROTECTED]


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP

[Roger Seielstad]

You asked this a week ago - the answer hasn't really changed.

Either change the user names in AD to be 10 or less characters, or open up
the checkbook and buy an SSO product that will handle it for you.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 16, 2003 1:04 PM
 To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
 Subject: [ActiveDir] LDAP
 
 
 I apologize if this is received twice.
 Scenario:
 AS400 system with username restriction of 10 characters. Considering
 installing a card with W2k AD installed. Specifically we 
 will be running
 Windows 2K server on an Integrated xSeries server. This will 
 allow us to
 enroll existing AS400 users  groups on a W2k server. This 
 allows us one
 point for administration of both AS400 and W2k set of users.
 We currently have a domain controller, or W2k w/AD 
 installation. We did not
 restrict the usernames to 10 characters on this system. Other 
 systems that
 will be authenticating their usernames against it are also 
 not limited to
 10 characters. Our goal is single sign on. We would like to 
 have the users
 on the AS400/W2K system to authenticate or replicate to our 
 current W2k AD
 installation. The problem is the limitation of usernames. My 
 question is,
 is there anyway around having to change all the usernames on the other
 systems to match the 10 character limitation? Can I have the 
 usernames on
 the AS400 W2K installation link to the current W2k server? I 
 thought with
 LDAP you could have numerous names linked to one. If so, how 
 can I do this?
 Your help is greatly appreciated.
 *
 Sincerely,
 Stacey Davis
 Wan Technician
 Network Services Department
 Anderson News Company
 Phone (865) 584-9765 ext. 1566
 Email [EMAIL PROTECTED]
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP

[Gil Kirkpatrick]

Roger,

Wouldn't it be possible to make the CN of the user object a 10 character
name and the sAMAccountName and/or UPN the longer form? That way the
LDAP-based app can authenticate using the user DN (which is what it will do
if it does an LDAP simple bind), and the users can login using the longer
name form. No SSO product needed. The only downside is that I don't think
you can do this using the MMC to add users, you'd have to use a script or
some such.

-gil

-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 1:18 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP


You asked this a week ago - the answer hasn't really changed.

Either change the user names in AD to be 10 or less characters, or open up
the checkbook and buy an SSO product that will handle it for you.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, January 16, 2003 1:04 PM
 To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
 Subject: [ActiveDir] LDAP
 
 
 I apologize if this is received twice.
 Scenario:
 AS400 system with username restriction of 10 characters. Considering 
 installing a card with W2k AD installed. Specifically we will be 
 running Windows 2K server on an Integrated xSeries server. This will
 allow us to
 enroll existing AS400 users  groups on a W2k server. This 
 allows us one
 point for administration of both AS400 and W2k set of users.
 We currently have a domain controller, or W2k w/AD 
 installation. We did not
 restrict the usernames to 10 characters on this system. Other 
 systems that
 will be authenticating their usernames against it are also 
 not limited to
 10 characters. Our goal is single sign on. We would like to 
 have the users
 on the AS400/W2K system to authenticate or replicate to our 
 current W2k AD
 installation. The problem is the limitation of usernames. My 
 question is,
 is there anyway around having to change all the usernames on the other
 systems to match the 10 character limitation? Can I have the 
 usernames on
 the AS400 W2K installation link to the current W2k server? I 
 thought with
 LDAP you could have numerous names linked to one. If so, how 
 can I do this?
 Your help is greatly appreciated.
 *
 Sincerely,
 Stacey Davis
 Wan Technician
 Network Services Department
 Anderson News Company
 Phone (865) 584-9765 ext. 1566
 Email [EMAIL PROTECTED]
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Authentication ?

[jim . katoe]

Possibly incorrect. 

If some of those legacy applications
use the NT4 API you may have some issues. For instance in my enviornment
I have a legacy application Crystal Enterprise - it is
using an NT4 API for determining group membership for security. As
you know there is a large change in groups from NT4 to Win2k/AD. So
native mode and nested groups would be an obvious No - No. You should
examine your applications and try to determine how they might be affected.
This situation could be one way.

In general though, most environments
should have no problem moving to native mode.








Jim Katoe

Mindshare
Directory Services Manager
MCSE,MCSA,PCLP,CCNA,CCDA,CNA 
Worldwide IT Infrastructure Team
825 8th Avenue, NY, NY 10019

email: [EMAIL PROTECTED]
Office: 646.756.4587
Fax: 646.756.5951







Don Murawski (Lenox)
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
01/16/2003 11:29 AM
Please respond to ActiveDir

To:
   '[EMAIL PROTECTED]'
[EMAIL PROTECTED]
cc:
   
Subject:
   RE: [ActiveDir] Authentication ?


Let me clear up my question!

