[ActiveDir] AD Problems after install
Dear all, I am experiencing some problems with replication after my initial install of AD and a second DC. Also I had some error during a GPO backup procedure from GPMC. Finally a WINS replication error. All you help is much appreciated. Cheers, George The follwing error occurred during the attempt to synchronize naming context XX.fin from domain controller X1 to domain controller X2: Access is denied. This operation will not continue. Event Type: Warning Event Source: NTDS Replication Event Category: Replication Event ID: 1586 Date: 9/1/2004 Time: 2:08:24 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: XX01 Description: The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful. A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint. The checkpoint process will be tried again in four hours. Additional Data Error value: 5 Access is denied. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Warning Event Source: NtFrs Event Category: None Event ID: 13508 Date: 9/1/2004 Time: 9:56:17 AM User: N/A Computer: XX01 Description: The File Replication Service is having trouble enabling replication from XX02 to XX01 for e:\windows\sysvol\domain using the DNS name XX02.ob.fin. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name XX02.ob.fin from this computer. [2] FRS is not running on XX02.ob.fin. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. GPO: Back_Office_GPO...Succeeded GPO: Client_Advisors_NS...Succeeded GPO: Customer_Service_Officers...Succeeded GPO: IT_GPO...Succeeded GPO: Management_GPO...Succeeded GPO: Member Servers...Succeeded, but note the following issues: [Warning] The security principal [S-1-5-32-547] referenced in extension [Security] cannot be resolved, but the task will continue. In the future, you can use a migration table to map or remove this security principal. Details: No mapping between account names and security IDs was done. GPO: OB Domain Controllers Policy...Succeeded GPO: OB Domain Policy...Succeeded 8 GPOs were successfully backed up, but 1 had additional information in the log above. 0 GPOs were not backed up. Event Type: Error Event Source: Wins Event Category: None Event ID: 4102 Date: 9/2/2004 Time: 7:24:40 AM User: N/A Computer: XX01 Description: The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: : 21 03 00 00 08 00 00 e0 !..à Informacija sa Opportunity International Serbia putem e-maila je bez garancije. Zakljucivanje pravnih poslova putem ovog medija nije dozvoljeno. Ovaj e-mail moze sadrzati poverljive i/ili povlascene informacije. Ukoliko ste ovaj e-mail primili greskom, ovim putem vas obavestavamo da je svako otkrivanje, kopiranje, distribucija ili preduzimanje bilo kakvih aktivnosti u vezi njegovog sadrzaja strogo zabranjeno i moze biti nezakonito. Ukoliko ste e-mail primili greskom, molimo Vas da nas odmah obavestite tako sto cete odgovoriti na ovaj email, a zatim ga izbrisite iz vaseg sistema. The exchange of messages with Opportunity International
RE: [ActiveDir] OT XP SP2
Did this happen on one machine or many machines? I have XP SP2 installed on several workstation and have not seen this problem. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Wednesday, September 01, 2004 6:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT XP SP2 We are in the process of creating a deployment for XP sp2 workstations. In testing noticed that it appears the %systemroot% variable doesn't work. This is causing things like ipconfig and worse ADUC to not work on this machine. Anyone every here of this before and have any ideas? Thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS and Scripting Question
Hunter, Thanks for your reply. I must say that in the many times I have asked this question, you have probably given me the best answer. I have always received something like, we just do it because it is easy , I dont know, no one said that it wasnt okay so why not do it? or something else that in my opinion may not be as professional a reply as it should be. I think that you are right. I dont think that a definite answer is out there. I am sure that there is a Microsoft reader on this list that will have an answer or maybe be able to direct us to that answer if one does exist. If there is a person, I would like to request that they start another thread with this topic. I am sure that I am not the only one with this as a question when it comes to bastion hosts and a domain. Edwin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Wednesday, September 01, 2004 10:49 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] IIS and Scripting Question Edwin- I don't think you're going to find a simple yes or no on the question of whether to put public facing servers in a (separate) domain. Assume for a minute that one of your public servers gets compromised. If it's a standalone server, then the attacker is somewhat constrained in her ability to leverage that server against your other servers. If it's in a domain, then the attacker has a somewhat easier task of expanding the attack to other servers in the domain. Of course, you may find it easier to lock down your public servers via group policy, SUS, and other things if you are able to use domain-based management tools. And you may find that having your users and developers using a single domain account cuts down on the number of passwords taped to monitors and under keyboards. As is often the case, the closest you'll come to a definitive answer is It depends... Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 01, 2004 5:26 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question Micheal, If I may, I would like to ask you a question based off of your last reply to this thread. You said, It can't be a part of the domain (our policy is that shared hosting servers (excepting our Exchange hosting servers, which have their own domain) are standalone) I share this same opinion while others in the organization I work for insist on having a domain for ease of management and other features. I believe that there are other ways to easily manage servers and use whatever features you want without the use of a domain. My question to you is if your last statement is based on a preference of your organization or because of a document that gives good arguments as to why a domain should not be used on public servers? If based on a document, would you be able to share this information? I have found many documents that say having a domain on a public server is no problem, but that the domain should be isolated from other domains. But none of the documents give a recommendation as to whether or not it should or should not be used. I am basically looking for a definite yes or no answer and not something like, sure, its okay to do. I don't know if such a document exists, but if there is an official statement from Microsoft about it, I would love to begin an argument with my co-workers about it. Thank you, Edwin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, September 01, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question No, the provisioning application needs to be able to create a folder and a file within that folder and assign rights. It can't be a part of the domain (our policy is that shared hosting servers (excepting our Exchange hosting servers, which have their own domain) are standalone). Thanks for the thought. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, September 01, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question So really the rights you need are the ability to open a file on a file share you have rights to? Is it possible to make it part of the domain? You could use the machine account or the IIS account then. If not, then the trick here is to allow file system access to the application (the user-context of the application really). Would that work? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, September 01, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question I have a provisioning application that runs on a domain member that needs administrative access to a standalone server. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, September 01, 2004 1:27 PM To: '[EMAIL
[ActiveDir] windows 2000 directory permissioning
this post relates to the general tenet of permissioning of AD objects - ou's et al - and seeking views on how ACL's are applied to OU (or for that matter any directory object I suppose) all the delegation references seem to indicate that group objects should be used as ACE's - totally happy with this however the main issue i seek views is the SCOPE of these groups - on days where we used ACL's to set permissions on NTFS directories we were given the tenet of use LOCAL GROUPS to set permissions, add global groups to the local groups . - AGLP being the well known acronym if we reference the raft of delegation guides these seem to propose the use of GLOBAL groups as the entity that is added to the ACL i have no problem with this but it just seems to go against the grain of the methodology of the NTFS permissioning ?? is this perhaps borne out of subtlety in the way the Windows 2000 LSA manages directory objects vs NTFS permissions ?? final point that i think relevant references the way in which 'DNS Admins - this is in fact a group but which is LOCAL in scope views will be gladly received GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Deleted computer account
Huh. Nice idea. Worked like a charm, at least as far as I can see. Certificate paths seem to be OK, no errors in event log yet. Thanks! ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Saturday, August 28, 2004 8:14 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Deleted computer account Not a great situation there, if it were me I would probably back my CA services, DB, logs, registry and key(s) - then uninstall the service. Disjoin the machine , rejoin - reinstall cert services and follow procedures like: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q298138 my .02 -steve - Original Message - From: Mulnick, Al [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 27, 2004 11:43 AM Subject: RE: [ActiveDir] Deleted computer account Yep. Sorry, didn't see that it was a CA. What about putting back the account to a pre-deleted state? Have you already tried that (my copy of the conversation is trunc'd) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Thursday, August 26, 2004 8:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Deleted computer account Can't. It's a CA, and you can't change computer name or domain membership once you make it a CA... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO Question
