date:20040721

Are you using outlook?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: 21 July 2004 10:16
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] two ops

yeah, also not sure whats going on, honestly dont know where 2 begin,
help 
is appreciated.
rgds
cyrus 

Thommes, Michael M. writes: 

 Cyrus, your email address is showing up using our mail server too!  
 Maybe some weird email configuration using localhost?

 Mike Thommes

   -Original Message- 
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
   Sent: Tue 7/20/2004 4:33 AM 
   To: [EMAIL PROTECTED] 
   Cc: 
   Subject: Re: [ActiveDir] two ops

   realy I have no idea how musicrights.co.uk got tagged on my
mail,
   something interesting to look into.
   thanks for the help.
   rgds
   cyrus

   Rutherford, Robert writes:

1) Just go into the boot.ini on the root of your boot
partition and
delete the reference to your old OS. If you are unsure then
post the
contents here and I'll tell you which 1.

2) How/Why are you using the domain name musicrights.co.uk? My
company
owns that domain name and we do not use it in any mail system.

Rob

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 20 July 2004 06:03
To: [EMAIL PROTECTED]
Subject: [ActiveDir] two ops

greetings, 

I have formatted the server and re-install window server ops,
now every
time
the server starts or restarts, i'm always propmpted to select
which
Window
Server the system will use. I have only one, how  can I
remove this
prompt
to select which window server the system will use. 

rgds
cyrus 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential
and may be privileged. If you have received this e-mail in error please
notify the sender immediately and delete the material from any computer.
Unless you are the intended recipient, you should not copy this e-mail
for any purpose, or disclose its contents to any other person.
The MCPS-PRS Alliance is not responsible for the completeness
or accuracy of this communication as it has been transmitted over a
public network. Whilst the MCPS-PRS Alliance monitors all communications
for potential viruses, we accept no responsibility for any loss or
damage caused by this e-mail and the information it contains.
It is the recipient's responsibility to scan this e-mail and
any attachments for viruses. Any
e-mails sent to and from the MCPS-PRS Alliance servers may be
monitored for quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered
in England under company number 03444246 whose registered office is at
c/o 29-33 Berners Street, London, W1T 3AB.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and the information it contains are confidential and may be privileged. If 
you have received this e-mail in error please notify the sender immediately and delete 
the material from any computer. Unless you are the intended recipient, you should not 
copy this e-mail for any purpose, or disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
communication as it has been transmitted over a public network. Whilst the MCPS-PRS 
Alliance monitors all communications for potential viruses, we accept no 
responsibility for any loss or damage caused by this e-mail and the information it 
contains.
It is the recipient's responsibility to scan this e-mail and any attachments for 
viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality 
control and other purposes.

The

RE: [ActiveDir] W2K DC replacement

Title: Message

As I understand it... You have lost a DC which
held roles and you want to get them onto another server?

If you
can quickly and get the old DC back then do that and transfer the roles..
else...

1)
Seize thelostroles fromone of the other domain controllers
using NTDSUTIL - http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
2)
Clean up the old server info, via metadata cleanup. You may also need to
manually go in and delete theold DCobject from ADUC, sites and
services, and DNS. I have seen it a couple of time when the object remains for
some time.. Iassume it would eventuallygo when AD cleans
up.

Rob

-Original Message-From: Svetlana
Kouznetsova [mailto:[EMAIL PROTECTED] Sent: 21
July 2004 11:03To: [EMAIL PROTECTED]Subject:
[ActiveDir] W2K DC replacement

Hi everybody,
My question might sound silly, but
I guess, it allowed when you desperate.
Hope to get your valuable advice.

We have W2K domain controller,
which has been taken off line and needs to be rebuild. Unfortunately, the
rebuilt part started before we realised, we need to transfer roles to another
machine at least. (we have just 2 DC in that domain)
We have now new plans to promote
a new W2K box into domain controller instead of the old one, which will return
online as a member server, as running vital applications.
I know that weve done it the
wrong way. (please be gentle). But its about too late...So my question
is really, in what order should I bring in new W2K server into
domain.
Can I transfer roles into new DC,
if the old one off line or should I re-install the old one as domain
controller even if for transfer of roles only?
Do I need to do metadata cleanup,
if roles will be transferred or just let AD naturally clear it up, replicating
changes?
Is there any gotchas to watch out
for?
The only DC left is GC server, as
the one, that gone, used to have all the rest of roles.
Many thanks in advance for any
helpful advices.

Lana.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] W2K DC replacement

2004-07-21 Thread Svetlana Kouznetsova

Title: Message









Well, we have lost that DC, but I think,
itll be easier to bring back new DC instead and rebuild the old one as a
W2K3 member server. It is running few important applications  things
that are inconvenient to run on Domain Controller. And since weve accidentally
got such an opportunity in our hands, we might as well just use it.

Im going to promote brand new
machine into DC and will do seize roles and metadata cleanup before that. I
just wasnt sure of the best order to do so.

The new machine will come with a new
name and IP, the old DC will keep the old name and IP, but as a member server.
Hope this would not create any further problems.

Thanks a lot for the comment.



Lana.



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert
Sent: 21
 July 2004 11:24
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] W2K DC
replacement





As I understand it... You have lost a DC
which held roles and you want to get them onto another server?











If you can quickly and get the old DC back
then do that and transfer the roles.. else...











1) Seize thelostroles
fromone of the other domain controllers using NTDSUTIL - http://support.microsoft.com/default.aspx?scid=kb;en-us;255504





2) Clean up the old server info, via
metadata cleanup. You may also need to manually go in and delete theold
DCobject from ADUC, sites and services, and DNS. I have seen it a couple
of time when the object remains for some time.. Iassume it would
eventuallygo when AD cleans up.











BR











Rob











-Original
Message-
From: Svetlana Kouznetsova
[mailto:[EMAIL PROTECTED] 
Sent: 21 July 2004 11:03
To: [EMAIL PROTECTED]
Subject: [ActiveDir] W2K DC
replacement

Hi everybody,

My question might sound silly, but I guess, it allowed when
you desperate. 

Hope to get your valuable advice. 

We have W2K domain controller, which has been taken off line
and needs to be rebuild. Unfortunately, the rebuilt part started before we
realised, we need to transfer roles to another machine at least. (we have just
2 DC in that domain)

We have now new plans  to promote a new W2K box into
domain controller instead of the old one, which will return online as a member
server, as running vital applications. 

I know that weve done it the wrong way. (please be
gentle). But its about too late...So my question is really, in
what order should I bring in new W2K server into domain.

Can I transfer roles into new DC, if the old one off line or
should I re-install the old one as domain controller even if for transfer of
roles only?

Do I need to do metadata cleanup, if roles will be
transferred or just let AD naturally clear it up, replicating changes?

Is there any gotchas to watch out for?

The only DC left is GC server, as the one, that gone, used
to have all the rest of roles. 

Many thanks in advance for any helpful advices.



Lana.




This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the sender
immediately and delete the material from any computer. Unless you are the
intended recipient, you should not copy this e-mail for any purpose, or
disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of
this communication as it has been transmitted over a public network. Whilst the
MCPS-PRS Alliance monitors all communications for potential viruses, we accept
no responsibility for any loss or damage caused by this e-mail and the
information it contains.
It is the recipient's responsibility to scan this e-mail and any attachments
for viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for
quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under
company number 03444246 whose registered office is at c/o 29-33 Berners Street,
London, W1T 3AB.

RE: [ActiveDir] DC GPO not applying event log settings

2004-07-21 Thread Darren Mar-Elia

Title: DC GPO not applying event log settings



You might want to enable verbose security policy logging 
too see if it shows something. Here's the info on enabling 
it:

http://support.microsoft.com/default.aspx?scid=kb;en-us;245422


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Alex 
FontanaSent: Wednesday, July 21, 2004 10:01 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DC GPO not 
applying event log settings

Sorry, Win2k/SP4 all current patches 
applied.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Eric 
FleischmanSent: Tuesday, July 20, 2004 8:06 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] DC GPO not 
applying event log settings


Is this 2k03 rtm? If so, known issue. Call 
PSS and ask for Q824245.

~Eric






From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Alex 
FontanaSent: Tuesday, 
July 20, 
2004 6:33 
PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] DC GPO not applying 
event log settings


Here's the situation, 

Editing the Default Domain 
Controllers policy:  
Max 
Size for Event Logs (for all): 16384KB 
 Retention Method (for all): As 
needed  Audit 
Policy: custom settings 
 Windows Updates: 
Disabled 
For 
the life of me I can not get the event log size, retention method, or actual 
logging of security events to be applied. The Windows Update does get 
disabled, and the settings for auditing do get set.
Anyone have any clue what is going 
on??? I've also tried creating another GPO, same result. 

Thanks, Alex.

[ActiveDir] Renaming the Administrator account

2004-07-21 Thread Edwin









I have always renamed the default Administrator account on
every system build I have performed for security reasons.



I did the same on the domain but was then scolded by a more
experienced AD Administrator. The reason given to me was because there are
parts of AD that authenticate or use the SID of the administrator account while
other areas may use the Administrator username explicitly. If I
were to rename the default Administrator account then those references that
call the username explicitly may fail.



I am still new to AD so I took the above warning with
caution and therefore renamed the default user back to its original settings.



I would appreciate anyones input on the above. I
would like to rename the Administrator account as part of best practices but if
it may cause problems then of course this would not be an option. However, I
have a hard time understanding why renaming the account could cause potential
problems. I would think that any reference to the Administrator account would
be made by the SID and if any call to the username itself was made, it would
access a database that was populated with the correct information as it was
changed.



The only information I have about renaming the account is
above.



Thank you all for your responses.



Edwin

RE: [ActiveDir] Renaming the Administrator account

Title: Message

2000
security/authentication revolves around the SID. I have always
renamed the admin account, on a PC and domain level and have never had an issue.
I would sensitively ask your 'more' experienced colleague for an example of
which "other areas may use the Administrator username
explicitly".

Rob

-Original Message-From: Edwin
[mailto:[EMAIL PROTECTED] Sent: 21 July 2004 12:38To:
[EMAIL PROTECTED]Subject: [ActiveDir] Renaming the
Administrator account

I have always renamed the default
Administrator account on every system build I have performed for security
reasons.

I did the same on the domain but
was then scolded by a more experienced AD Administrator. The reason
given to me was because there are parts of AD that authenticate or use the SID
of the administrator account while other areas may use the Administrator
username explicitly. If I were to rename the default Administrator
account then those references that call the username explicitly may
fail.

I am still new to AD so I took the
above warning with caution and therefore renamed the default user back to its
original settings.

I would appreciate anyones input
on the above. I would like to rename the Administrator account as part
of best practices but if it may cause problems then of course this would not
be an option. However, I have a hard time understanding why renaming the
account could cause potential problems. I would think that any reference
to the Administrator account would be made by the SID and if any call to the
username itself was made, it would access a database that was populated with
the correct information as it was changed.

The only information I have about
renaming the account is above.

Thank you all for your
responses.

EdwinThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

Re: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Tony Murray

Anything that specifically uses the domain Administrator account by name should be 
taken out and shot.  

You should have no problems with renaming the account.

Here's something from Microsoft which suggests (as you do) that it would be a best 
practice.

http://www.microsoft.com/technet/Security/topics/issues/w2kccscg/w2kscgcd.mspx

Tony
-- Original Message --
Wrom: LSZLKBRNVWWCUFPEGAUTFJMVRESKPN
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jul 2004 07:37:48 -0400

I have always renamed the default Administrator account on every system
build I have performed for security reasons.

