RE: Re[2]: [ActiveDir] DNS naming confused
It is a good idea toown and registercompany.com. However, it is not a requirement. Considering the fact that it costs as little as $6 a year to register a domain these days, I don't see why you'd not want to register and own the domain anyway. However, if the domain name you intend to use is already registered by someone else, you can still use that name. It just means that your internal users and resources will not be able to contact the REAL external domain (at least not easily). Again, you can call your domain anything.anything.you.want and it won't make a difference. Thebig consideration for choosing your domain name is more political than technical. As for your exchange, your Exchange can live in CookieMonster.ok and accept mail for GottaCatchThemAll.pokemon. There is no big technical dependency that should influence your domain name choice as far as exchange is concerned. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP -Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: SvetaSent: Sat 10/16/2004 5:58 PMTo: Deji AkomolafeSubject: Re[2]: [ActiveDir] DNS naming confused Hi Deji, if I configure company.com do I have to have company.com domain registered with externally , I mean do I have to have actually this domain or I can call anything.com and not to woory about it ? -- Best regards, Sveta mailto:[EMAIL PROTECTED] Saturday, October 16, 2004, 5:42:00 PM, you wrote: You could name it anything you want. You could call it company.local. Or you could call it company.com. If you call it company.com, be prepared to host and maintain an internal company.com zone, which MUST be separate from your external company.com zone and must not be hosted on the same DNS server. The most important point (IMO) is that you MUST ensure that ALL your internal servers and clients are configured to use ONLY the INTERNAL DNS server(s) in TCP/IP. No room for external DNS servers anywhere in your internal Domain, except on the "Forwarders" tab of your DNS server configuration - if you want them to do forwarding. Another important thing is that you should NOT name it "company" (single-label). Single-label will hurt you. Hope I haven't confused you too much :) Sincerely, Dj Akmlf, MCSE MCSA MCP+I Microsoft MVP -Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Sveta Sent: Sat 10/16/2004 12:29 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS naming confused Hi I have scenario , one server win 2003 std , confused with the dns naming , we have company.com , but it hosted somewhere else mail and web , what I should name my new installation only one server 10 users file server ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS naming confused
I would simply suggest using a domain name of yourcompany.local for your installation size. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sveta Sent: 16 October 2004 20:29 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS naming confused Hi I have scenario , one server win 2003 std , confused with the dns naming , we have company.com , but it hosted somewhere else mail and web , what I should name my new installation only one server 10 users file server -- Best regards, Sveta mailto:[EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS6
I have a Windows 2003 running IIS6.0. It is a member server in our W2k AD. Every now and then users are required to authenticate to the website, which allows anonymous. Retyping in the anonymous account and password in IIS seems to fix this problem, but this is just a workaround. I am also running Cold Fusion server 4.52. Any thought? -Za
Re: [ActiveDir] OT: Wireless EAP-TLS, IAS, and certificates
Ken, If you are lucky enough to have all your clients with XP, you can use GPO to configure the Wireless policies. Check it out under Computer Configuration\Security Settings\Wireless network (IEEE 802.11) policies The link below should answer your questions regarding computer/user authentication (check the Notes section): http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/define_8021x_inGP.asp If you run into issues with XP pre-SP2, also take a look at the following wireless update rollup for XP: http://support.microsoft.com/default.aspx?scid=kb;en- us;826942Product=winxp. It did resolve some issues I was having. Not sure all this will work with W2K though - have not tested that yet. Cheers, Guy On Fri, 2004-10-08 at 11:06 -0500, Ken Cornetet wrote: Is there any way to force EAP-TLS wireless authentication to use machine certificates exclusively (instead of user certs) for client side authentication? Or better yet, require BOTH user and machine certs? Here's the setup: IBM Thinkpads with either integrated cisco 802.11b or Cisco cards. Running XP. Cisco access points MS Internet Authentication Server running on a non DC 2k3 box. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Upgrading functional levels
Excellent. I think I would quadruple check the RUS KB though... Unless you have worked with the specific MS person before considerably and wholly trust the individual I would really dig into it. You will almost certainly have gotten from them a caveat with any recommendation and that caveat being you should test this in your lab environment before doing so in production. MS will almost never give a straight up, you will be fine answer. The one time I ever got that everything will be fine response was when I was dumping info for MS PSS troubleshooting back in 2001 on a new 2K PDC and hung the machine for 5 minutes and impacted some unknown number of users (of a possible 60,000). At the very least get it in writing from MS why this will not cause a problem. It is sort of like that old Native American saying, Put your faith in MS, but row away from the rocks Err wait that was Put your faith in god, but row away from the rocks. Chances are you are using RUS and if so it will break once you increase your functional level and you aren't going back so you can only go forward. The only ways I am aware of that not being an issue are 1. Not using the RUS (very unlikely) 2. RUS running on Exchange 2003. 