Thanks!!! That helped out! But now I have another question In the Screen Saver Section of the GPO: Screen Saver is enabled but no executable is specified, time is set. I know that if you do not have a screen saver specified in the configuration, the screen saver setting will not be enabled unless there is a selection made in the display properties Question: Is there a way to get the screen saver enabled where it will not override default screen savers already in place and/or get rid of the NONE option in the Screen Saver so when we enable this through policy it will be enabled Please help! Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, August 31, 2004 4:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question In your GPO, it's under User Configuration-Administrative Templates-Control Panel-Display-Screen Saver timeout Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO Question Is there a way to set the Screen Saver settings on a GPO? For example set it for 20 Minutes? I know how to do it through the registry but I still cannot see where I can do that through the GPO's. Well I can see where to add a registry entry but is there an easier way? Any help would be appreciate it. Thanks, Mario *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Using CMD
Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Using CMD
Type c: and hit enter? CD won't switch drive letters, only directories... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: Jacob Stabl [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 9:28 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Using CMD
Hi Jacob From the command prompt type C: You can then do your cd directoryname . Regards; James R. Day National Park Service - AD Core Team (202) 354-1464 Fax (202) 371-1549 [EMAIL PROTECTED] |-+-- | | Jacob Stabl| | | [EMAIL PROTECTED]| | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 09/02/2004 12:28 PM AST| | | Please respond to | | | ActiveDir | |-+-- --| | | | To: [EMAIL PROTECTED] | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] Using CMD | --| Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] windows 2000 directory permissioning
Hello Graham - as always: it depends... and this is mostly about if you're in a single domain or multi-domain forest. in a single domain, the group-scope obviously doesn't matter - you can even nest groups of the same type to achieve any nesting, if you need it. Nesting still makes sense at times, e.g. when you grant differnt admins-groups different permissions to an OU, but in the end, all of the Admins should have read permissions to the whole OU (assuming you're hiding something for normal users) = I typically have an PREFIX-AllAdmins group for each OU representing an Administrative Unit and this group contains all other admin groups for that unit (e.g. user-admins, client-admins, helpdesk etc.). Scope for all groups can be local as you're likely not going to set permissions via these groups to other objects in AD. in a multi-domain environment, the sope of the groups are obviously more important - if permissions are to be applied for objects from different domains and these permissions are granted on the configuration container (e.g. for Exchange), you'll want to use universal groups, as a local group can't grant the required permission on the same data in the config container hosted on a DC in another domain... However, even in multi-domain forests, you often just need access to data of in your own domain NC, so that local groups are usually fine to use. At last - also for multi-domain-forests - you have to consider visibility: if you want to see the memberships of your AD groups on the users (i.e. memberOf tab) for any groups in the forest, then you may want to choose UGs just for that reason. If you don't care, then local groups will be fine and cause less replication traffic (but more headaches during recovery of deleted members). HTH Cheers, Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent: Thursday, September 02, 2004 2:37 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] windows 2000 directory permissioning this post relates to the general tenet of permissioning of AD objects - ou's et al - and seeking views on how ACL's are applied to OU (or for that matter any directory object I suppose) all the delegation references seem to indicate that group objects should be used as ACE's - totally happy with this however the main issue i seek views is the SCOPE of these groups - on days where we used ACL's to set permissions on NTFS directories we were given the tenet of use LOCAL GROUPS to set permissions, add global groups to the local groups . - AGLP being the well known acronym if we reference the raft of delegation guides these seem to propose the use of GLOBAL groups as the entity that is added to the ACL i have no problem with this but it just seems to go against the grain of the methodology of the NTFS permissioning ?? is this perhaps borne out of subtlety in the way the Windows 2000 LSA manages directory objects vs NTFS permissions ?? final point that i think relevant references the way in which 'DNS Admins - this is in fact a group but which is LOCAL in scope views will be gladly received GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Using CMD
cd /d drive:path cd /d c:\path have fun, John Jacob Stabl [EMAIL PROTECTED] l.org To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] Using CMD 09/02/2004 11:28 AM Please respond to [EMAIL PROTECTED] tivedir.org Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Using CMD
If you want to change drive letters AND directories with the CD command you need to use the /d flag.. ie. h: cd /d c:\temp ... then you will be in the c:\temp HTH Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Using CMD
You actually did something - you just didn't see it: you switched the current directory for the C: drive to C:\directory. So if you'd switch to the drive (via c: [enter]) even after you typed the change directory command, you should be in C:\directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 6:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Using CMD