 

I did the same on the domain but was then scolded by a more experienced AD
Administrator.  The reason given to me was because there are parts of AD
that authenticate or use the SID of the administrator account while other
areas may use the Administrator username explicitly.  If I were to rename
the default Administrator account then those references that call the
username explicitly may fail.

 

I am still new to AD so I took the above warning with caution and therefore
renamed the default user back to its original settings.

 

I would appreciate anyone's input on the above.  I would like to rename the
Administrator account as part of best practices but if it may cause problems
then of course this would not be an option.  However, I have a hard time
understanding why renaming the account could cause potential problems.  I
would think that any reference to the Administrator account would be made by
the SID and if any call to the username itself was made, it would access a
database that was populated with the correct information as it was changed.

 

The only information I have about renaming the account is above.

 

Thank you all for your responses.

 

Edwin



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Adams, Kenneth W \(Ken\)

Title: Message



The 
standard best practice IS to rename the Administrator account, no matter what 
level it is (i.e., local Administrator, Domain Administrator). Yes, there 
are some programs that refer to the account name. Those are mostly hacker 
programs from what I've learned. You DON'T want them to be able to access 
your network.

If the 
more experienced AD administrator complains, have that person check with 
Microsoft's own best practices guidelines. Even Microsoft recommends the 
rename.
Ken

-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of EdwinSent: Wednesday, July 21, 2004 7:38 
AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
Renaming the Administrator account

I have always renamed the default 
Administrator account on every system build I have performed for security 
reasons.

I did the same on the domain but was 
then scolded by a more experienced AD Administrator. The reason given to 
me was because there are parts of AD that authenticate or use the SID of the 
administrator account while other areas may use the Administrator username 
explicitly. If I were to rename the default Administrator account then 
those references that call the username explicitly may 
fail.

I am still new to AD so I took the 
above warning with caution and therefore renamed the default user back to its 
original settings.

I would appreciate anyones input on 
the above. I would like to rename the Administrator account as part of 
best practices but if it may cause problems then of course this would not be an 
option. However, I have a hard time understanding why renaming the account 
could cause potential problems. I would think that any reference to the 
Administrator account would be made by the SID and if any call to the username 
itself was made, it would access a database that was populated with the correct 
information as it was changed.

The only information I have about 
renaming the account is above.

Thank you all for your 
responses.

Edwin

RE: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Grillenmeier, Guido




there's no issue renaming it - in 2003 you can actually 
disable it to make the environment more secure (but caution - this is the only 
account that doesn't get locked when you have configured a lockout threshold in 
your PW policy)

/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
EdwinSent: Mittwoch, 21. Juli 2004 13:38To: 
[EMAIL PROTECTED]Subject: [ActiveDir] Renaming the 
Administrator account


I have always renamed the default 
Administrator account on every system build I have performed for security 
reasons.

I did the same on the domain but was 
then scolded by a more experienced AD Administrator. The reason given to 
me was because there are parts of AD that authenticate or use the SID of the 
administrator account while other areas may use the Administrator username 
explicitly. If I were to rename the default Administrator account then 
those references that call the username explicitly may 
fail.

I am still new to AD so I took the 
above warning with caution and therefore renamed the default user back to its 
original settings.

I would appreciate anyones input on 
the above. I would like to rename the Administrator account as part of 
best practices but if it may cause problems then of course this would not be an 
option. However, I have a hard time understanding why renaming the account 
could cause potential problems. I would think that any reference to the 
Administrator account would be made by the SID and if any call to the username 
itself was made, it would access a database that was populated with the correct 
information as it was changed.

The only information I have about 
renaming the account is above.

Thank you all for your 
responses.

Edwin

RE: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Edwin









Excellent! Thank you everyone for your
replies. I was concerned about the information that I got but I wasnt
in a position to question it since I honestly was not 100% sure.



Now, I believe I have some good ammunition
for a good argument.



Thank you Tony for that URL.



This list rocks!

Edwin









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Wednesday, July 21, 2004
7:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Renaming
the Administrator account





there's no issue renaming it - in 2003
you can actually disable it to make the environment more secure (but caution -
this is the only account that doesn't get locked when you have configured a
lockout threshold in your PW policy)



/Guido









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Edwin
Sent: Mittwoch, 21. Juli 2004
13:38
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Renaming the
Administrator account

I have always renamed the default Administrator account on
every system build I have performed for security reasons.



I did the same on the domain but was then scolded by a more
experienced AD Administrator. The reason given to me was because there
are parts of AD that authenticate or use the SID of the administrator account
while other areas may use the Administrator username
explicitly. If I were to rename the default Administrator account then
those references that call the username explicitly may fail.



I am still new to AD so I took the above warning with
caution and therefore renamed the default user back to its original settings.



I would appreciate anyones input on the above.
I would like to rename the Administrator account as part of best practices but
if it may cause problems then of course this would not be an option.
However, I have a hard time understanding why renaming the account could cause
potential problems. I would think that any reference to the Administrator
account would be made by the SID and if any call to the username itself was
made, it would access a database that was populated with the correct
information as it was changed.



The only information I have about renaming the account is
above.



Thank you all for your responses.



Edwin

RE: [ActiveDir] Renaming the Administrator account

2004-07-21 Thread Bridges, Samantha

Anything that specifically uses the domain Administrator account by
name should be taken out and shot.

LOL!!!

Edwin, you are obviously the more experienced AD administrator.  I
think that is one of the very first things to be taught in AD courses.
A true experienced AD admin should know that.  

Good luck!

Samantha

(I always get a good information and good laughs from this
listthanks!)  

-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 21, 2004 7:55 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Renaming the Administrator account


Anything that specifically uses the domain Administrator account by name
should be taken out and shot.  

You should have no problems with renaming the account.

Here's something from Microsoft which suggests (as you do) that it would
be a best practice.

http://www.microsoft.com/technet/Security/topics/issues/w2kccscg/w2kscgc
d.mspx

Tony
-- Original Message --
Wrom: LSZLKBRNVWWCUFPEGAUTFJMVRESKPN
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 21 Jul 2004 07:37:48 -0400

I have always renamed the default Administrator account on every system
build I have performed for security reasons.

 

I did the same on the domain but was then scolded by a more experienced
AD Administrator.  The reason given to me was because there are parts of
AD that authenticate or use the SID of the administrator account while
other areas may use the Administrator username explicitly.  If I were
to rename the default Administrator account then those references that
call the username explicitly may fail.

 

I am still new to AD so I took the above warning with caution and
therefore renamed the default user back to its original settings.

 

I would appreciate anyone's input on the above.  I would like to rename
the Administrator account as part of best practices but if it may cause
problems then of course this would not be an option.  However, I have a
hard time understanding why renaming the account could cause potential
problems.  I would think that any reference to the Administrator account
would be made by the SID and if any call to the username itself was
made, it would access a database that was populated with the correct
information as it was changed.

 

The only information I have about renaming the account is above.

 

Thank you all for your responses.

 

Edwin



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail scanned for viruses by Declude Virus]

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] W2K DC replacement

2004-07-21 Thread Depp, Dennis M.

Lana,

Bring the new DC online and seize the roles.  As long as the old server
will not be brought back online, you can seize the roles without any
problem.  Check out
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504 which
describes this process.

Denny 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Svetlana
Kouznetsova
Sent: Wednesday, July 21, 2004 6:03 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] W2K DC replacement

Hi everybody,

My question might sound silly, but I guess, it allowed when you
desperate. 

Hope to get your valuable advice. 

We have W2K domain controller, which has been taken off line and needs
to be rebuild. Unfortunately, the rebuilt part started before we
realised, we need to transfer roles to another machine at least. (we
have just 2 DC in that domain)

We have now new plans - to promote a new W2K box into domain controller
instead of the old one, which will return online as a member server, as
running vital applications. 

I know that we've done it the wrong way. (please be gentle).  But it's
about too late...So my question is really, in what order should I bring
in new W2K server into domain.

Can I transfer roles into new DC, if the old one off line or should I
re-install the old one as domain controller even if for transfer of
roles only?

Do I need to do metadata cleanup, if roles will be transferred or just
let AD naturally clear it up, replicating changes?

Is there any gotchas to watch out for?

The only DC left is GC server, as the one, that gone, used to have all
the rest of roles. 

Many thanks in advance for any helpful advices.

 

Lana.

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] client terminal servers using remote DCs

2004-07-21 Thread Creamer, Mark









I have a terminal
server farm that is in a separate subnet, but in the same site as
two DCs. The subnet for that farm is correctly defined in AD, associated with
the same site as the two DCs. Were noticing that those terminal servers
frequently authenticate on one of two remote DCs rather than the ones in their
own site when they log on. Is there something other than the subnet definition that
we might have missed that would cause this behavior?



Thanks,



Mark Creamer

RE: [ActiveDir] Summer Maintenance

2004-07-21 Thread Robert N. Leali

Title: RE: [ActiveDir] Summer Maintenance








I think you can use Unicast instead of
Multicast in the newer versions of Norton ghost. It goes slower but it wont
bog down the network. Also, make sure your hop count is set correctly. 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, July 18, 2004 12:13
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance





We tend to do them in blocks of max 30
because it's more manageable (and most rooms don't have more than that many
computers!)



I've done it enough times now to know that
although we shouldn't have to get involved with boot floppies sometimes things
just don't go the way you plan :-)



Not sure why Ghost does cause the network
problems you describe but I know it does and we just plan round it - making
sure no-one's trying to do anything important at the same time etc.



Steve









From: Brian
Desmond [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 21:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance

Things
really slow down when multicasting to a load of computers where I am (all Cisco
2900XL series switches with fiber links to a 4005 series backbone switch). The
multicast slows to a crawl, as does other network traffic.





--Brian Desmond

[EMAIL PROTECTED]

Payton on the
Web! Http://www.wpcp.org



v: 773.534.0034
x135

f: 773.534.0035















From: Doug M. Long
[mailto:[EMAIL PROTECTED] On
Behalf Of Doug M. Long
Sent: Friday, July 16, 2004 1:07
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance









If your multicasting, network congestion
shouldnt be an issue (assuming that you are putting the same image on all
machines), right? Or am I missing something here? 















From:
[EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Fri 7/16/2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance







You got it Steve. I don't know if you've ever done this before, but be
prepared to have a handful of them screw up and need reimaging with a floppy
disk. Also, don't think of doing em all at once. 100 - 150 is enough to
saturate your network.











--Brian







-Original
Message- 
From: Steve Rochford [mailto:[EMAIL PROTECTED]

Sent: Fri 7/16/2004 8:08 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer
Maintenance



I love
comments like The result is that as the imaged computers are
powered up, the admin will type in each unique computer name and walk
away.

We're re-imaging about 1000 student computers this summer and I'm not
intending to go anywhere near most of them so typing in anything is a
no-no! As others have said, Ghost will happily rename and join to the
domain and it will also work with sysprep so you can have the best of
both worlds :-)

Steve

-Original Message-
From: Brad Corob [mailto:[EMAIL PROTECTED]]
Sent: 15 July 2004 05:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

2) Regardless of how you image the computers, using sysprep is the
*only* supported way of using imaged workstations on a network. Look
into it if you haven't used it. I find it quite simple to use and
extrememly
effective. The sysprep process can be automated. I typically
find it
most
useful to automate all of the mini-setup answers except for computer
name.
The result is that as the imaged computers are powered up, the admin
will type in each unique computer name and walk away.

You can also join a domain during the sysprep process (automated or
not).
One caveat here is the default 10-computer limit each user account can
create in AD (but it worked fine when we tested it!). The
suggested
method is to create a designated account for Sysprep imaging and
delegate the appropriate rights to your Computer OU's.

