Re: [ActiveDir] SUS
I think Carlos is talking about the SUS Server's settings, not the client settings. However, I don't know where they're stored either. Cheers Ken - Original Message - From: Michael B. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 05, 2003 12:23 AM Subject: RE: [ActiveDir] SUS Its not in an xml file, it's in the registry. For example (watch for wrappage): snip -Original Message- From: Carlos Magalhaes [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 9:33 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] SUS Just a quick one, does anyone know which XML file stores the SUS servers settings, for example when you schedule the server to update at 3:00am where does it actually store that info, I have looked at the config files in Administration folder in inetpub but nothing there. Anyone know? Thanks! Carlos Magalhaes List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Interop Exception
Its an old ATT term for toll free -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 6:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Interop Exception what is the world is a watts phone # - Original Message - From: John Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:12 PM Subject: RE: [ActiveDir] Interop Exception Reflect, Repent, Reboot. John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Abort Retry Ignore -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:11 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception Three Random Words Gil Kirkpatrick CTO, NetPro -Original Message- From: John Parker [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 12:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Flatulent Pork Sluggo John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Steve Brashear [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception torturous angst mountain -Original Message- From: Hutchins, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Blue meatloaf car -Original Message- From: stefano tufillaro [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Good new Bye _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Manual Replication - Any suggestions?
In general, my philosophy is manual = bad, automated = good. And this definitely applies to maintaining the site topology and replication connections. Unless you have special replication needs (e.g. firewalls, not fully connected network, etc), doing it manually is never the preferred approach. We have over 400 sites and 90 DCs and replication problems have been the least of our worries. Robbie Allen http://www.rallenhome.com/ -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 6:56 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Manual Replication - Any suggestions? Wow. Can't say that I ever expected to hear someone say that. With autogeneration you basically need network link cost and replication schedule time per site link which should be far less configuration than manually configuring replication connections. Even with a centralized method of managing creation of sites which we have (basic perl scripts that also create the site links) I don't see how it would ease the creation of replication connections. Especially if you have a failure and need to start repointing connections. Say you have 9 domains with 400 DC's spread across say about 300 sites with DC's and having another 200 sites that you simply need site links for calculating best (closest) coverage with a fairly simple 3 hub hub and spoke deployment you would have just over 500 site links but thousands of connection objects (800 alone if each DC only replicated with one other DC which obviously isn't feasible when you consider GC partitions (and intrasite replication if you care about latency)). Much easier, I would think, to manage the 500 links versus the thousands of connections. Especially considering the amount of work required for reconfiguration if a bridgehead blows in a hub site is sit back and watch the reconfiguration of connections. By any chance could you explain your forest in terms of number of domains and dc's and sites? Also do you have a really complicated network structure where you have to pump replication down specific spanning trees to get from one end to the other? I am curious as to the kind of layout that could cause this kind of mindset on managing connections versus links. thanks, joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Merry, Joel (US - Philadelphia) Sent: Thursday, September 04, 2003 11:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Manual Replication - Any suggestions? Even with the updated KCC algorithm, I'm still a fan of manual replication links. Even relying upon auto-generation, you still need to properly configure costing and all that fun jazz. And if you're going to go through all of that, why not configure everything manually? The only reason I can think of not doing it is if you don't have a centralized way to manage the creation of new sites (and potentially bridges depending on your network configuration) so you don't have to worry about sites being orphaned -- but considering the size of your environment, I would think you do. -Joel -Original Message- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:56 PM To: AD mailing list (Send) Subject: RE: [ActiveDir] Manual Replication - Any suggestions? That requires forest