Type the following at the H:\ command prompt C:press the enter key Cd\press the enter key WAL LA your there -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS and Scripting Question
Edwin - It has been our opinion for years (since our NT4 days) that having non-domain servers reduces the attack surface. It is just that: an opinion. Microsoft's recommendations for shared hosting solutions recommends usage of an active directory. (See http://microsoft.com/serviceproviders and the various white papers available there.) When we next upgrade our environment, we will move to a domain. We used O'Reilly Website for a number of years to reduce the attack surface and War-FTP. But the capabilities of that product, as of IIS 4.0, were less than IIS and our customer based required us to switch to IIS. Some monitoring tools (one we beta'ed, not currently released) and more-and-more functionality is coming to depend on domain membership. As of IIS 5.0, the inbuilt ftp server had sufficient capabilities and we switched to it. Except for Perl and PHP, and a few DLLs, our webservers are now all Microsoft. Thanks, Michael From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EdwinSent: Wednesday, September 01, 2004 7:26 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] IIS and Scripting Question Micheal, If I may, I would like to ask you a question based off of your last reply to this thread. You said, It can't be a part of the domain (our policy is that shared hosting servers (excepting our Exchange hosting servers, which have their own domain) are standalone) I share this same opinion while others in the organization I work for insist on having a domain for ease of management and other features. I believe that there are other ways to easily manage servers and use whatever features you want without the use of a domain. My question to you is if your last statement is based on a preference of your organization or because of a document that gives good arguments as to why a domain should not be used on public servers? If based on a document, would you be able to share this information? I have found many documents that say having a domain on a public server is no problem, but that the domain should be isolated from other domains. But none of the documents give a recommendation as to whether or not it should or should not be used. I am basically looking for a definite yes or no answer and not something like, sure, its okay to do. I dont know if such a document exists, but if there is an official statement from Microsoft about it, I would love to begin an argument with my co-workers about it. Thank you, Edwin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Wednesday, September 01, 2004 2:03 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] IIS and Scripting Question No, the provisioning application needs to be able to create a folder and a file within that folder and assign rights. It can't be a part of the domain (our policy is that shared hosting servers (excepting our Exchange hosting servers, which have their own domain) are standalone). Thanks for the thought. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Wednesday, September 01, 2004 1:53 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] IIS and Scripting Question So really the rights you need are the ability to open a file on a file share you have rights to? Is it possible to make it part of the domain? You could use the machine account or the IIS account then. If not, then the trick here is to allow file system access to the application (the user-context of the application really). Would that work? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Wednesday, September 01, 2004 1:48 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] IIS and Scripting Question I have a provisioning application that runs on a domain member that needs administrative access to a standalone server. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Wednesday, September 01, 2004 1:27 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] IIS and Scripting Question Credentials other than the ones that IIS is running under? Personally, I haven't seen a way to do that and wonder why you would want to do it that way? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Wednesday, September 01, 2004 9:33 AMSubject: [ActiveDir] IIS and Scripting Question Is there any way tocreate a FileSystemObject with alternate credentials, similar to what I can do with OpenDSObject for an ASP web page? Thanks, M
RE: [ActiveDir] IIS and Scripting Question
This is an accurate representation of my environment. I don't see how I do that stuff in script. :-) Is this documented somewhere? Thanks, Michael -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Wednesday, September 01, 2004 8:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question Can I get a quick clarification here: a) Provisioning application runs on ServerA (which is part of a domain) b) Webserver (serverB) is standalone (not in the domain) c) Provisioning app (on ServerA) needs to create folders and/or files on ServerB Question: Is the Provisioning App itself running on IIS? (ie IIS is also running on ServerA, and the provisioning app is web based). If so, then you could make use of IIS' pass-through UNC authentication system. Create two accounts with the same name: one on serverA, and one on serverB. In IIS Manager on ServerA, add a virtual directory that points to a share on ServerB. When asked what credentials to use, enter ServerB\AccountYouJustCreated and corresponding password. IIS will use this account when connecting to the remote share. Whether you want to do this or not is another question :-) HTH Cheers Ken Original Message From: Michael B. Smith [EMAIL PROTECTED] Sent: Wednesday, September 01, 2004 3:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question That would work if the web server were a member server, but not as a standalone server. You can't add accounts from another server to the ACLs on a standalone server. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Wednesday, September 01, 2004 4:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] IIS and Scripting Question I don't know if this would work, but... Add the share on your data server to the website as a virtual directory. Then, add your web server's computer account or the IIS account with the access that the app needs to your data servers share. I'm not sure which would be needed to work. You could then use whatever your accounting mechanism is on the web server to control access to the share. Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, September 01, 2004 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question No, the provisioning application needs to be able to create a folder and a file within that folder and assign rights. It can't be a part of the domain (our policy is that shared hosting servers (excepting our Exchange hosting servers, which have their own domain) are standalone). Thanks for the thought. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, September 01, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question So really the rights you need are the ability to open a file on a file share you have rights to? Is it possible to make it part of the domain? You could use the machine account or the IIS account then. If not, then the trick here is to allow file system access to the application (the user-context of the application really). Would that work? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, September 01, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] IIS and Scripting Question I have a provisioning application that runs on a domain member that needs administrative access to a standalone server. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, September 01, 2004 1:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] IIS and Scripting Question Credentials other than the ones that IIS is running under? Personally, I haven't seen a way to do that and wonder why you would want to do it that way? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, September 01, 2004 9:33 AM Subject: [ActiveDir] IIS and Scripting Question Is there any way to create a FileSystemObject with alternate credentials, similar to what I can do with OpenDSObject for an ASP web page? Thanks, M List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] GPO Question
I don't think that's possible through the available GPO settings. One option would be to set up a second GPO that specified a particular screen saver, and then use a WMI filter to only apply that GPO to users who had not chosen anything for a screen saver. Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 10:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question Thanks!!! That helped out! But now I have another question In the Screen Saver Section of the GPO: Screen Saver is enabled but no executable is specified, time is set. I know that if you do not have a screen saver specified in the configuration, the screen saver setting will not be enabled unless there is a selection made in the display properties Question: Is there a way to get the screen saver enabled where it will not override default screen savers already in place and/or get rid of the NONE option in the Screen Saver so when we enable this through policy it will be enabled Please help! Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, August 31, 2004 4:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question In your GPO, it's under User Configuration-Administrative Templates-Control Panel-Display-Screen Saver timeout Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO Question Is there a way to set the Screen Saver settings on a GPO? For example set it for 20 Minutes? I know how to do it through the registry but I still cannot see where I can do that through the GPO's. Well I can see where to add a registry entry but is there an easier way? Any help would be appreciate it. Thanks, Mario *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO Question
I have used WMI from pulling data. Where can I read about doing this to GPO's? Is this through an external script? Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Thursday, September 02, 2004 1:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question I don't think that's possible through the available GPO settings. One option would be to set up a second GPO that specified a particular screen saver, and then use a WMI filter to only apply that GPO to users who had not chosen anything for a screen saver. Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 10:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question Thanks!!! That helped out! But now I have another question In the Screen Saver Section of the GPO: Screen Saver is enabled but no executable is specified, time is set. I know that if you do not have a screen saver specified in the configuration, the screen saver setting will not be enabled unless there is a selection made in the display properties Question: Is there a way to get the screen saver enabled where it will not override default screen savers already in place and/or get rid of the NONE option in the Screen Saver so when we enable this through policy it will be enabled Please help! Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, August 31, 2004 4:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question In your GPO, it's under User Configuration-Administrative Templates-Control Panel-Display-Screen Saver timeout Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO Question Is there a way to set the Screen Saver settings on a GPO? For example set it for 20 Minutes? I know how to do it through the registry but I still cannot see where I can do that through the GPO's. Well I can see where to add a registry entry but is there an easier way? Any help would be appreciate it. Thanks, Mario *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO Question