If joining the computer to the domain during sysprep doesn't work for
you, you can also script the process. Technet gives an example script
here:
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm31
.msp
x
but MSDN actually documents the WMI method here:
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/joindomainorworkgroup
_met
hod_in_class_win32_computersystem.asp
Particularly helpful is the AccountOU parameter, as it will allow you to
specify the OU in which to place the computer object to further ease
your post-deployment admin tasks.

[The script method works wonders in large deployments when you can't
join a domain during the Sysprep process, for example, if this
particularly vexing, poorly documented, almost-12-month-old and
as-yet-unfixed issue plagues your environment like the spawn of
Satan:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10086130.htm
No, I'm not bitter. Not one bit.]

-Brad

List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Possible OT: Network boot disk with windows 2003.

2004-07-21 Thread Burns, Clyde


Does anyone know of a way to get a DOS network boot diskette to
authenticate in a windows 2003 AD domain short of disabling the
following on the DC's local policy?

Domain Member: Digitally encrypt or sign secure channel data (always)
Microsoft network server: Digitally sign communication (always)


Thanks
Clyde Burns

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] client terminal servers using remote DCs

Title: Message



Have 
you checked your srv records in DNS forthe site?

Rob

  
  -Original Message-From: Creamer, Mark 
  [mailto:[EMAIL PROTECTED] Sent: 21 July 2004 14:25To: 
  [EMAIL PROTECTED]Subject: [ActiveDir] client terminal 
  servers using remote DCs
  
  I have a terminal 
  server farm that is in a separate subnet, but in the same site as two DCs. 
  The subnet for that farm is correctly defined in AD, associated with the same 
  site as the two DCs. Were noticing that those terminal servers frequently 
  authenticate on one of two remote DCs rather than the ones in their own site 
  when they log on. Is there something other than the subnet definition that we 
  might have missed that would cause this behavior?
  
  Thanks,
  
  Mark 
  CreamerThis e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] Summer Maintenance

2004-07-21 Thread Craig Cerino

Title: RE: [ActiveDir] Summer Maintenance








I concur (from experience)  use the
UNICAST option (From the GHOST CAST SERVER - FILE./OTPTIONS) you should be ok.











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. Leali
Sent: Wednesday, July 21, 2004
9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance





I think you can use Unicast instead of
Multicast in the newer versions of Norton ghost. It goes slower but it
wont bog down the network. Also, make sure your hop count is set
correctly. 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, July 18, 2004 12:13
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance





We tend to do them in blocks of max 30
because it's more manageable (and most rooms don't have more than that many
computers!)



I've done it enough times now to know that
although we shouldn't have to get involved with boot floppies sometimes things
just don't go the way you plan :-)



Not sure why Ghost does cause the network problems
you describe but I know it does and we just plan round it - making sure
no-one's trying to do anything important at the same time etc.



Steve









From: Brian
Desmond [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 21:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance

Things
really slow down when multicasting to a load of computers where I am (all Cisco
2900XL series switches with fiber links to a 4005 series backbone switch). The
multicast slows to a crawl, as does other network traffic.





--Brian Desmond

[EMAIL PROTECTED]

Payton on the
Web! Http://www.wpcp.org



v: 773.534.0034
x135

f: 773.534.0035















From: Doug M. Long
[mailto:[EMAIL PROTECTED] On
Behalf Of Doug M. Long
Sent: Friday, July 16, 2004 1:07
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance









If your multicasting, network congestion shouldnt
be an issue (assuming that you are putting the same image on all machines),
right? Or am I missing something here? 















From:
[EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Fri 7/16/2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance







You got it Steve. I don't know if you've ever done this before, but be
prepared to have a handful of them screw up and need reimaging with a floppy
disk. Also, don't think of doing em all at once. 100 - 150 is enough to
saturate your network.











--Brian







-Original
Message- 
From: Steve Rochford
[mailto:[EMAIL PROTECTED] 
Sent: Fri 7/16/2004 8:08 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer
Maintenance



I love comments
like The result is that as the imaged computers are
powered up, the admin will type in each unique computer name and walk
away.

We're re-imaging about 1000 student computers this summer and I'm not
intending to go anywhere near most of them so typing in anything is a
no-no! As others have said, Ghost will happily rename and join to the
domain and it will also work with sysprep so you can have the best of
both worlds :-)

Steve

-Original Message-
From: Brad Corob [mailto:[EMAIL PROTECTED]]
Sent: 15 July 2004 05:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

2) Regardless of how you image the computers, using sysprep is the
*only* supported way of using imaged workstations on a network. Look
into it if you haven't used it. I find it quite simple to use and
extrememly
effective. The sysprep process can be automated. I typically
find it
most
useful to automate all of the mini-setup answers except for computer
name.
The result is that as the imaged computers are powered up, the admin
will type in each unique computer name and walk away.

You can also join a domain during the sysprep process (automated or
not).
One caveat here is the default 10-computer limit each user account can
create in AD (but it worked fine when we tested it!). The
suggested
method is to create a designated account for Sysprep imaging and
delegate the appropriate rights to your Computer OU's.

If joining the computer to the domain during sysprep doesn't work for
you, you can also script the process. Technet gives an example script
here:
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm31
.msp
x
but MSDN actually documents the WMI method here:
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/joindomainorworkgroup
_met
hod_in_class_win32_computersystem.asp
Particularly helpful is the AccountOU parameter, as it will allow you to
specify the OU in which to place the computer object to further ease
your post-deployment admin tasks.

[The script method works wonders in large deployments when you can't
join a domain during the Sysprep process, for example, if this
particularly vexing, poorly documented, almost-12-month-old and
as-yet-unfixed issue plagues your environment like the spawn of
Satan:

RE: [ActiveDir] Possible OT: Network boot disk with windows 2003.

2004-07-21 Thread Crenshaw, Jason

I believe that you would need to do one of the following.

Either enable LanMan authentication, enable netbios over TCP/IP, disable
Security Options under Settings, Local Policies, Security Options:
Microsoft Network Server and Microsoft Network Client: Digitally sign
communications = disable.

Or 

Explore using a WinPE environment bootdisk.  An example of a PE CD can
be found here:  http://www.nu2.nu/pebuilder/

Jason

-Original Message-
From: Burns, Clyde [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 21, 2004 7:38 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Possible OT: Network boot disk with windows 2003.


Does anyone know of a way to get a DOS network boot diskette to
authenticate in a windows 2003 AD domain short of disabling the
following on the DC's local policy?

Domain Member: Digitally encrypt or sign secure channel data (always)
Microsoft network server: Digitally sign communication (always)


Thanks
Clyde Burns

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] useraccountflag




I could be wrong, but you're likelylooking 
forthis: 
http://msdn.microsoft.com/library/default.asp?url="">

Which takes you to: http://tinyurl.com/674d2and an example 
in vb. 

Al


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Creamer, 
MarkSent: Tuesday, July 20, 2004 4:00 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] 
useraccountflag


Robbie's cookbook contains 
code on setting a password to never expire, but what if I want to set those that 
are set to never expire to start expiring? How would I alter the code? I tried 
setting to 512 (normal account), but it returns:
"Did not need to change 
userAccountControl (66048)"

Here's the code as altered 
by me to change the flag back to a normal account whose password does 
expire:

*
strUserDN = "CN=O'Tester\, 
GP,OU=TestOU,DC=na,DC=cintas,DC=com"
intBit = 
512
strAttr = 
"userAccountControl"
Set objUser = 
GetObject("LDAP://"  strUserDN)
intBitsOrig = 
objUser.Get(strAttr)
intBitsCalc = 
CalcBit(intBitsOrig, intBit, True)
If intBitsOrig  
intBitsCalc Then
 
objUser.Put strAttr, intBitsCalc
 
objUser.SetInfo
 
WScript.Echo "Changed "  strAttr  " from "  intBitsOrig  " 
to "  intBitsCalc
Else
 
WScript.Echo "Did not need to change "  strAttr  " ("  
intBitsOrig  ")"
End If


Function CalcBit(intValue, 
intBit, boolEnable)
CalcBit = 
intValue

If boolEnable = True 
Then
 
CalcBit = intValue Or intBit
Else
 
If intValue And intBit Then
 
CalcBit = intValue Xor intBit
 
End If

End 
If

Thanks for any 
help!
Mark 
Creamer

RE: [ActiveDir] client terminal servers using remote DCs

2004-07-21 Thread Creamer, Mark

Title: Message








I see srv
records in several places in DNS, and Im not sure I know what youre
referring to



Under
[domain]/_tcp I see:

2 records for _kerberos (for the two remote DCs)

2 records for _kpassword (for the 2 remote DCs)

4 records for _ldap (for each of the 4 DCs, two local, two remote)


Under [domain]/_sites/[my site]/_tcp I see:

2 records for _ldap (for the two LOCAL DCs)



Does this
look like what youd expect?





mc











From: Rutherford,
Robert [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 21, 2004
9:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] client
terminal servers using remote DCs







Have you checked your srv records in DNS
forthe site?











Rob





-Original Message-
From: Creamer, Mark
[mailto:[EMAIL PROTECTED] 
Sent: 21 July 2004 14:25
To: [EMAIL PROTECTED]
Subject: [ActiveDir] client
terminal servers using remote DCs

I have a terminal
server farm that is in a separate subnet, but in the same site as
two DCs. The subnet for that farm is correctly defined in AD, associated with
the same site as the two DCs. Were noticing that those terminal servers
frequently authenticate on one of two remote DCs rather than the ones in their
own site when they log on. Is there something other than the subnet definition
that we might have missed that would cause this behavior?



Thanks,



Mark Creamer




This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the sender
immediately and delete the material from any computer. Unless you are the
intended recipient, you should not copy this e-mail for any purpose, or
disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of
this communication as it has been transmitted over a public network. Whilst the
MCPS-PRS Alliance monitors all communications for potential viruses, we accept
no responsibility for any loss or damage caused by this e-mail and the
information it contains.
It is the recipient's responsibility to scan this e-mail and any attachments
for viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for
quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners
  Street, London, W1T 3AB.

[ActiveDir] DC in 2 Sites

2004-07-21 Thread Pittman, John J.

Title: Message



I built an Exchange server at 
one site and shipped to another site. In AD Sites and Services, I thought I had 
deleted it. But this server is under two sites and I can't delete it from the 
first site. I get the error "The DSA object cannot be deleted."Any suggestions 
on the best utility to remove the server without affecting the other 
Site?

Thanks,
John Pittman

RE: [ActiveDir] win2k pro or server?

Is there a way to tell via vbs?

Thank you,
Mitch Lawrence

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brown, Bill
[contractor]
Posted At: Tuesday, July 20, 2004 1:21 PM
Posted To: ~AD Discussion~
Conversation: win2k pro or server?
Subject: RE: [ActiveDir] win2k pro or server?

If you hit the start button - there is a vertical bar that displays this
information...

R/Bill

 -Original Message-
From:   Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent:   Tuesday, July 20, 2004 2:14 PM
To: ActiveDir (E-mail)
Subject:[ActiveDir] win2k pro or server?

Sorry if this is really basic and covered before- but whats the quickest
way(via script or gui admin tool) to tell if a particular pc/server is
running win2k pro or server?
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] client terminal servers using remote DCs

Title: Message



Under [domain]/_sites/[my site]/_tcp I 
see:
2 records 
for _ldap (for the two LOCAL DCs)

I would expect to see Kerberos and GC 
(assuming you have a GC in the site)records under this site. Well at least 
Kerberos... hmm. 