functional level 1 which would prevent the presence of any 2000 DCs in any domain within the forest (NT4 Ds are permissible) ... if the lack of Windows 2000 is feasible, the new ISTG (in both my own and Microsoft's internal tests) would easily fulfill your requirements. -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Thursday, September 04, 2003 2:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Manual Replication - Any suggestions? What about upgrading your servers to Windows Server 2003, the ISTG in W2K3 can handle up to 3,000 sites tested, 5,000 in theory. -Original Message- From: Jef Kazimer [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Manual Replication - Any suggestions? I'm currently working at a company where we have 115 international sites, and 3 domains. The KCC and ISTG are working sub-optimal, and it seems on MS's advice we are going to calculate a manual replication connection model. Anyone have any experience this, and have any gotcha's we should be expecting? Thanks, Jef List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info :
RE: [ActiveDir] OT: Login script problems
Title: Message Would additionally be a good idea to check the workstation event logs. Been seeing some weirdness with mixed topology Win2K SP4 workstations and login script/GPO's. I agree with Joe that a lot of problems come to name resolution as a whole, but this is a little different. Al -Original Message-From: Joe [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 8:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Login script problems A lot of issues in W2K come down to DNS. Logon scripts are pretty easy to troubleshoot though if you look at network traces as you will see the request to get the logon script right in the trace and whether or not the issue is name resolution or something else. The most fun issue I have see with logon scripts is a site that is configured for DNS and WINS and the way the DC's are configured they are not all in WINS (involved hub and spoke multi-tier WINS environment) and in a disjoint dns name space so when a DC is found through DNS and then the logon process says to bring down logon script xyz the client gets the FQDN of the machine with the script but for some reason it chops the dns name off and just tries to resolve the host name through WINS and can't so the logon script doesn't come down. Have also seen this when companies try to mix to separate networks while in a consolidation process and they point at WINS for one network and DNS for another and use the domain and logon process of where they are using the DNS and the WINS is just to find old resources. Completely blows the logon script process. Again, simplest to get a network trace and see the exact failure than to try and fix this and then that and then that to see what fixes it overall. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond McClinnisSent: Thursday, September 04, 2003 7:55 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Login script problems I found that in our AD environment that a lot of "weird" problems like this have to do with DNS or name resolution of some kind Thanks, Raymond McClinnis Network Administrator Provident Credit Union -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JoeSent: Thursday, September 04, 2003 4:31 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Login script problems Could be lots of things the fastest way to chase it down is to put the client on a shared hub with another pc with some network tracing software and watch the logon process. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, September 04, 2003 6:45 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: Login script problems Right now when I log into the computer I get the script I wrote about 40% of the time. I added it to a different user as well and he never got it. I also copied the script to all the DC's just in case. Any ideas?ThanksRyan
RE: [ActiveDir] Interop Exception
wide area telephone or transmission services Generally reduced price long-distance services. Not always toll-free. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Its an old ATT term for toll free -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 6:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Interop Exception what is the world is a watts phone # - Original Message - From: John Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:12 PM Subject: RE: [ActiveDir] Interop Exception Reflect, Repent, Reboot. John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Abort Retry Ignore -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:11 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception Three Random Words Gil Kirkpatrick CTO, NetPro -Original Message- From: John Parker [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 12:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Flatulent Pork Sluggo John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Steve Brashear [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception torturous angst mountain -Original Message- From: Hutchins, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Blue meatloaf car -Original Message- From: stefano tufillaro [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Good new Bye _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Manual Replication - Any suggestions?