My GPO is as follows: Activate Screen Saver: Enabled Screen Saver EXE Name: NOT CONFIGURED Password Protect Screen Saver: Enabled Screen Saver Timeout: Enabled (1200 sec) That config will allow the user to choose their own screen saver but not allow them to change the lock screensaver feature or the timeout. If no screen saver is defined (none) then it uses a blank screen. -Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rosales, Mario Sent: Thursday, September 02, 2004 11:08 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question I have used WMI from pulling data. Where can I read about doing this to GPO's? Is this through an external script? Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Thursday, September 02, 2004 1:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question I don't think that's possible through the available GPO settings. One option would be to set up a second GPO that specified a particular screen saver, and then use a WMI filter to only apply that GPO to users who had not chosen anything for a screen saver. Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 10:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question Thanks!!! That helped out! But now I have another question In the Screen Saver Section of the GPO: Screen Saver is enabled but no executable is specified, time is set. I know that if you do not have a screen saver specified in the configuration, the screen saver setting will not be enabled unless there is a selection made in the display properties Question: Is there a way to get the screen saver enabled where it will not override default screen savers already in place and/or get rid of the NONE option in the Screen Saver so when we enable this through policy it will be enabled Please help! Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, August 31, 2004 4:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question In your GPO, it's under User Configuration-Administrative Templates-Control Panel-Display-Screen Saver timeout Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO Question Is there a way to set the Screen Saver settings on a GPO? For example set it for 20 Minutes? I know how to do it through the registry but I still cannot see where I can do that through the GPO's. Well I can see where to add a registry entry but is there an easier way? Any help would be appreciate it. Thanks, Mario *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended
[ActiveDir] distinguished name Question?
Is it possible that you can have one object in Active Directory without distinguished name? Thanks Mike
RE: [ActiveDir] GPO Question
I would expect there to be information about this on Microsoft's site. Another starting point: http://www.serverwatch.com/tutorials/article.php/2205741 -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 12:08 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question I have used WMI from pulling data. Where can I read about doing this to GPO's? Is this through an external script? Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Thursday, September 02, 2004 1:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question I don't think that's possible through the available GPO settings. One option would be to set up a second GPO that specified a particular screen saver, and then use a WMI filter to only apply that GPO to users who had not chosen anything for a screen saver. Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Thursday, September 02, 2004 10:14 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question Thanks!!! That helped out! But now I have another question In the Screen Saver Section of the GPO: Screen Saver is enabled but no executable is specified, time is set. I know that if you do not have a screen saver specified in the configuration, the screen saver setting will not be enabled unless there is a selection made in the display properties Question: Is there a way to get the screen saver enabled where it will not override default screen savers already in place and/or get rid of the NONE option in the Screen Saver so when we enable this through policy it will be enabled Please help! Thanks, Mario -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, August 31, 2004 4:01 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO Question In your GPO, it's under User Configuration-Administrative Templates-Control Panel-Display-Screen Saver timeout Hunter -Original Message- From: Rosales, Mario [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 2:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO Question Is there a way to set the Screen Saver settings on a GPO? For example set it for 20 Minutes? I know how to do it through the registry but I still cannot see where I can do that through the GPO's. Well I can see where to add a registry entry but is there an easier way? Any help would be appreciate it. Thanks, Mario *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor
RE: [ActiveDir] distinguished name Question?