If you do a ipconfig/ registerdns on 
of the DC's.. do you then see the correct entries?else just try a bounce 
at a convenient time and check again. We could register them 
manually

I'm just curious why the DC's are not 
registeringcorrectly. Can you check your other sites and confirm you have 
GC or at least kerberos srv records.
BR

Rob
-Original Message-From: Creamer, Mark 
[mailto:[EMAIL PROTECTED] Sent: 21 July 2004 15:28To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] client terminal 
servers using remote DCs

  
  I see 
  srv records in several places in DNS, and Im not sure I know what youre 
  referring to
  
  Under 
  [domain]/_tcp I see:
  2 
  records for _kerberos (for the two remote DCs)
  2 
  records for _kpassword (for the 2 remote DCs)
  4 
  records for _ldap (for each of the 4 DCs, two local, two 
  remote)
  Under 
  [domain]/_sites/[my site]/_tcp I see:
  2 
  records for _ldap (for the two LOCAL DCs)
  
  Does 
  this look like what youd expect?
  
  
  mc
  
  
  
  
  From: 
  Rutherford, Robert [mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, July 21, 
  2004 9:38 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] client terminal 
  servers using remote DCs
  
  
  Have you checked your 
  srv records in DNS forthe site?
  
  
  
  Rob
  
-Original 
Message-From: Creamer, 
Mark [mailto:[EMAIL PROTECTED] Sent: 21 July 2004 14:25To: 
[EMAIL PROTECTED]Subject: [ActiveDir] client terminal 
servers using remote DCs
I have a terminal 
server farm that is in a separate subnet, but in the same site as two DCs. 
The subnet for that farm is correctly defined in AD, associated with the 
same site as the two DCs. Were noticing that those terminal servers 
frequently authenticate on one of two remote DCs rather than the ones in 
their own site when they log on. Is there something other than the subnet 
definition that we might have missed that would cause this 
behavior?

Thanks,

Mark 
Creamer
  This e-mail and the information it contains are 
  confidential and may be privileged. If you have received this e-mail in error 
  please notify the sender immediately and delete the material from any 
  computer. Unless you are the intended recipient, you should not copy this 
  e-mail for any purpose, or disclose its contents to any other person. The 
  MCPS-PRS Alliance is not responsible for the completeness or accuracy of this 
  communication as it has been transmitted over a public network. Whilst the 
  MCPS-PRS Alliance monitors all communications for potential viruses, we accept 
  no responsibility for any loss or damage caused by this e-mail and the
  information it contains.It is the recipient's responsibility to scan this 
  e-mail and any attachments for viruses. Any e-mails sent to and from the 
  MCPS-PRS Alliance servers may be monitored for quality control and other
  purposes.The MCPS-PRS Alliance Limited is a limited company registered 
  in England under company number 03444246 whose registered office is at c/o 
  29-33 Berners Street, London, W1T 
3AB.This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains.It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes.The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.

RE: [ActiveDir] LastLogOn

Title: Message








It does tell you the time you logged
into the PC. Very useful tool. I have it scripted into my logon.vbs, using it
to force a background out to the PCs.



For reference (yeah, I know its probably
ugly, I am by no means a pro vbs scripter):



'=

' Copy Desktop
Background File and Set It

'=

public sub CheckBkgFile()



 On
Error Resume Next



 Dim
strSrc, strDst, strSF, strDF, strSrcF, strDstF, strProg, strPrPar1

 Dim
strPrPar2, strPrPrms, strCommandLine, return, strServer

 strServer
= strSysRoot   \system32\server.txt

 strSrc
= \\DC01\NETLOGON\

 strSF
= strSrc  NBHBG.jpg

 strDst
= strSysRoot  \system32\

 strDF
= strDst  NBHGB.jpg

 strProg
= strSrc  Bginfo.exe

 strPrPar1
= strSrc  Bginfo.bgi

 strPrPar2
= /Timer:0

 strPrPrms
= strPrPar1 strPrPar2



 If
fso.FileExists (strServer) then

 'Proceed

 else

 If
fso.FileExists (strDF) then

 strDstF
= fso.GetFile(strDF)

 strSrcF
= fso.GetFile(strSF)

 If
strDstF.DateLastModified  strSrcF.DateLastModified then

 fso.CopyFile
strSrc, strDst, true

 end
if

 else

 fso.CopyFile
strSF, strDst, true

 end
if

 

 strCommandLine
= strProg strPrPrms

 return
= wshShell.run (strCommandLine, 0, TRUE)

 end
if

end sub



Allows us to do a single change on the
corporate background image and force it out to the desktops on user logon.





Thank you, 
Mitchell D. Lawrence 
Director, Network Administrator 
ITS Department 
North Bay Hospital 
1711 W. Wheeler Ave 
Aransas Pass, TX 78336 
ph: (361) 758-0580 
fx: (361) 758-0581 
pg: (361) 270-0421 
[EMAIL PROTECTED]

[EMAIL PROTECTED] (home) 
** Good | Cheap |
Fast  (Pick Two)** 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Posted At: Tuesday, July 20, 2004
1:49 PM
Posted To: ~AD Discussion~
Conversation: [ActiveDir]
LastLogOn
Subject: RE: [ActiveDir] LastLogOn



Bginfo will show you the
logon server but it doesnt show you the last logon value. It is still
subject to the requirement that you need to query the last logon time from all
of the DCs in the domain.











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rutherford, Robert
Sent: Tuesday, July 20, 2004 10:24
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn







Oh yeh... that's a
good idea. We have it on our servers, but yeh it would also work in the
clients. I'll look into it.











Cheers Tim.





-Original
Message-
From: Tim Foster
[mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004 17:06
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn

BgInfo from



http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml



may help.







Tim Foster













From: Durant,
Ryan A [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 11:42
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn





Query every domain
controller and store those results in a database.

The number of domain
controllers, amount of users and link speeds will determine how fast you can
collect the stats.

You may only be able to
collect once a day or possibly once an hour.

Have a logon script query
the DB for the last logon value and have it pop up on their screen. You could
also query a web page to get the values if you didn't want to worry about odbc
and sql calls from the client machines.



But you have to be a
scripter to get this done I believe.



Ryan









From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rutherford, Robert
Sent: Tuesday, July 20, 2004 6:26
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LastLogOn

Dear All,


Not in anyway being a scripter. 

How would I get the date and time a user last logged
on to pop up on their screen at logon? I guess it would be via the 'lastlogon'
attribute? Linked into a login script?

Cheers, 

Rob 


This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the sender
immediately and delete the material from any computer. Unless you are the
intended recipient, you should not copy this e-mail for any purpose, or
disclose its contents to any other person. 
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of
this communication as it has been transmitted over a public network. Whilst the
MCPS-PRS Alliance monitors all communications for potential viruses, we accept
no responsibility for any loss or damage caused by this e-mail and the
information it contains.
It is the recipient's responsibility to scan this e-mail and any attachments
for viruses. Any 
e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for
quality control and other purposes.

The MCPS-PRS Alliance Limited is a limited company registered in England under
company number 03444246 whose registered office is at c/o 29-33 Berners Street,

RE: [ActiveDir] win2k pro or server?

2004-07-21 Thread Ayers, Diane

It may be more than you want but what the heck.  I'm not a programmer so
YMMV

Diane

-


On Error Resume Next
Set Network = WScript.CreateObject(WScript.Network)
strComputer = InputBox (Enter NETBIOS name of computer,
GetComputerLocation In AD, Network.ComputerName )
Set objWMIService = GetObject(winmgmts:\\  strComputer 
\root\cimv2)
Set colItems = objWMIService.ExecQuery(Select * from
Win32_OperatingSystem,,48)
For Each objItem in colItems
Wscript.Echo BootDevice:   objItem.BootDevice
Wscript.Echo BuildNumber:   objItem.BuildNumber
Wscript.Echo BuildType:   objItem.BuildType
Wscript.Echo Caption:   objItem.Caption
Wscript.Echo CodeSet:   objItem.CodeSet
Wscript.Echo CountryCode:   objItem.CountryCode
Wscript.Echo CreationClassName:   objItem.CreationClassName
Wscript.Echo CSCreationClassName:   objItem.CSCreationClassName
Wscript.Echo CSDVersion:   objItem.CSDVersion
Wscript.Echo CSName:   objItem.CSName
Wscript.Echo CurrentTimeZone:   objItem.CurrentTimeZone
Wscript.Echo Debug:   objItem.Debug
Wscript.Echo Description:   objItem.Description
Wscript.Echo Distributed:   objItem.Distributed
Wscript.Echo EncryptionLevel:   objItem.EncryptionLevel
Wscript.Echo ForegroundApplicationBoost:  
objItem.ForegroundApplicationBoost
Wscript.Echo FreePhysicalMemory:   objItem.FreePhysicalMemory
Wscript.Echo FreeSpaceInPagingFiles:  
objItem.FreeSpaceInPagingFiles
Wscript.Echo FreeVirtualMemory:   objItem.FreeVirtualMemory
Wscript.Echo InstallDate:   objItem.InstallDate
Wscript.Echo LargeSystemCache:   objItem.LargeSystemCache
Wscript.Echo LastBootUpTime:   objItem.LastBootUpTime
Wscript.Echo LocalDateTime:   objItem.LocalDateTime
Wscript.Echo Locale:   objItem.Locale
Wscript.Echo Manufacturer:   objItem.Manufacturer
Wscript.Echo MaxNumberOfProcesses:   objItem.MaxNumberOfProcesses
Wscript.Echo MaxProcessMemorySize:   objItem.MaxProcessMemorySize
Wscript.Echo Name:   objItem.Name
Wscript.Echo NumberOfLicensedUsers:  
objItem.NumberOfLicensedUsers
Wscript.Echo NumberOfProcesses:   objItem.NumberOfProcesses
Wscript.Echo NumberOfUsers:   objItem.NumberOfUsers
Wscript.Echo Organization:   objItem.Organization
Wscript.Echo OSLanguage:   objItem.OSLanguage
Wscript.Echo OSProductSuite:   objItem.OSProductSuite
Wscript.Echo OSType:   objItem.OSType
Wscript.Echo OtherTypeDescription:   objItem.OtherTypeDescription
Wscript.Echo PlusProductID:   objItem.PlusProductID
Wscript.Echo PlusVersionNumber:   objItem.PlusVersionNumber
Wscript.Echo Primary:   objItem.Primary
Wscript.Echo ProductType:   objItem.ProductType
Wscript.Echo QuantumLength:   objItem.QuantumLength
Wscript.Echo QuantumType:   objItem.QuantumType
Wscript.Echo RegisteredUser:   objItem.RegisteredUser
Wscript.Echo SerialNumber:   objItem.SerialNumber
Wscript.Echo ServicePackMajorVersion:  
objItem.ServicePackMajorVersion
Wscript.Echo ServicePackMinorVersion:  
objItem.ServicePackMinorVersion
Wscript.Echo SizeStoredInPagingFiles:  
objItem.SizeStoredInPagingFiles
Wscript.Echo Status:   objItem.Status
Wscript.Echo SuiteMask:   objItem.SuiteMask
Wscript.Echo SystemDevice:   objItem.SystemDevice
Wscript.Echo SystemDirectory:   objItem.SystemDirectory
Wscript.Echo SystemDrive:   objItem.SystemDrive
Wscript.Echo TotalSwapSpaceSize:   objItem.TotalSwapSpaceSize
Wscript.Echo TotalVirtualMemorySize:  
objItem.TotalVirtualMemorySize
Wscript.Echo TotalVisibleMemorySize:  
objItem.TotalVisibleMemorySize
Wscript.Echo Version:   objItem.Version
Wscript.Echo WindowsDirectory:   objItem.WindowsDirectory
Next




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
DL.ActiveDirectory
Sent: Wednesday, July 21, 2004 7:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] win2k pro or server?