I have NO 4.0 BDCs, All Win2k
DC's, but have a lot of legacy clients and applications.
Switching to native mode, I'm
assuming should have NOT impact on these applications or systems.

-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?

Unless I am reading his email
wrong - - - 

He is considering going to
NATIVE mode which means one of two things:
1.He
already HAS Win2K Srv and a few 2k servers on the wire

2.He
is planning to purchase WIN2K Srv


In EITHER case (which is just
assumed since he is considering migrating) he would still have to
RUN DCPROMO to upgrade the PDC and BDCs or make them member servers or
remove them from the domain.

Don - we haven't heard form
you since you opened the thread - - please let us know what is the case
so we can stop bickering and help you.

Guys - -I am not trying to
argue - - unfortunately vocal inflection and tone just don't translate
well via email - - - my apologies if it appears as if I'm yelling or picking
a fight.



-Original Message-
From: Kevin Gent [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Authentication ?

The only way his NT 4 PDCs and
BDCs are going to become DCs in a Win2K domain is to purchase W2K and upgrade
them.
- Original Message - 
From: Craig
Cerino 
To: [EMAIL PROTECTED]

Sent: Thursday, January 16, 2003 8:07
AM
Subject: RE: [ActiveDir] Authentication
?

Right - - but if he wants to
keep what used to be his PDC and BDC's in the loop they will either
have to be made DCs by running DCPROM - - or get them out of the replication
loop by making them member servers or removing them from the domain

-Original Message-
From: EALES, Jack - FPIL [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:51 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Authentication ?

switching to native mode means
having NO more NT4.0 BDC's... that's when it becomes a Native domain -
rather than mixed...
-Original Message-
From: Craig Cerino [mailto:[EMAIL PROTECTED]] 
Sent: 16 January 2003 12:41
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Authentication ?
If you run DCPROMO on them
and make them a DC they will.

Which you'll have to do anyway
 or downgrade them to member servers 

-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 16, 2003 7:16 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Authentication ?

Considering switching to native mode within
a month.

Is there any different in authentication
methods in native mode than mixed?
Some reason their seems to be a debate around
my company about some applications may be affected?
It's my understanding that making the switch
to native mode means that 4.0 DC's will not longer be able to replicate.



Don L Murawski
Sr. Network Administrator - MCSE 4.0, 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax:   (404) 949-6710
Cell:   (678) 549-1264

RE: [ActiveDir] Authentication ?

[Rick Kingslan]

Title: Message



Jim,

I'd 
like to hear more (and, if others want to chime in, please do) about legacy apps 
and sec groups. If myproduction environment and experience is 
correct, going to native mode is not going to have an effect on security 
groups. (Except for the obvious Universal group, nesting, 
etc.)

Consider: You have upgraded all of your BDC to Win2k DCs. You 
switch tonative mode, but all of a sudden realize that you have over 500 Windows 
NT 4.0 and Windows3.1 (Not NT, Win 3.1)workstations with 
appllications written for that platform. So the workstations and 
applications cease to interoperate with the rest of the 
environment?

The 
answer is an emphatic NO. They operate fine, work with the Domain Local, 
Global and Universal groups.

I 
will, however,agree that there may be the application here and there that 
has a real issue with the SID format or API calls to Windows 2000 groups. 
As you said - test your apps. But, these should fail before going to 
Native - not necessarily, after.

Comments?? Anyone want to visit a site in Virginia where they can 
see these 500 Windows 3.1 machines in a native mode domain??? 
;o)


Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active 
DirectoryAssociate ExpertExpert Zone - 
www.microsoft.com/windowsxp/expertzone

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of [EMAIL PROTECTED]Sent: Thursday, 
January 16, 2003 3:11 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Authentication 
?
Possibly incorrect.  If some of those legacy applications use the NT4 API 
  you may have some issues. For instance in my enviornment I have a 
  "legacy application" Crystal Enterprise - it is using an NT4 API for 
  determining group membership for security. As you know there is a large 
  change in groups from NT4 to Win2k/AD. So native mode and nested groups 
  would be an obvious No - No. You should examine your applications and 
  try to determine how they might be affected. This situation could be one 
  way. In general though, most 
  environments should have no problem moving to native mode. 
  