Thanks for the advice everyone! Unfortunately I just started at this company, and it seems this deicision was made before I got here. I'm trying to get background research done as to why this direction was chosen. I did come from a bigger environment where we made changes to the ISTG timing to avoid some of the issues which worked fine until we were able to consider 2003. Here, I'd rather push forward with the 2003 deployment instead of going manual. Jef No likey da Evil! Original Message: Return-Path: [EMAIL PROTECTED] Thu Sep 04 17:25:29 2003 Received: from mail.activedir.org [64.245.160.7] by mail16.crystaltech.com with SMTP; Thu, 04 Sep 2003 17:25:29 -0700 Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by mail.activedir.org with ESMTP (SMTPD32-7.07) id A3F3EDE010C; Thu, 04 Sep 2003 19:00:03 -0400 Received: from dialup-67.72.217.187.dial1.detroit1.level3.net ([67.72.217.187] helo=mainpro) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 19v357-0001zi-00 for [EMAIL PROTECTED]; Thu, 04 Sep 2003 16:00:02 -0700 From: Joe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Manual Replication - Any suggestions? Date: Thu, 4 Sep 2003 18:59:59 -0400 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: [EMAIL PROTECTED] Importance: Normal Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Hmm that seems kind of small to turn off the KCC. I wouldn't do it myself. In fact we have about 500 sites defined, 375 DC's spread across them, and nine domains. Most of the sites have a DC from one of the five main domains though. If you have a hub and spoke topology and the site links are configured properly and you have site transitivity turned off you shouldn't have an issue. Manually generating your topology is an evil evil thing. Also where did the MS advice come from? Not trying to smash MS but there are only a few people from MS that I will listen to about AD right off. Mostly I make the person I am talking to prove what they are saying. Haven't found anyone in MCS yet with a really strong grasp, only decent. One main person in PSS - JD. Then of course you have the folks like Stuart Kwan and Dave Trulli. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer Sent: Thursday, September 04, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Manual Replication - Any suggestions? I'm currently working at a company where we have 115 international sites, and 3 domains. The KCC and ISTG are working sub-optimal, and it seems on MS's advice we are going to calculate a manual replication connection model. Anyone have any experience this, and have any gotcha's we should be expecting? Thanks, Jef List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Login script problems
It is a script that copies a file to the hard drive then runs it. It's the fixwelch thing to make sure no one has the virus. I know it works because it has worked in the past. I also know we have some wins and dns problems here. I do have one more question. We use our routers for DHCP and w2k for wins and dns. Does anyone ever see this as a problem? Ryan McDonald Systems Administrator Rick Kingslan [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/04/2003 07:42 PM Please respond to ActiveDir To:[EMAIL PROTECTED] cc: Subject:RE: [ActiveDir] OT: Login script problems Is this script implemented via GPO? And, would you be willing to share the script with us, as it might help to figure out what is going on. Provide, if possible, as much information on how this script is implemented in your system. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 5:45 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Login script problems Right now when I log into the computer I get the script I wrote about 40% of the time. I added it to a different user as well and he never got it. I also copied the script to all the DC's just in case. Any ideas? Thanks Ryan
Re: [ActiveDir] Possibly OT: Cisco VPN and AD
Try setting the two users' passwords to the same value (i.e., the user who successfully logs in, and the one who can't). If the one that didn't work starts to -- then there is an incompatibility between password policies. The Cisco product might be truncating, lopping off special characters or digits, etc. before going to AD. If nothing changes, you can at least rule out password policy setup as the source of your problem... On Thu, 4 Sep 2003, Wright, T. MR wrote: We have an issue with our VPN concentrator. It seems that it allows some AD users to authenticate, while others can not. We can find no pattern to explain why the users that are able to authenticate are allowed to do so and why the users that can't authenticate can not. An example is that I have two domain admin acct's, one that is a Service acct. and one that belongs to me. I am able to authenticate using the service acct. but not my own acct. They are in the same OU, they have permissions to the same groups etc. The only thing I see in the event logs upon an authentication failure is a generic EventID 675 with Pre-authentication failed, with Failure Code 0x18, which translates to a bad password, but I know this is not the case since I use my admin account to logon to other resources etc. Our network guys have been in contact with TAC and they don't seem to have a clear answer either. They feel it it is something in our GPO. The thing is our GPO settings are not rocket science. Right now we are basically just enforcing complex passwords etc. and we're not doing much outside of that. I was hoping that someone might have had these issues before and could provide some insight. Thanks, -Tim List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Interop Exception
Wide Area Telephone Service (WATS): A bulk-rated long-distance telephone service that carries calls at a cost based on usage and the state in which the call terminates. The Irwin Handbook of Telecommunications (3rd Edition) -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 9:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception wide area telephone or transmission services Generally reduced price long-distance services. Not always toll-free. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Its an old ATT term for toll free -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 6:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Interop Exception what is the world is a watts phone # - Original Message - From: John Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:12 PM Subject: RE: [ActiveDir] Interop Exception Reflect, Repent, Reboot. John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Abort Retry Ignore -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 3:11 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception Three Random Words Gil Kirkpatrick CTO, NetPro -Original Message- From: John Parker [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 12:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Flatulent Pork Sluggo John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Steve Brashear [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Interop Exception torturous angst mountain -Original Message- From: Hutchins, Mike [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Blue meatloaf car -Original Message- From: stefano tufillaro [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Interop Exception Good new Bye _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ:
RE: [ActiveDir] Manual Replication - Any suggestions?