Is there a way to tell via vbs?

Thank you,
Mitch Lawrence

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brown, Bill
[contractor] Posted At: Tuesday, July 20, 2004 1:21 PM Posted To: ~AD
Discussion~
Conversation: win2k pro or server?
Subject: RE: [ActiveDir] win2k pro or server?

If you hit the start button - there is a vertical bar that displays this
information...

R/Bill

 -Original Message-
From:   Kern, Tom [mailto:[EMAIL PROTECTED] 
Sent:   Tuesday, July 20, 2004 2:14 PM
To: ActiveDir (E-mail)
Subject:[ActiveDir] win2k pro or server?

Sorry if this is really basic and covered before- but whats the quickest
way(via script or gui admin tool) to tell if a particular pc/server is
running win2k pro or server?
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   :

RE: [ActiveDir] Empty Group Lists

2004-07-21 Thread Grillenmeier, Guido




sounds like groups with hidden group-memberships, where the 
Exchange store process kindly "screws-up" the ACLs of the groups for you = 
Exchange puts the ACEs in a non-canonical order, which basically allows an Allow 
ACE (for the Exchange Enterprise Server group) to be listed before the 
Deny Read ACE for Everyone. You can add your own Admin accountto the 
Exchange Enterprise Server group to get around that problem.

/Guido


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Diel,Nick 
(Work)Sent: Tuesday, July 20, 2004 7:25 PMTo: 
[EMAIL PROTECTED]Subject: [ActiveDir] Empty Group 
Lists


I am new to this list and have a 
problem hopefully someone can help me out with. In several of my groups 
(both security and distribution, all universal) the Members section is 
blank. There are still members in them, but I just cant see the 
members. The distribution and security groups still work and what 
not. The list is blank on both DCs (one is an exchange server), also blank 
on my local MMC (have AdminPak), and blank when looking at the groups through 
Outlook. These groups are roughly my largest groups (some will have 50+, 
while others not as many).

Any help would be 
great,
Nick

RE: [ActiveDir] Empty Group Lists

2004-07-21 Thread Diel,Nick \(Work\)










Thanks that did the trick.



Nick



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Wednesday, July 21, 2004
9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Empty
Group Lists



sounds like groups with hidden
group-memberships, where the Exchange store process kindly
screws-up the ACLs of the groups for you = Exchange puts the
ACEs in a non-canonical order, which basically allows an Allow ACE (for the
Exchange Enterprise Server group) to be listed before the Deny Read ACE for
Everyone. You can add your own Admin accountto the Exchange
Enterprise Server group to get around that problem.



/Guido









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diel,Nick (Work)
Sent: Tuesday, July 20, 2004 7:25
PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Empty Group
Lists

I am new to this list and have a problem hopefully someone
can help me out with. In several of my groups (both security and
distribution, all universal) the Members section is blank. There are
still members in them, but I just cant see the members. The
distribution and security groups still work and what not. The list is
blank on both DCs (one is an exchange server), also blank on my local MMC (have
AdminPak), and blank when looking at the groups through Outlook. These
groups are roughly my largest groups (some will have 50+, while others not as
many).



Any help would be great,

Nick

RE: [ActiveDir] LastLogOn

Title: Message








Noticed a small error (wouldnt
have noticed it until we changed the background image).



Error shown in red below.





Thank you, 
Mitchell D. Lawrence 
Director, Network Administrator 
ITS Department 
North Bay Hospital 
1711 W. Wheeler Ave 
Aransas Pass, TX 78336 
ph: (361) 758-0580 
fx: (361) 758-0581 
pg: (361) 270-0421 
[EMAIL PROTECTED]

[EMAIL PROTECTED] (home) 
** Good | Cheap |
Fast  (Pick Two)** 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory
Posted At: Wednesday, July 21,
2004 9:59 AM
Posted To: ~AD Discussion~
Conversation: [ActiveDir]
LastLogOn
Subject: RE: [ActiveDir] LastLogOn



It
does tell you the time you logged into the PC. Very useful tool. I have it
scripted into my logon.vbs, using it to force a background out to the
PCs.



For
reference (yeah, I know its probably ugly, I am by no means a pro vbs
scripter):



'=

'
Copy Desktop Background File and Set It

'=

public
sub CheckBkgFile()




On Error Resume Next




Dim strSrc, strDst, strSF, strDF, strSrcF, strDstF, strProg, strPrPar1


Dim strPrPar2, strPrPrms, strCommandLine, return, strServer


strServer = strSysRoot   \system32\server.txt


strSrc = \\DC01\NETLOGON\


strSF = strSrc  NBHBG.jpg


strDst = strSysRoot  \system32\


strDF = strDst  NBHGB.jpg


strProg = strSrc  Bginfo.exe


strPrPar1 = strSrc  Bginfo.bgi


strPrPar2 = /Timer:0


strPrPrms = strPrPar1 strPrPar2




If fso.FileExists (strServer) then


'Proceed


else


If fso.FileExists (strDF) then


strDstF = fso.GetFile(strDF)


strSrcF = fso.GetFile(strSF)


If strDstF.DateLastModified  strSrcF.DateLastModified then


fso.CopyFile strSrc, strDst, true

[Mitch writes: ] Should be fso.CopyFile strSF,
strDst, true


end if


else


fso.CopyFile strSF, strDst, true


end if





strCommandLine = strProg strPrPrms


return = wshShell.run (strCommandLine, 0, TRUE)


end if

end sub



Allows
us to do a single change on the corporate background image and force it out to
the desktops on user logon.





Thank you, 
Mitchell D. Lawrence 
Director, Network Administrator 
ITS Department 
North Bay Hospital 
1711 W. Wheeler Ave 
Aransas Pass, TX 78336 
ph: (361) 758-0580 
fx: (361) 758-0581 
pg: (361) 270-0421 
[EMAIL PROTECTED]

[EMAIL PROTECTED] (home) 
** Good | Cheap |
Fast  (Pick Two)** 



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Posted At: Tuesday, July 20, 2004
1:49 PM
Posted To: ~AD Discussion~
Conversation: [ActiveDir] LastLogOn
Subject: RE: [ActiveDir] LastLogOn



Bginfo
will show you the logon server but it doesnt show you the last logon
value. It is still subject to the requirement that you need to query the last
logon time from all of the DCs in the domain.















From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rutherford, Robert
Sent: Tuesday, July 20, 2004 10:24
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn







Oh
yeh... that's a good idea. We have it on our servers, but yeh it would
also work in the clients. I'll look into it.











Cheers
Tim.





-Original
Message-
From: Tim Foster
[mailto:[EMAIL PROTECTED] 
Sent: 20 July 2004 17:06
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn

BgInfo
from



http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml



may
help.







Tim
Foster

















From: Durant,
Ryan A [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 11:42
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LastLogOn





Query
every domain controller and store those results in a database.

The
number of domain controllers, amount of users and link speeds will determine
how fast you can collect the stats.

You may
only be able to collect once a day or possibly once an hour.

Have a
logon script query the DB for the last logon value and have it pop up on their
screen. You could also query a web page to get the values if you didn't want to
worry about odbc and sql calls from the client machines.



But you
have to be a scripter to get this done I believe.



Ryan













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rutherford, Robert
Sent: Tuesday, July 20, 2004 6:26
AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LastLogOn

Dear All,


Not in anyway being a scripter. 

How would I get the date and time a user last logged
on to pop up on their screen at logon? I guess it would be via the 'lastlogon'
attribute? Linked into a login script?

Cheers, 

Rob 


This e-mail and the information it contains are confidential and may be
privileged. If you have received this e-mail in error please notify the sender
immediately and delete the material from any computer. Unless you are the
intended recipient, you should not copy this e-mail for any purpose, or

[ActiveDir] good books

2004-07-21 Thread Sonya_Lowry


Can anyone suggest best books for someone
who needs to get a very strong understanding of ADAM.
Thanks,
Sonya

RE: [ActiveDir] good books

2004-07-21 Thread Perdue David J Contr InDyne/Enterprise IT




I haven't seen any books myself. It could use one 
though :) 

Here's some online information though that may be 
helpful. http://tinyurl.com/lkqp

Al


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, July 21, 2004 1:05 
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
good books
Can anyone suggest best books for 
someone who needs to get a very strong understanding of ADAM. Thanks, Sonya

RE: [ActiveDir] Possible OT: Network boot disk with windows 2003.

Clyde,

Check out www.bootdisk.com.  Under the Network boot disks give Barts a shot.
It's pretty good and customizable.

Dave 


-- 
David J. Perdue
MCSE 2000, MCSE NT, MCSA, MCP+I 
Network Security Engineer, InDyne Inc 
Comm: (805) 606-4597DSN: 276-4597 
[EMAIL PROTECTED]
-- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Burns, Clyde
Sent: Wednesday, July 21, 2004 6:38 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Possible OT: Network boot disk with windows 2003.


Does anyone know of a way to get a DOS network boot diskette to authenticate
in a windows 2003 AD domain short of disabling the following on the DC's
local policy?

Domain Member: Digitally encrypt or sign secure channel data (always)
Microsoft network server: Digitally sign communication (always)


Thanks
Clyde Burns

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] DSACLS - Is this normal ?

2004-07-21 Thread Fugleberg, David A

I posted on this topic before but I think I can explain the issue more
clearly now...

If I use the /S switch of DSACLS to restore the ACLS of an object back
to the default as defined in the schema, the object no longer inherits
auditing entries.  The simplest test to observe this is:

1. create a new user or computer object
2. look at its properties - security tab, advanced, auditing tab -
Allow inheritable audinting properties from parent to propogate to this
object is checked, and any such inherited auditing entries are
displayed
3. at a command prompt, type DSACLS DN of the object /S
4. look at the same security properties again - the check box is cleared
and the entries are gone.

Any idea why this happens ?  In this simple example, I would have
expected NO change - the object had just been created, presumably with
the same default security descriptor as the /S switch uses.

Dave
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] How to restrict access to event viewer

2004-07-21 Thread JCARROS

Hy,

Can you share you experiences about how to restrict access to event viewer to
only onegroup ? local and remote access ?

Thks.AVISO LEGAL:Esta informacion es privada y confidencial y esta dirigida unicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informacion por favor elimine el mensaje. La distribucion o copia de este mensaje esta estrictamente prohibida. Esta comunicacion es solo para propositos de informacion y no debe ser considerada como propuesta, aceptacion ni como una declaracion de voluntad oficial de REPSOL YPF S.A. y/o subsidiarias y/o afiliadas. La transmision de e-mails no garantiza que el correo electronico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informacion sea completa o precisa. Toda informacion esta sujeta a alterarse sin previo aviso.

This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, disseminastribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from REPSOL YPF S.A. and/or subsidiaries and/or affiliates. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.

RE: [ActiveDir] good books

2004-07-21 Thread Sonya_Lowry


Would a book on AD be a good start?






Mulnick, Al
[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
07/21/2004 10:18 AM



Please respond to
[EMAIL PROTECTED]





To
'[EMAIL PROTECTED]'
[EMAIL PROTECTED]


cc



Subject
RE: [ActiveDir] good books








I haven't seen any books myself.
It could use one though :) 

Here's some online information
though that may be helpful. http://tinyurl.com/lkqp

Al


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 1:05 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] good books


Can anyone suggest best books for someone who needs to get a very strong
understanding of ADAM. 
Thanks, 
Sonya

RE: [ActiveDir] good books




Wouldn't hurt, but it is significantly different. 