  


  

  Jim Katoe MindshareDirectory 
Services ManagerMCSE,MCSA,PCLP,CCNA,CCDA,CNA 
Worldwide IT Infrastructure 
Team825 8th Avenue, NY, NY 10019 
  
email: 
[EMAIL PROTECTED]Office: 646.756.4587Fax: 
646.756.5951
  


  
  "Don Murawski (Lenox)" 
[EMAIL PROTECTED] Sent by: 
[EMAIL PROTECTED] 
01/16/2003 11:29 AM Please respond to ActiveDir 
  To:   
 "'[EMAIL PROTECTED]'" 
[EMAIL PROTECTED] cc:

 Subject:RE: [ActiveDir] 
Authentication ?Let me clear up my question!  I have NO 4.0 
  BDCs, All Win2k DC's, but have a lot of legacy clients and 
  applications. Switching to 
  native mode, I'm assuming should have NOT impact on these applications or 
  systems.  -Original Message-From: Craig Cerino 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 
  11:14 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Authentication ?Unless I am reading his email wrong - - -  He is considering going to NATIVE mode which means one of two 
  things: 1.
  He already HAS Win2K Srv 
  and a few 2k servers on the wire 2.   
   He is planning to 
  purchase WIN2K Srv 
   In EITHER case (which is just assumed since he 
  is considering migrating) he would still have to RUN DCPROMO to upgrade 
  the PDC and BDCs or make them member servers or remove them from the 
  domain.  
  Don - we haven't heard form you 
  since you opened the thread - - please let us know what is the case so we can 
  stop bickering and help you.  Guys - -I am 
  not trying to argue - - unfortunately vocal inflection and tone just don't 
  translate well via email - - - my apologies if it appears as if I'm yelling or 
  picking a fight.   
   -Original Message-From: Kevin Gent 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 
  11:13 AMTo: [EMAIL PROTECTED]Subject: Re: 
  [ActiveDir] Authentication ?  The only way his 
  NT 4 PDCs and BDCs are going to become DCs in a Win2K domain is to purchase 
  W2K and upgrade them. - Original 
  Message - From: Craig Cerino To: [EMAIL PROTECTED] 
  Sent: Thursday, January 16, 2003 
  8:07 AM Subject: RE: [ActiveDir] 
  Authentication ?  
  Right - - but if he wants to keep 
  what used to be his PDC and BDC's in the loop they will either have to 
  be made DCs by running DCPROM - - or get them out of the replication loop by 
  making them member servers or removing them from the domain  -Original Message-From: EALES, Jack - FPIL 
  [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 7:51 
  AMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] Authentication ?  switching to 
  native mode means having NO more NT4.0 BDC's... that's when it becomes a 
  Native domain - rather than mixed... 

RE: [ActiveDir] AD 2 AD Migration

[Rick Kingslan]

Joeri,

We are in the final phases of a complete migration from one forest to another.  We 
have migrated 25k plus machines, 11k plus users, and some number of groups.

All of this was done with ADMT ver 2.0.  Though not perfect, it did an absolutely 
fantastic job for our needs.  ADMT does require that the destination domain be in 
native mode.  The upside is that you can now migrate the user password.

Jimmy provided you with links on this, so have at it.  The price - clearly, is right.  
;o)

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED]] On Behalf Of 
 Mulder, Joeri (NL - Amsterdam)
 Sent: Thursday, January 16, 2003 9:05 AM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] AD 2 AD Migration
 
 
 Hello,
  
 Does anyone have experience migrating users and groups from 
 one forest to another? Is ADMT v2.0 the best tool to do this?
  
 Greets,
 --Joeri--i .i jívҕ
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Call for papers - Directory Experts Conference for Active Directory 2003

[Gil Kirkpatrick]

Greetings, 

The second Directory Experts Conference for Active Directory will be held in
Scottsdale, Arizona from April 28 through May 1, 2003. Although we have not
officially announced the conference (that will happen in a few days), I
would like to solicit the experts on the list for presentations on Active
Directory projects and issues.

This year's DEC will focus on two topics: security and directory
integration, i.e., doing more with AD than just logging in. I'm looking for
real-world discussions that have fairly broad appeal to the AD experts
community. Problem-and-solution stories are great, as are in-depth
discussions of some of the dustier corners of AD that don't get much
discussion, e.g. integration with non-Microsoft systems. Topics that I'm
*not* interested in include this is how we designed our directory (unless
it's mind-bogglingly unusual), NT4-to-AD migration stories, and vendor sales
pitches, veiled or otherwise. Presentations should run about 45 minutes with
15 minutes of discussion, although we can go longer for meatier topics. 

I'm also taking suggestions for birds-of-a-feather type breakout sessions.

The DEC is a technical conference targeted toward directory architects,
engineers, and consultants with more than six months of production Active
Directory experience under their belts... attendees can generally list the
top level command options in NTDSUTIL and diagram the DNS namespace created
by a DC from memory :) This means that you can focus on the interesting bits
of your topic without having to explain things like what FSMO role owners
are and why having more than one of each is a bad thing.

So if you think you may have an interesting story to tell, please contact me
via email at mailto:[EMAIL PROTECTED]. And if you're just interested in
attending, watch this space; I'll post the official conference annoucement
to the list as soon as its released.

Thanks,

-gil

Gil Kirkpatrick
CTO, NetPro
Author of Active Directory Programming from MacMillan
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/