Well, 115 sites, and 3 domains. I am currently redesigning our site topology and complexity is generated only when you have more than one hub site. I would recommend that you take a real hard look at you network connection speeds first between sites. Anything below 128kb will be suspect. Remember domain replication should fall within 15 minutes for convergence. That is why they say design your domains based on geography not organizational boundaries. Try to group your sites by how fast you can replicate to a central location within 15 minutes. It is true that domains can span sites, but I use the 15 minute rule to make sure that convergence is within spec. Site creation principles 1. Connectivity between physical sites is slower than LAN traffic so you need to compress the data. 2. Possibility of network disruption for extended periods of time between your site and the remote location. 3. Firewall is between your network and the remote network. Recommendations. Create necessary sites based on the three principles above. Dedicate a Subnet for 2 DC/GC for the accounts domain to replicate all changes through for all domains and all GCs. Create necessary site links between remote site and hub sites and set costs and schedules if you need to. Dedicate GC's in remote sites as preferred bridge head servers and the two servers in the hub as preferred BHS. (This makes sure that the GC's in remote sites are chosen to be the replication target. Make sure there is at least on DC/GC per Site Turn off site link transitivity, and then create a sitelink bridge that encompasses all the spoke sites to the dedicated hub site. If you find yourself needing multiple hub sites. You will have to create several site link bridges between remote spoke sites and remote hubs because all GC's have to replicate to all other GC's in the forest. The hub GC's will allow GC replication traffic and domain replication traffic to be passed to the corresponding spoke site, even if the DC is not part of the domain. This makes replication traffic more deterministic. You want to make sure that spoke BHS replicate to other spoke BHS through the Hub BHS. One advantage of doing this is to make the firewall admins more at ease when it comes to RPC replication. I recommend upgrading your firewalls to the latest IOS that supports AD replication. CISCO and LUCIENT currently can support AD FRS and NTDS replication much better now. If firewalls are in your environment you will need to make sure the following ports are open to support AD services. 53,88,123,135,(137,138,139 for WINS and NetBIOS support),389,445,3268. For NTDS and FRS replication you have two options, use dynamic or fixed RPC. Dynamic RPC requires that all ports be open on the firewall (Unless you are using a firewall that supports NTDS and FRS replication), fixed RPC can be set for each service (NTDS, and FRS) respectively. What ever you standardize on you just open at the firewall. I recommend coming up with a naming standard and description standards for Sites, Site Links, and SL Bridges. I also recommend that you also come up location codes as well and fill out the location tab on your subnets so that you can use network location tracking feature of AD. Network location tracking allows you to search for printers that are close to you. You should also come up with a standard way to identify network printers, and use it to fill out the printer properties descriptions. Using Network Location tracking combined with the Printer description allows you to locate the closest printer quickly. Exchange 2003 is rumored to also use the location field for optimized network services. One final recommendation for Object Identification in the AD. Remember that each objects ID is a CN attribute. When possible use small or works stringed together with a dash. It makes it easier to search when there isn't a space in the DN and CN attribute. I also highly recommend installing monitoring for both AD operations and Security. NETPRO has two very good products for monitoring DC replication health and partition security. I highly recommend that you read the Windows 2000 resource kit for more background on replication, and site design. It is one of the best sources. Todd Myrick -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:37 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Manual Replication - Any suggestions? In general, my philosophy is manual = bad, automated = good. And this definitely applies to maintaining the site topology and replication connections. Unless you have special replication needs (e.g. firewalls, not fully connected network, etc), doing it manually is never the preferred approach. We have over 400 sites and 90 DCs and replication problems have been the least of our worries. Robbie Allen http://www.rallenhome.com/ -Original Message- From: Joe [mailto:[EMAIL