AD/AM is more of a subset of the same technology (think 
what a product would look like if we just took one feature from it and turned it 
into it's own product after removing the larger product dependencies)and 
therefore there are things that Active Directory can do that AD/AM won't. AD/AM 
is focused on providing a LDAP database; IMHO for developer's usage so they 
won't have to go use a *nix solution such as OpenLDAP (http://www.openldap.org for more 
information).

Once you have the hang of LDAP, AD/AM's included documents 
tell you a lot about the product and how to use it. They just don't talk 
much about why you'd use it or what tools would make it easier to use. 
They assume you already know that information.

A book would be nice to tie all of that together and put 
AD/AM in perspective. It's a great product and there are many uses that 
make a lot of sensefor many shops, whether they've come tothat 
realization yet or not.As an example I just got out of a beating 
about directory services and how they could helpprovide a foundation 
forsolving a lot of other problems. AD/AM could fit in that solution 
pretty well (along with other LDAP stores), whereas Active Directory has too 
much overhead. The fact that they place well together is helpful, but not 
the focus from my perspective.

If you're going to pick an Active Directory book, Robbie 
Allen's book seems to get good reviews (on my list to read eventually I swear), 
as is Sakari Kouti  Mika Seitsonen's book (Inside 
ActiveDirectory). 

There's also an LDAP book written by Tim Howes that is 
pretty good (Understanding and deploying LDAP directories) and give some history 
and background on why you'd even want such a thing. It'sbecoming a 
little outdated IMHO, but...


And of course, there's IBM's Redbook on the subject: http://tinyurl.com/22k6k(note, 
it's6.5 mb and not a tremendous amount of pictures).

Of course, this is all my personal 
opinion.
-Al



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, July 21, 2004 2:33 
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
good books
Would a book on AD be a good 
start? 

  
  
"Mulnick, Al" 
  [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 
  07/21/2004 10:18 AM 
  


  
Please respond 
to[EMAIL PROTECTED]

  


  
To
  "'[EMAIL PROTECTED]'" 
[EMAIL PROTECTED] 

  
cc
  

  
Subject
  RE: [ActiveDir] good 
books
  


  
  I haven't seen any books myself. It could use one though 
:)   Here's some online information though that may be helpful. 
http://tinyurl.com/lkqp  
Al 

From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, July 21, 2004 1:05 
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
good booksCan anyone suggest best books for someone who needs to get a very 
strong understanding of ADAM. Thanks, Sonya

RE: [ActiveDir] good books

2004-07-21 Thread Carlos Magalhaes




Well on the adam home page that Al pointed out is the 
Technical Reference document, this is a GREAT document on ADAM its really worth 
the read, trust me I know I wrote a few articles on ADAM and that document has 
pretty much everything you need to know

***Shout out to AL!!!***

Carlos Magalhaes -- AD programming? --- http://groups.yahoo.com/group/adsianddirectoryservices 




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, 
AlSent: Wednesday, July 21, 2004 8:48 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] good 
books

Wouldn't hurt, but it is significantly different. 


AD/AM is more of a subset of the same technology (think 
what a product would look like if we just took one feature from it and turned it 
into it's own product after removing the larger product dependencies)and 
therefore there are things that Active Directory can do that AD/AM won't. AD/AM 
is focused on providing a LDAP database; IMHO for developer's usage so they 
won't have to go use a *nix solution such as OpenLDAP (http://www.openldap.org for more 
information).

Once you have the hang of LDAP, AD/AM's included documents 
tell you a lot about the product and how to use it. They just don't talk 
much about why you'd use it or what tools would make it easier to use. 
They assume you already know that information.

A book would be nice to tie all of that together and put 
AD/AM in perspective. It's a great product and there are many uses that 
make a lot of sensefor many shops, whether they've come tothat 
realization yet or not.As an example I just got out of a beating 
about directory services and how they could helpprovide a foundation 
forsolving a lot of other problems. AD/AM could fit in that solution 
pretty well (along with other LDAP stores), whereas Active Directory has too 
much overhead. The fact that they place well together is helpful, but not 
the focus from my perspective.

If you're going to pick an Active Directory book, Robbie 
Allen's book seems to get good reviews (on my list to read eventually I swear), 
as is Sakari Kouti  Mika Seitsonen's book (Inside 
ActiveDirectory). 

There's also an LDAP book written by Tim Howes that is 
pretty good (Understanding and deploying LDAP directories) and give some history 
and background on why you'd even want such a thing. It'sbecoming a 
little outdated IMHO, but...


And of course, there's IBM's Redbook on the subject: http://tinyurl.com/22k6k(note, 
it's6.5 mb and not a tremendous amount of pictures).

Of course, this is all my personal 
opinion.
-Al



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, July 21, 2004 2:33 
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] 
good books
Would a book on AD be a good 
start? 

  
  
"Mulnick, Al" 
  [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 
  07/21/2004 10:18 AM 
  


  
Please respond 
to[EMAIL PROTECTED]

  


  
To
  "'[EMAIL PROTECTED]'" 
[EMAIL PROTECTED] 

  
cc
  

  
Subject
  RE: [ActiveDir] good 
books
  


  
  I haven't seen any books myself. It could use 
one though :)   Here's some online information though that may be helpful. 
http://tinyurl.com/lkqp  
Al 

From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Wednesday, July 21, 2004 1:05 
PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] 
good booksCan anyone suggest best books for someone who needs to get a very 
strong understanding of ADAM. Thanks, Sonya

[ActiveDir] home directory modifications

2004-07-21 Thread James Payne





I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] home directory modifications

2004-07-21 Thread James_Day





Hi James

If you use the AD tools for 2003 you can just bulk select all of the users
at once and make the change.

Regards;

James R. Day
National Parks Service - AD Core Team
(202) 354-1464
Fax (202) 371-1549
[EMAIL PROTECTED]


|-+--
| |   James Payne|
| |   [EMAIL PROTECTED] |
| |   Sent by:   |
| |   [EMAIL PROTECTED]|
| |   tivedir.org|
| |  |
| |  |
| |   07/21/2004 03:30 PM AST|
| |   Please respond to  |
| |   ActiveDir  |
|-+--
  
--|
  |
  |
  |   To:   [EMAIL PROTECTED]  
   |
  |   cc:   (bcc: James Day/Contractor/NPS)
  |
  |   Subject:  [ActiveDir] home directory modifications   
  |
  
--|








I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] home directory modifications

2004-07-21 Thread Devan Pala

Hi James,
Hyena (which I think still has a 30 day free trial) does this job 
wonderfully. In fact, it will also create the new directories with specified 
permissions.

Hope this helps...
Original Message Follows
From: James Payne [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [ActiveDir] home directory modifications
Date: Wed, 21 Jul 2004 15:30:57 -0400

I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.
Thanks again for any help you guys can provide.
James
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] two ops

2004-07-21 Thread Brad Corob




You have a very poorly configured mail client. In your 
efforts to be as succinct as possible, you've neglected to configure your last 
name and full email address. See headers below.
-Brad
Received: with MailEnable Postoffice Connector; Wed, 21 Jul 2004 
05:22:40 -0400Received: from mail.activedir.org ([64.245.160.7]) by 
mail.123hostnow.com with MailEnable ESMTP; Wed, 21 Jul 2004 05:22:38 
-0400Received: from ams014.ftl.affinity.com [216.219.253.48] by 
mail.activedir.org with ESMTP (SMTPD32-8.11) id A456A47009E; Wed, 21 
Jul 2004 05:16:06 -0400Received: by ams.ftl.affinity.com id 
310993-8193; Wed, 21 Jul 2004 05:15:55 -0400References: 
[EMAIL PROTECTED]In-Reply-To: 
[EMAIL PROTECTED]From:cyrusTo:[EMAIL PROTECTED]Subject: 
Re: [ActiveDir] two opsDate: Wed, 21 Jul 2004 05:15:54 
-0400Mime-Version: 1.0Content-Type: text/plain; format=flowed; 
charset="iso-8859-1"Content-Transfer-Encoding: 7bitMessage-Id: 
[EMAIL PROTECTED]Precedence: 
bulkSender: [EMAIL PROTECTED]Reply-To: 
[EMAIL PROTECTED]-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of cyrusSent: Wednesday, July 21, 2004 2:16 AMTo: 
[EMAIL PROTECTED]Subject: Re: [ActiveDir] two opsImportance: 
Highyeah, also not sure whats going on, honestly dont know where 2 
begin, help is appreciated.rgdscyrusThommes, Michael M. 
writes: Cyrus, your email address is showing up using our mail 
server too! Maybe some weird email configuration using 
"localhost"? Mike Thommes 
 -Original Message- 
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
 Sent: Tue 7/20/2004 4:33 AM 
 To: [EMAIL PROTECTED] 
 Cc:  
Subject: Re: [ActiveDir] two ops  
 
 realy I have no idea how musicrights.co.uk got 
tagged on my mail,  something interesting 
to look into.  thanks for the 
help.  rgds 
 cyrus 
  
  
 Rutherford, Robert writes: 
   1) 
Just go into the boot.ini on the root of your boot partition and 
  delete the reference to your old OS. If you 
are unsure then post the   contents 
here and I'll tell you which 1.  
   2) How/Why are you using the 
domain name musicrights.co.uk? My company  
 owns that domain name and we do not use it in any mail system. 

Rob   
  -Original Message- 
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
  Sent: 20 July 2004 06:03 
  To: [EMAIL PROTECTED] 
  Subject: [ActiveDir] two ops 
   
   
  greetings, 

I have formatted the server and re-install window server ops, now every 
  time  
 the server starts or restarts, i'm always propmpted to select which 
  "Window 
  Server" the system will use. I have only 
one, how can I remove this   
prompt   to select which window server 
the system will use.   
  rgds  
 cyrus   
  List info : http://www.activedir.org/mail_list.htm 
  List FAQ : http://www.activedir.org/list_faq.htm 
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/ 

This e-mail and the information it contains are confidential and may be 
privileged. If you have received this e-mail in error please notify the sender 
immediately and delete the material from any computer. Unless you are the 
intended recipient, you should not copy this e-mail for any purpose, or disclose 
its contents to any other person.   
The MCPS-PRS Alliance is not responsible for the completeness or accuracy of 
this communication as it has been transmitted over a public network. Whilst the 
MCPS-PRS Alliance monitors all communications for potential viruses, we accept 
no responsibility for any loss or damage caused by this e-mail and the 
information it contains.   It is the 
recipient's responsibility to scan this e-mail and any attachments for viruses. 
Any   e-mails sent to and from the 
MCPS-PRS Alliance servers may be monitored for quality control and other 
purposes.   
  The MCPS-PRS Alliance Limited is a limited 
company registered in England under company number 03444246 whose registered 
office is at c/o 29-33 Berners Street, London, W1T 3AB. 

List info : http://www.activedir.org/mail_list.htm 
  List FAQ : http://www.activedir.org/list_faq.htm 
  List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  
 List info : http://www.activedir.org/mail_list.htm 
 List FAQ : http://www.activedir.org/list_faq.htm 
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
  
 List info : http://www.activedir.org/mail_list.htm 
List FAQ : http://www.activedir.org/list_faq.htm 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/List 
info : http://www.activedir.org/mail_list.htmList 
FAQ : http://www.activedir.org/list_faq.htmList 
archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] win2k pro or server?

http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm26.mspx
 
If you need more info, post specifics.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of DL.ActiveDirectory
Sent: Wed 7/21/2004 7:52 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] win2k pro or server?



Is there a way to tell via vbs?

Thank you,
Mitch Lawrence

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brown, Bill
[contractor]
Posted At: Tuesday, July 20, 2004 1:21 PM
Posted To: ~AD Discussion~
Conversation: win2k pro or server?
Subject: RE: [ActiveDir] win2k pro or server?