I would say no. :o) joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike HogenauerSent: Thursday, September 02, 2004 2:46 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] distinguished name Question? Is it possible that you can have one object in Active Directory without distinguished name? Thanks Mike
RE: [ActiveDir] Using CMD
As mentioned by others to do drive and folder switching at once cd /d driveletter:\folder cd /d c:\ or Driveletter: cd folder c: cd \ Even cooler, in my opinion pushd driveletter:\folder pushd c:\ That also works with unc's pushd \\server\share\folder\subfolder It creates the network drive for your and then CD's into it. Then when you want to go back to where you were before popd Combine that with a good prompt such as prompt=[$d $t] $M$+$_$P$G And you can see quite a bit about your current status: [Thu 09/02/2004 18:12:52.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:01.83] + D:\temppopd [Thu 09/02/2004 18:13:03.07] C:\temppushd d:\temp [Thu 09/02/2004 18:13:06.99] + D:\temppushd \\2k3exc01\d$ [Thu 09/02/2004 18:13:11.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:37.97] + D:\temppopd [Thu 09/02/2004 18:13:39.74] C:\temp One downside is pushd doesn't support cd some* where * means anything it can match to. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Using CMD
Somebody has too much time on their hands. -- Cubic Corporation San Diego, Ca. -Original Message- From: joe [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Thu Sep 02 15:14:14 2004 Subject: RE: [ActiveDir] Using CMD As mentioned by others to do drive and folder switching at once cd /d driveletter:\folder cd /d c:\ or Driveletter: cd folder c: cd \ Even cooler, in my opinion pushd driveletter:\folder pushd c:\ That also works with unc's pushd \\server\share\folder\subfolder It creates the network drive for your and then CD's into it. Then when you want to go back to where you were before popd Combine that with a good prompt such as prompt=[$d $t] $M$+$_$P$G And you can see quite a bit about your current status: [Thu 09/02/2004 18:12:52.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:01.83] + D:\temppopd [Thu 09/02/2004 18:13:03.07] C:\temppushd d:\temp [Thu 09/02/2004 18:13:06.99] + D:\temppushd \\2k3exc01\d$ [Thu 09/02/2004 18:13:11.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:37.97] + D:\temppopd [Thu 09/02/2004 18:13:39.74] C:\temp One downside is pushd doesn't support cd some* where * means anything it can match to. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] distinguished name Question?
I would so no as well. I would also ask why would you want to? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, September 02, 2004 3:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] distinguished name Question? I would say no. :o) joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Thursday, September 02, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] distinguished name Question? Is it possible that you can have one object in Active Directory without distinguished name? Thanks Mike
RE: [ActiveDir] Using CMD
LOL if I did I wouldn't have 600+ emails from this list to go through. :o) Plus if I did, I would rewrite pushd so it did wildcards, probably like the old ncd program. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Seitz, Peter Sent: Thursday, September 02, 2004 6:15 PM To: '[EMAIL PROTECTED]' Subject: Re: [ActiveDir] Using CMD Somebody has too much time on their hands. -- Cubic Corporation San Diego, Ca. -Original Message- From: joe [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Thu Sep 02 15:14:14 2004 Subject: RE: [ActiveDir] Using CMD As mentioned by others to do drive and folder switching at once cd /d driveletter:\folder cd /d c:\ or Driveletter: cd folder c: cd \ Even cooler, in my opinion pushd driveletter:\folder pushd c:\ That also works with unc's pushd \\server\share\folder\subfolder It creates the network drive for your and then CD's into it. Then when you want to go back to where you were before popd Combine that with a good prompt such as prompt=[$d $t] $M$+$_$P$G And you can see quite a bit about your current status: [Thu 09/02/2004 18:12:52.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:01.83] + D:\temppopd [Thu 09/02/2004 18:13:03.07] C:\temppushd d:\temp [Thu 09/02/2004 18:13:06.99] + D:\temppushd \\2k3exc01\d$ [Thu 09/02/2004 18:13:11.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:37.97] + D:\temppopd [Thu 09/02/2004 18:13:39.74] C:\temp One downside is pushd doesn't support cd some* where * means anything it can match to. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Exchange Schema question
Ah. I thought maybe I could just point the fields in the schema to where the mailbox _eventually-will-be_. But, alas, I will take Joe up on his most generous offer of Joeware. Thanks. _ From: Brian Desmond [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 01, 2004 7:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exchange Schema question No. The mailboxes need to be created on a store somewhere. When you mailbox enable a user, you create them a spot on a store, make them available to the services which build the GAL... all depedent on Exch boxes. --Brian -Original Message- From: Noah Eiger [mailto:[EMAIL PROTECTED] Sent: Wed 9/1/2004 6:34 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] Exchange Schema question Hello All- If I run domainprep and forestprep but do not actually setup Exchange, can I still create/import settings for the user's Exchange mailboxes? (I have a client who wants to hold off on implementing Exchange. I want to be able to create mailboxes during the initial creation of user accounts.) Thanks. nme attachment: winmail.dat
RE: [ActiveDir] distinguished name Question?