[ActiveDir] Sites and Site Link Naming Conventions
Todd's post was very timely as I was going to post this question tonight anyway. We're in the initial design phase for a potentially large AD environment (it'll start small with maybe 3 sites and a 10 DC's total, but could eventually grow to 700 sites, each with a DC). I'm curious what others have done for their naming conventions when it comes to Sites and Site Links (and Site Link Bridges, apparently.) Does it make sense to include the link speed in the name? If so, does having to rename links in the future (because of upgrades or whatnot) work fine or should that be avoided? David List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Sites and Site Link Naming Conventions
Renames are fine. I don't see a point in the link speed in the name, you could put it in the comments so it is still available. Our naming standard goes something like this Hub Sites NA(Americas - located in North America) AP (Asia Pacific) EU (Europe) Hub Sites dedicated to Exchange NAEXCH APEXCH EUEXCH Remote Sites Bbuilding# so like B56345 Then the links all look like Hubsite Name - Remote Site (or hub site - hub site for the big main hub interconnections) NA-B56345 NA-NAEXCH NA-EU EU-AP NA-AP Etc. I have no site link bridges. Simple 3 hub and spokes. Cool thing is now with my site scripts when I create a site I specify parameters like Createsite DC sitename hub [metric if not default WAN] Ex: Createsite domaincontroller1 B45678 NA From that it knows the domain controller to work on (I like to target my creates); what site to build, what two sites should be in the site link and what the site link name should be and what the metric should be if the default isn't good enough (it always is for me as I have a 3 hub hub and spoke). So I would have the following objects after that Site Object B45678 Site Link Object NA-B45678 with NA and B45678 sites in it. So I've shown mine... Who else wants to share? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, September 05, 2003 6:27 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Sites and Site Link Naming Conventions Todd's post was very timely as I was going to post this question tonight anyway. We're in the initial design phase for a potentially large AD environment (it'll start small with maybe 3 sites and a 10 DC's total, but could eventually grow to 700 sites, each with a DC). I'm curious what others have done for their naming conventions when it comes to Sites and Site Links (and Site Link Bridges, apparently.) Does it make sense to include the link speed in the name? If so, does having to rename links in the future (because of upgrades or whatnot) work fine or should that be avoided? David List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Converting Active Directory 64 Bit Time Values into Date Strings with Perl and general process you can use for other languages
I have been asked multiple times for this info in newsgroups and emails to my joeware email and again at work yesterday so I wrote this up. Thought I would share with the group here in case anyone cares. --- First off the 64 bit Integer Time Values (Called Integer8) represents the number of 100 nanosecond intervals between the time stamp and January 1, 1601. Don't ask me why, this is just what it is, I am not even going to attempt to explain it other than I wasn't around prior to 1969 so what happened with computers in 1601 is far outside my personal scope of really caring. In fact I am not sure anything even existed then because I didn't, it is up for debate. 1. Remove last 7 characters - Usually this will be all zeros but it may be actual digits if you care to get down to 100 nanosecond accuracy, you can figure it out. 2. Subtract off 11644473600 You are now at a value that is the number of seconds since since January 1, 1970. Again I will not explain even though I was around then. I still wasn't at the point that I worried about time stamps on computers, I was still flabbergasted that man had walked on the moon 6 short months previously... This value was targeted because there are functions out there that use that format for time already and you can leverage them to convert to a friendly time/date stamp such as ctime or localtime or gmtime. So how to do this in perl?? Here is a quick perl script: ___t64.pl___ $t64=shift; $t64=~s/(.+).{7,7}/\1/; $t64-=11644473600; ($sec, $min, $hour, $mday, $mon, $year, $wday, $ydat, $isdst)=localtime($t64); $mon++; $year+=1900; print $mon/$mday/$year - $hour:$min:$sec DST - $isdst\n; When you run it it will produce something like: C:\Tempt64 127069827243689315 9/2/2003 - 9:25:24 DST - 1 Use as you wish. For other cool methods to play with those time fields in Perl check out Robbie Allen's upcoming book - Active Directory Cookbook. :o) joe List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/