If you hit the start button - there is a vertical bar that displays this
information...

R/Bill

 -Original Message-
From:   Kern, Tom [mailto:[EMAIL PROTECTED]
Sent:   Tuesday, July 20, 2004 2:14 PM
To: ActiveDir (E-mail)
Subject:[ActiveDir] win2k pro or server?

Sorry if this is really basic and covered before- but whats the quickest
way(via script or gui admin tool) to tell if a particular pc/server is
running win2k pro or server?
thanks
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Customize Group Permissions

2004-07-21 Thread Jared Manhat

Title: Customize Group Permissions






I though I read somewhere in the MS Server 2003 Deployment Kit under Designing a Managed Environment that it was possible to modify to local pcs group permissions using GP. Has anyone heard of this?

What Im trying to do is assign Install Printer Drivers to Power Users.

Thanks

Jared Manhat

Systems Administrator

Accutest Laboratories

RE: [ActiveDir] Summer Maintenance

2004-07-21 Thread Jacob Stabl

Title: RE: [ActiveDir] Summer Maintenance



I have word of using sysprep along with Ghost. From 
what I have read sysprep is just do the OS and allows for different 
configurations. If I am doing a lab that has special software and the same 
hardware config, is it not better to just use ghost after the master computer 
has been configured?

-- Jake 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Robert N. 
LealiSent: Wednesday, July 21, 2004 9:37 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
Maintenance


I think you can use 
Unicast instead of Multicast in the newer versions of Norton ghost. It 
goes slower but it wont bog down the network. Also, make sure your hop 
count is set correctly. 





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Steve 
RochfordSent: Sunday, July 18, 
2004 12:13 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
Maintenance

We tend to do them in 
blocks of max 30 because it's more manageable (and most rooms don't have more 
than that many computers!)

I've done it enough 
times now to know that although we shouldn't have to get involved with boot 
floppies sometimes things just don't go the way you plan 
:-)

Not sure why Ghost does 
cause the network problems you describe but I know it does and we just plan 
round it - making sure no-one's trying to do anything important at the same time 
etc.

Steve




From: Brian 
Desmond [mailto:[EMAIL PROTECTED] Sent: 16 July 2004 21:31To: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
Maintenance
Things 
really slow down when multicasting to a load of computers where I am (all Cisco 
2900XL series switches with fiber links to a 4005 series backbone switch). The 
multicast slows to a crawl, as does other network 
traffic.


--Brian 
Desmond
[EMAIL PROTECTED]
Payton on the 
Web! Http://www.wpcp.org

v: 
773.534.0034 x135
f: 
773.534.0035






From: Doug M. 
Long [mailto:[EMAIL PROTECTED] On Behalf Of Doug M. LongSent: Friday, July 16, 2004 1:07 
PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
Maintenance



If your multicasting, 
network congestion shouldnt be an issue (assuming that you are putting the same 
image on all machines), right? Or am I missing something here? 






From: 
[EMAIL PROTECTED] on behalf of Brian DesmondSent: Fri 7/16/2004 11:13 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Summer 
Maintenance


You got it Steve. I don't know if you've ever done this 
before, but be prepared to have a handful of them screw up and need reimaging 
with a floppy disk. Also, don't think of doing em all at once. 100 - 150 is 
enough to saturate your network.



--Brian

  
  -Original Message- From: Steve Rochford 
  [mailto:[EMAIL PROTECTED] Sent: Fri 7/16/2004 8:08 AM To: [EMAIL PROTECTED] 
  Cc: Subject: RE: [ActiveDir] Summer 
  Maintenance
  I love 
  comments like "The result is that as the imaged computers arepowered 
  up, the admin will type in each unique computer name and 
  walkaway."We're re-imaging about 1000 student computers this 
  summer and I'm notintending to go anywhere near most of them so typing in 
  anything is ano-no! As others have said, Ghost will happily rename and 
  join to thedomain and it will also work with sysprep so you can have the 
  best ofboth worlds :-)Steve-Original 
  Message-From: Brad Corob [mailto:[EMAIL PROTECTED]]Sent: 15 
  July 2004 05:00To: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Summer Maintenance2) Regardless of how you image the 
  computers, using sysprep is the*only* supported way of using imaged 
  workstations on a network. Lookinto it if you haven't used it. 
  I find it quite simple to use andextrememlyeffective. The 
  sysprep process can be automated. I typically find itmostuseful 
  to automate all of the mini-setup answers except for computername.The 
  result is that as the imaged computers are powered up, the adminwill type 
  in each unique computer name and walk away.You can also join a domain 
  during the sysprep process (automated ornot).One caveat here is the 
  default 10-computer limit each user account cancreate in AD ("but it 
  worked fine when we tested it!"). The suggestedmethod is to create a 
  designated account for Sysprep imaging anddelegate the appropriate rights 
  to your Computer OU's.If joining the computer to the domain during 
  sysprep doesn't work foryou, you can also script the process. 
  Technet gives an example scripthere:http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm31.mspxbut 
  MSDN actually documents the WMI method here:http://msdn.microsoft.com/library/en-us/wmisdk/wmi/joindomainorworkgroup_method_in_class_win32_computersystem.aspParticularly 
  helpful is the AccountOU parameter, as it will allow you tospecify the OU 
  in which to place the computer object to further easeyour post-deployment 
  admin tasks.[The script method works wonders in large deployments when 
  you can'tjoin a domain during the Sysprep

RE: [ActiveDir] Summer Maintenance

2004-07-21 Thread Jared Manhat

Title: RE: [ActiveDir] Summer Maintenance








Yes, just use Ghost and run Sysinternals
NewSID on each pc BEFORE ADDING IT TO THE DOMAIN.

http://www.sysinternals.com/ntw2k/source/newsid.shtml





Jared Manhat 
Systems Administrator 
Accutest Laboratories 
2235 Route 130 
Dayton, NJ 08810 
(732) 329-0200 x254 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl
Sent: Wednesday, July 21, 2004
4:49 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance





I have word of using sysprep along with
Ghost. From what I have read sysprep is just do the OS and allows for
different configurations. If I am doing a lab that has special software
and the same hardware config, is it not better to just use ghost after the
master computer has been configured?







--

Jake
















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. Leali
Sent: Wednesday, July 21, 2004
9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance

I think you can use Unicast instead of
Multicast in the newer versions of Norton ghost. It goes slower but it
wont bog down the network. Also, make sure your hop count is set
correctly. 











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, July 18, 2004 12:13
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance





We tend to do them in blocks of max 30
because it's more manageable (and most rooms don't have more than that many
computers!)



I've done it enough times now to know that
although we shouldn't have to get involved with boot floppies sometimes things
just don't go the way you plan :-)



Not sure why Ghost does cause the network
problems you describe but I know it does and we just plan round it - making
sure no-one's trying to do anything important at the same time etc.



Steve









From: Brian
Desmond [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 21:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance

Things
really slow down when multicasting to a load of computers where I am (all Cisco
2900XL series switches with fiber links to a 4005 series backbone switch). The
multicast slows to a crawl, as does other network traffic.





--Brian Desmond

[EMAIL PROTECTED]

Payton on the
Web! Http://www.wpcp.org



v: 773.534.0034
x135

f: 773.534.0035















From: Doug M. Long
[mailto:[EMAIL PROTECTED] On
Behalf Of Doug M. Long
Sent: Friday, July 16, 2004 1:07
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance









If your multicasting, network congestion
shouldnt be an issue (assuming that you are putting the same image on all
machines), right? Or am I missing something here? 















From:
[EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Fri 7/16/2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer
Maintenance







You got it Steve. I don't know if you've ever done this before, but be
prepared to have a handful of them screw up and need reimaging with a floppy
disk. Also, don't think of doing em all at once. 100 - 150 is enough to
saturate your network.











--Brian







-Original
Message- 
From: Steve Rochford
[mailto:[EMAIL PROTECTED] 
Sent: Fri 7/16/2004 8:08 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer
Maintenance



I love
comments like The result is that as the imaged computers are
powered up, the admin will type in each unique computer name and walk
away.

We're re-imaging about 1000 student computers this summer and I'm not
intending to go anywhere near most of them so typing in anything is a
no-no! As others have said, Ghost will happily rename and join to the
domain and it will also work with sysprep so you can have the best of
both worlds :-)

Steve

-Original Message-
From: Brad Corob [mailto:[EMAIL PROTECTED]]
Sent: 15 July 2004 05:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

2) Regardless of how you image the computers, using sysprep is the
*only* supported way of using imaged workstations on a network. Look
into it if you haven't used it. I find it quite simple to use and
extrememly
effective. The sysprep process can be automated. I typically
find it
most
useful to automate all of the mini-setup answers except for computer
name.
The result is that as the imaged computers are powered up, the admin
will type in each unique computer name and walk away.

You can also join a domain during the sysprep process (automated or
not).
One caveat here is the default 10-computer limit each user account can
create in AD (but it worked fine when we tested it!). The
suggested
method is to create a designated account for Sysprep imaging and
delegate the appropriate rights to your Computer OU's.

If joining the computer to the domain during sysprep doesn't work for
you, you can also script the process. Technet gives an example script
here:

[ActiveDir] DSACLS - is this normal ?

2004-07-21 Thread Fugleberg, David A

Sorry if this is a dup - didn't see it after several hours..

I posted on this topic before but I think I can explain the issue more
clearly now...

If I use the /S switch of DSACLS to restore the ACLS of an object back
to the default as defined in the schema, the object no longer inherits
auditing entries.  The simplest test to observe this is:

1. create a new user or computer object
2. look at its properties - security tab, advanced, auditing tab -
Allow inheritable audinting properties from parent to propogate to this
object is checked, and any such inherited auditing entries are
displayed 3. at a command prompt, type DSACLS DN of the object /S 4.
look at the same security properties again - the check box is cleared
and the entries are gone.

Any idea why this happens ?  In this simple example, I would have
expected NO change - the object had just been created, presumably with
the same default security descriptor as the /S switch uses.

Dave
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] W2K3 with W2K2

Let's agree that there is no PDC/BDC concept. Now, if all you want to do is
get your Domain ready for when you will eventually move to 2003, then you
should just run the adprep /forestprep and adprep /domainprep in your domain
and wait. IF you want to get a win2K3 DC into the Domain now, then there is
this concept called WITO (hello, Joe :)). It's the Walk In, Take Over
principle. The Win2K3 will have to get the roles, at least the PDCE and the
Domain Naming master roles, otherwise your domain will not function
correctly, and many of the benefits of a Win2K3 Domain will NOT be available
to you. I have been able to get a win2K3 DC to install successfully into a
test domain without transferring the roles or upgrading the DC that
originally has these roles, but what I've heard and read is that is not
something you want to do in a production environment.
 
The people who taught me that (and wrote the book on that) are on this list.
They may be able to explain further.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Jacob Stabl
Sent: Wed 7/21/2004 1:19 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] W2K3 with W2K2



I know this issue has been talked about before but searching through some
old post in my inbox I didn't find the exact answer I was looking for.

Is there a problem in joining a Window 2003 server as the BDC of in a
Windows 2000 network?  Will there be any problems or unavailable features?
I don't want Windows 2003 to take over the domain.  Reason for doing this is
so next year if I decide to upgrade the domain to Windows 2003 it will be
easier, I just move roles and such to that server.  In my simple mind this
all makes sense.  Any suggestions?