Me too. How's AD to find something if the something doesn't have a name? --Brian -Original Message- From: joe [mailto:[EMAIL PROTECTED] Sent: Thu 9/2/2004 5:08 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] distinguished name Question? I would say no. :o) joe _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Thursday, September 02, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] distinguished name Question? Is it possible that you can have one object in Active Directory without distinguished name? Thanks Mike winmail.dat
RE: [ActiveDir] Way OT - Using CMD
For cripes sake, joe - can't you just give a simple one or two line answer? Somebody asks you what time it is, you're still engaged two hours later detailing the equipment needed to create the gears of the watch.. ;op (luv ya, bud!) -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, September 02, 2004 5:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Using CMD As mentioned by others to do drive and folder switching at once cd /d driveletter:\folder cd /d c:\ or Driveletter: cd folder c: cd \ Even cooler, in my opinion pushd driveletter:\folder pushd c:\ That also works with unc's pushd \\server\share\folder\subfolder It creates the network drive for your and then CD's into it. Then when you want to go back to where you were before popd Combine that with a good prompt such as prompt=[$d $t] $M$+$_$P$G And you can see quite a bit about your current status: [Thu 09/02/2004 18:12:52.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:01.83] + D:\temppopd [Thu 09/02/2004 18:13:03.07] C:\temppushd d:\temp [Thu 09/02/2004 18:13:06.99] + D:\temppushd \\2k3exc01\d$ [Thu 09/02/2004 18:13:11.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:37.97] + D:\temppopd [Thu 09/02/2004 18:13:39.74] C:\temp One downside is pushd doesn't support cd some* where * means anything it can match to. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] distinguished name Question?
Hmmm. Me too. ;o) -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Thursday, September 02, 2004 5:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] distinguished name Question? I would say no. :o) joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike HogenauerSent: Thursday, September 02, 2004 2:46 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] distinguished name Question? Is it possible that you can have one object in Active Directory without distinguished name? Thanks Mike
[ActiveDir] user object security
In ADUC, on the security tab of any user, why is the everyone group selected to allow change password?
RE: [ActiveDir] user object security
So people can change passwords. :o) That is the permission that allows you to specify an old password and replace it with a new password. So for instance, lets say I as user joe want to change the password of user service. If I didn't have the right to change password, even if I know the old password, I can't change it. A common mistake is to think that Change Password gives the right to arbitrarily set the password to a value, that is the Set Password permission. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan CaseySent: Thursday, September 02, 2004 8:40 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] user object security In ADUC, on the security tab of any user, why is the everyone group selected to allow change password?
RE: [ActiveDir] Way OT - Using CMD
Haha. Man that will teach me to respond. Or maybe it will teach me to harass you on book length signatures. eg joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Thursday, September 02, 2004 8:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Way OT - Using CMD For cripes sake, joe - can't you just give a simple one or two line answer? Somebody asks you what time it is, you're still engaged two hours later detailing the equipment needed to create the gears of the watch.. ;op (luv ya, bud!) -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, September 02, 2004 5:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Using CMD As mentioned by others to do drive and folder switching at once cd /d driveletter:\folder cd /d c:\ or Driveletter: cd folder c: cd \ Even cooler, in my opinion pushd driveletter:\folder pushd c:\ That also works with unc's pushd \\server\share\folder\subfolder It creates the network drive for your and then CD's into it. Then when you want to go back to where you were before popd Combine that with a good prompt such as prompt=[$d $t] $M$+$_$P$G And you can see quite a bit about your current status: [Thu 09/02/2004 18:12:52.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:01.83] + D:\temppopd [Thu 09/02/2004 18:13:03.07] C:\temppushd d:\temp [Thu 09/02/2004 18:13:06.99] + D:\temppushd \\2k3exc01\d$ [Thu 09/02/2004 18:13:11.27] \\2k3exc01\d$ ++ X:\popd [Thu 09/02/2004 18:13:37.97] + D:\temppopd [Thu 09/02/2004 18:13:39.74] C:\temp One downside is pushd doesn't support cd some* where * means anything it can match to. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/