Thanks

--
Jacob Stabl
Network Engineer
Plain Local Schools
http://eagle.stark.k12.oh.us
Work: 330.492.3500 x.383
Cell: 330.495.7243

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] home directory modifications

If option two doesn't do it, this might be a good starting point (Deji's
option 2)
http://tinyurl.com/5jne3

The code here assumes you already have the userdn.  That's easy enough to
get if they're all in the same ou.  If not, modify Deji's script -- it'll be
faster.
Once you bind to the user object, read the homedrive attribute, parse it
(split is a pretty good function for this) and then read it back into the
variable you want and update the user object with the vars you want.

Cool scripts Deji!!  I'm going to have to start crawling that site a bit
more :) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 5:14 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] home directory modifications

Depending on how brave you are, one of these MAY help you.
 
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=35
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=26
 
 
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of James Payne
Sent: Wed 7/21/2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] home directory modifications







I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] home directory modifications

Do so - at your peril, Sir!
 
and, while you are at it, don't tell Joe :)
 
 
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Mulnick, Al
Sent: Wed 7/21/2004 2:31 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] home directory modifications



If option two doesn't do it, this might be a good starting point (Deji's
option 2)
http://tinyurl.com/5jne3

The code here assumes you already have the userdn.  That's easy enough to
get if they're all in the same ou.  If not, modify Deji's script -- it'll be
faster.
Once you bind to the user object, read the homedrive attribute, parse it
(split is a pretty good function for this) and then read it back into the
variable you want and update the user object with the vars you want.

Cool scripts Deji!!  I'm going to have to start crawling that site a bit
more :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 5:14 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] home directory modifications

Depending on how brave you are, one of these MAY help you.

http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=35
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=26


Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of James Payne
Sent: Wed 7/21/2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] home directory modifications







I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?

Title: OT: Newsgroup Feeds for microsoft newsgroups?






I have stumbled upon a little used feature in my protocols folder. NNTP. Are there any public feeds available for getting the Microsoft newsgroups? I am especially interested in those dealing with vbs, ad, exchange.

TIA

Thank you,

Mitch

RE: [ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?

2004-07-21 Thread David Adner

msnews.microsoft.com is MS's newsgroup server.  Its groups are hosted on
other servers, too.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 DL.ActiveDirectory
 Sent: Wednesday, July 21, 2004 17:27
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?

 I have stumbled upon a little used feature in my protocols 
 folder. NNTP. Are there any public feeds available for 
 getting the Microsoft newsgroups? I am especially interested 
 in those dealing with vbs, ad, exchange.

 TIA

 Thank you,

 Mitch

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] home directory modifications

2004-07-21 Thread Edwin

This is my first attempt at answering a question here on the list, but I
believe that I have an accurate answer to the question in this thread.  If I
am incorrect, I apologize for any confusion that I may have caused.

200 or so members would be a lot to perform updates on individually but I
would assume that those users are within different OU's.  Since they are in
OU's you would only have to make an update for each OU that you have your
200 or so members in.

Why not select all the users in the OU and update their properties all at
once.  The Profile tab should be available to where you can update the path
as needed.  Now you can then update your \\goofy\home\ to \\mickey\home\ as
you like.

I had to do the same thing when I took over a domain that uses roaming
profiles.  I moved around a lot of files and folders for performance and
best practice reasons which forced me to update everyone's roaming profile
path using the method above.  The only exception was that I added their
username to the path such as \\mickey\home\%username%

If you can find a programming solution then I say go for it!  I myself need
to learn how to automate stuff when managing Active Directory.  I have found
that not to be so easy.  But if you need a quick solution, then the above
might work for you.

Edwin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 5:48 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] home directory modifications

Do so - at your peril, Sir!
 
and, while you are at it, don't tell Joe :)
 
 
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Mulnick, Al
Sent: Wed 7/21/2004 2:31 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] home directory modifications



If option two doesn't do it, this might be a good starting point (Deji's
option 2)
http://tinyurl.com/5jne3

The code here assumes you already have the userdn.  That's easy enough to
get if they're all in the same ou.  If not, modify Deji's script -- it'll be
faster.
Once you bind to the user object, read the homedrive attribute, parse it
(split is a pretty good function for this) and then read it back into the
variable you want and update the user object with the vars you want.

Cool scripts Deji!!  I'm going to have to start crawling that site a bit
more :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 5:14 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] home directory modifications

Depending on how brave you are, one of these MAY help you.

http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=35
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=26


Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of James Payne
Sent: Wed 7/21/2004 12:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] home directory modifications







I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] home directory modifications

google to download admodify.net. It's af ree tool from MS.

--Brian

-Original Message- 
From: James Payne [mailto:[EMAIL PROTECTED] 
Sent: Wed 7/21/2004 2:30 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [ActiveDir] home directory modifications

I have about 200 users setup to connect h: to \\goofy\home\username.  I am
moving the data on \\goofy\home\ to \\mickey\home\.  Is there a script
laying around somewhere that would allow me to change this path in
everyone's profile at once?  It should would beat doing this manually for
every user.

Thanks again for any help you guys can provide.

James

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

winmail.dat

RE: [ActiveDir] Summer Maintenance

NO NO NO. Always always always use sysprep. Sysprep strips other things like SIDs, 
which are the machince identifier. For that matter it strips all identifying 
information from the PC image. Otherwise you have bunches of problems with duplicate 
names, sids, etc.
 
--Brian

-Original Message- 
From: Jacob Stabl [mailto:[EMAIL PROTECTED] 
Sent: Wed 7/21/2004 3:49 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer Maintenance


I have word of using sysprep along with Ghost.  From what I have read sysprep 
is just do the OS and allows for different configurations.  If I am doing a lab that 
has special software and the same hardware config, is it not better to just use ghost 
after the master computer has been configured?
 

-- 
Jake 

 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. Leali
Sent: Wednesday, July 21, 2004 9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance



I think you can use Unicast instead of Multicast in the newer versions of 
Norton ghost.  It goes slower but it wont bog down the network.  Also, make sure 
your hop count is set correctly. 

 


  _  


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, July 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

 

We tend to do them in blocks of max 30 because it's more manageable (and most 
rooms don't have more than that many computers!)

 

I've done it enough times now to know that although we shouldn't have to get 
involved with boot floppies sometimes things just don't go the way you plan :-)

 

Not sure why Ghost does cause the network problems you describe but I know it 
does and we just plan round it - making sure no-one's trying to do anything important 
at the same time etc.

 

Steve

 


  _  


From: Brian Desmond [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 21:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

Things really slow down when multicasting to a load of computers where I am 
(all Cisco 2900XL series switches with fiber links to a 4005 series backbone switch). 
The multicast slows to a crawl, as does other network traffic.

 

--Brian Desmond

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

Payton on the Web! Http://www.wpcp.org http://www.wpcp.org 

 

v: 773.534.0034 x135

f: 773.534.0035

 

 


  _  


From: Doug M. Long [mailto:[EMAIL PROTECTED] On Behalf Of Doug M. Long
Sent: Friday, July 16, 2004 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

 

If your multicasting, network congestion shouldnt be an issue (assuming that 
you are putting the same image on all machines), right? Or am I missing something 
here? 

 


  _  


From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Fri 7/16/2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

You got it Steve. I don't know if you've ever done this before, but be 
prepared to have a handful of them screw up and need reimaging with a floppy disk. 
Also, don't think of doing em all at once. 100 - 150 is enough to saturate your 
network.

 

--Brian

-Original Message- 
From: Steve Rochford [mailto:[EMAIL PROTECTED] 
Sent: Fri 7/16/2004 8:08 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer Maintenance

I love comments like  The result is that as the imaged computers are
powered up, the admin will type in each unique computer name and walk
away.

We're re-imaging about 1000 student computers this summer and I'm not
intending to go anywhere near most of them so typing in anything is a
no-no! As others have said, Ghost will happily rename and join to the
domain and it will also work with sysprep so you can have the best of
both worlds :-)

Steve

-Original Message-
From: Brad Corob [mailto:[EMAIL PROTECTED]
Sent: 15 July 2004 05:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

2) Regardless of how you image the computers, using sysprep is the
*only*

RE: [ActiveDir] Summer Maintenance

Please explain the reasoning here. Running newsid does not constitute running sysprep.

--Brian

-Original Message- 
From: Jared Manhat [mailto:[EMAIL PROTECTED] 
Sent: Wed 7/21/2004 4:00 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer Maintenance

Yes, just use Ghost and run Sysinternals NewSID on each pc BEFORE ADDING IT 
TO THE DOMAIN.

http://www.sysinternals.com/ntw2k/source/newsid.shtml

Jared Manhat 
Systems Administrator 
Accutest Laboratories 
2235 Route 130 
Dayton, NJ 08810 
(732) 329-0200 x254 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl
Sent: Wednesday, July 21, 2004 4:49 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

I have word of using sysprep along with Ghost.  From what I have read sysprep 
is just do the OS and allows for different configurations.  If I am doing a lab that 
has special software and the same hardware config, is it not better to just use ghost 
after the master computer has been configured?

-- 
Jake 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert N. Leali
Sent: Wednesday, July 21, 2004 9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

I think you can use Unicast instead of Multicast in the newer versions of 
Norton ghost.  It goes slower but it wont bog down the network.  Also, make sure 
your hop count is set correctly. 

  _  

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford
Sent: Sunday, July 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

We tend to do them in blocks of max 30 because it's more manageable (and most 
rooms don't have more than that many computers!)

I've done it enough times now to know that although we shouldn't have to get 
involved with boot floppies sometimes things just don't go the way you plan :-)

Not sure why Ghost does cause the network problems you describe but I know it 
does and we just plan round it - making sure no-one's trying to do anything important 
at the same time etc.

Steve

  _  

From: Brian Desmond [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 21:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

Things really slow down when multicasting to a load of computers where I am 
(all Cisco 2900XL series switches with fiber links to a 4005 series backbone switch). 
The multicast slows to a crawl, as does other network traffic.

--Brian Desmond

[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 

Payton on the Web! Http://www.wpcp.org http://www.wpcp.org 

v: 773.534.0034 x135

f: 773.534.0035

  _  

From: Doug M. Long [mailto:[EMAIL PROTECTED] On Behalf Of Doug M. Long
Sent: Friday, July 16, 2004 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

If your multicasting, network congestion shouldnt be an issue (assuming that 
you are putting the same image on all machines), right? Or am I missing something 
here? 

  _  

From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Fri 7/16/2004 11:13 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Summer Maintenance

You got it Steve. I don't know if you've ever done this before, but be 
prepared to have a handful of them screw up and need reimaging with a floppy disk. 
Also, don't think of doing em all at once. 100 - 150 is enough to saturate your 
network.

--Brian

-Original Message- 
From: Steve Rochford [mailto:[EMAIL PROTECTED] 
Sent: Fri 7/16/2004 8:08 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: [ActiveDir] Summer Maintenance

I love comments like  The result is that as the imaged computers are
powered up, the admin will type in each unique computer name and walk
away.

We're re-imaging about 1000 student computers this summer and I'm not
intending to go anywhere near most of them so typing in anything is a
no-no! As others have said, Ghost will happily rename and join to the
domain and it will also work with sysprep so you can have the best of
both worlds :-)

RE: [ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?

MSNews, MS' newsgroup folder is locked down so that you cannot pull from it, but, you 
might find another server which has a copy to pull from.

--Brian

-Original Message- 
From: DL.ActiveDirectory [mailto:[EMAIL PROTECTED] 
Sent: Wed 7/21/2004 5:26 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: [ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?

I have stumbled upon a little used feature in my protocols folder. NNTP. 
Are there any public feeds available for getting the Microsoft newsgroups? I am 
especially interested in those dealing with vbs, ad, exchange.

TIA

Thank you,

Mitch

winmail.dat

RE: [ActiveDir] OT: Newsgroup Feeds for microsoft newsgroups?