3. Regularly force a complete rebuild of RUS which is a bit intensive on AD and the RUS. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 16, 2004 10:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrading functional levels Joe, Thanks for the feedback. Those are the only article I could also find that had anything to do with exchange. Our Exchange admins have cleared us these issues. They said they spoke to MS and neither situation applies, so a raising I will go. Thanks again. Holland + Knight Travis Abrams MCSE, GCIH Systems Engineer Holland Knight LLP NOTICE: This e-mail is from a law firm, Holland Knight LLP (HK), and is intended solely for the use of the individual(s) to whom it is addressed. If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else. If you are not an existing client of HK, do not construe anything in this e-mail to make you a client unless it contains a specific statement to that effect and do not disclose anything to HK in reply that you expect it to hold in confidence. If you properly received this e-mail as a client, co-counsel or retained expert of HK, you should maintain its contents in confidence in order to preserve the attorney-client or work product privilege that may be available to protect confidentiality. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, October 16, 2004 8:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrading functional levels You can't raise the functional level of the forest unless you do not use the RUS and the ADC. They do not work with LVR which gets enabled Forest Functional Mode. See http://support.microsoft.com/?kbid=831809 (RUS) http://support.microsoft.com/?kbid=825916 (ADC) Unless you are migrating from 5.5 it is likely you aren't using the ADC. It is very unlikely you aren't using the RUS (no matter how much you would like not to). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 15, 2004 6:10 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Upgrading functional levels All, We have completed the replacement of our 2000 domain controllers with 2003 dc's. We use Exchange 2000. I was wondering if anyone could share any gotchas, problems, etc. with raising the functional levels to 2003. Thanks in advance. = Travis Abrams Systems Engineer Holland Knight LLP Tel: (863)-499-5705 Fax: (863)-499-5711 = -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Upgrading functional levels
Thanks Joe. We decided NOT to raise the Forest functional level just in case. I like the Native American saying. Holland + Knight Travis Abrams MCSE, GCIH Systems Engineer Holland Knight LLP NOTICE: This e-mail is from a law firm, Holland Knight LLP (HK), and is intended solely for the use of the individual(s) to whom it is addressed. If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else. If you are not an existing client of HK, do not construe anything in this e-mail to make you a client unless it contains a specific statement to that effect and do not disclose anything to HK in reply that you expect it to hold in confidence. If you properly received this e-mail as a client, co-counsel or retained expert of HK, you should maintain its contents in confidence in order to preserve the attorney-client or work product privilege that may be available to protect confidentiality. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, October 17, 2004 6:39 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrading functional levels Excellent. I think I would quadruple check the RUS KB though... Unless you have worked with the specific MS person before considerably and wholly trust the individual I would really dig into it. You will almost certainly have gotten from them a caveat with any recommendation and that caveat being you should test this in your lab environment before doing so in production. MS will almost never give a straight up, you will be fine answer. The one time I ever got that everything will be fine response was when I was dumping info for MS PSS troubleshooting back in 2001 on a new 2K PDC and hung the machine for 5 minutes and impacted some unknown number of users (of a possible 60,000). At the very least get it in writing from MS why this will not cause a problem. It is sort of like that old Native American saying, Put your faith in MS, but row away from the rocks Err wait that was Put your faith in god, but row away from the rocks. Chances are you are using RUS and if so it will break once you increase your functional level and you aren't going back so you can only go forward. The only ways I am aware of that not being an issue are 1. Not using the RUS (very unlikely) 2. RUS running on Exchange 2003. 3. Regularly force a complete rebuild of RUS which is a bit intensive on AD and the RUS. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 16, 2004 10:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrading functional levels Joe, Thanks for the feedback. Those are the only article I could also find that had anything to do with exchange. Our Exchange admins have cleared us these issues. They said they spoke to MS and neither situation applies, so a raising I will go. Thanks again. Holland + Knight Travis Abrams MCSE, GCIH Systems Engineer Holland Knight LLP NOTICE: This e-mail is from a law firm, Holland Knight LLP (HK), and is intended solely for the use of the individual(s) to whom it is addressed. If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else. If you are not an existing client of HK, do not construe anything in this e-mail to make you a client unless it contains a specific statement to that effect and do not disclose anything to HK in reply that you expect it to hold in confidence. If you properly received this e-mail as a client, co-counsel or retained expert of HK, you should maintain its contents in confidence in order to preserve the attorney-client or work product privilege that may be available to protect confidentiality. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, October 16, 2004 8:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Upgrading functional levels You can't raise the functional level of the forest unless you do not use the RUS and the ADC. They do not work with LVR which gets enabled Forest Functional Mode. See http://support.microsoft.com/?kbid=831809 (RUS) http://support.microsoft.com/?kbid=825916 (ADC) Unless you are migrating from 5.5 it is likely you aren't using the ADC. It is very unlikely you aren't using the RUS (no matter how much you would like not to). joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 15, 2004 6:10 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Upgrading functional levels All, We have completed the replacement of our 2000 domain controllers with 2003 dc's. We use Exchange 2000. I was wondering if anyone could share any gotchas, problems, etc. with raising
RE: [ActiveDir] Macs, LDAP Source
Yes, I agree, 10.3 is much easier, although in a 2k3 environment you will have problems mounting home drives on a 2k3 server because the mac samba client only use plain text passwords (whereas 2k3 disallows this by default). You can either allow it, which i wouldnt suggest, or mount your home drives on a machine other than 2k3. There is some speculation that 10.3.6 has some improvements in the way samba authenticates, but it is has not been confirmed yet. 10.3.6 is supposed to be out sometime within the next 30 days, if i remember correctly. If you do figure out how to mount home drives on a 2k3 file server with kerberos please let us know. From: [EMAIL PROTECTED] on behalf of Depp, Dennis M. Sent: Fri 10/15/2004 7:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Macs, LDAP Source Brian, You might want to look at upgrading to 10.3. Apple has improved on the AD info for 10.3. I've played with it a bit, but not enough to know if the fault tolerance is there or not. Denny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, October 14, 2004 10:18 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Macs, LDAP Source My asst managed to get OS X 10.2.SomeInt to authenticate to the AD here. I typed in my username and password and it was just as fast as logging in from an nt class box. Aside from the various implementation issues on the mac side, I have this dilemma: The Mac's are not actually AD aware - they just need an LDAP source. I could buy this cool program called ADmitMac which creates domain accounts for the Macs and emulates an NT box as far as user mgmt goes on the Mac. Cool, but, the quote was nearly as much as I paid for the OS X licenses. So, anyway, the mac needs a explicit dns hostname for ldap. I could give it one DC, but, if hat DC goes down, all my macs are F'ed. So, what I did is setup a round-robin with all the DCs in the site the macs are located in. I'm not totally satisfied with this workaround. It just seems sort of half-ass to me. It requires a certain degree of management, and if one of the DCs is down, a portion for the macs will need to be rebooted until they receive a referral from the DNS server in an order which includes a working DC first. Whilst I am not totally happy 100% with this solution, I don't have a better idea - anybody? I remember hearing about NLB for LDAP, which I think might do the trick, I've never used MS NLB - does it apply to this situation? Thanks. --Brian Desmond [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Payton on the web! www.wpcp.org http://www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
Re[2]: [ActiveDir] DNS naming confused
Hi Thanks to all for hekp I will do it tomorrow see how it goes , Thanks again -- Best regards, Sveta mailto:[EMAIL PROTECTED] Sunday, October 17, 2004, 6:21:40 AM, you wrote: I would simply suggest using a domain name of yourcompany.local for your installation size. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sveta Sent: 16 October 2004 20:29 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS naming confused Hi I have scenario , one server win 2003 std , confused with the dns naming , we have company.com , but it hosted somewhere else mail and web , what I should name my new installation only one server 10 users file server ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: uptime utility
Is there an uptime utility for 2k3 anywhere? One like the sysinternals (theirs doesnt seem to work on 2k3) that gives you percentage statistics. I didnt see a switch for systeminfo that gives such, just the uptime since last reboot. winmail.dat
RE: [ActiveDir] 2K3 documentation update? (WAS: Windows Server 2003 Security Weirdness)
I greatly value the knowledge that I've gained from this group and I love to be occasionally be able to give back. At the risk of making this seem too easy, here is the exact google query that I used: site:support.microsoft.com RestrictAnonymousSAM (without the quotes) I love the site: modifier May the google be with you g -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: Saturday, October 16, 2004 5:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 2K3 documentation update? (WAS: Windows Server 2003 Security Weirdness) Your google-fu appears to be very strong young one... :o) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Friday, October 15, 2004 5:18 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] 2K3 documentation update? (WAS: Windows Server 2003 Security Weirdness) 823659 328459 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Friday, October 15, 2004 2:07 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] 2K3 documentation update? (WAS: Windows Server 2003 Security Weirdness) Remember my I'm getting hammered with brute-force attacks as if 'Do not allow enumeration of SAM' setting wasn't there even though it is problem? Found the solution today. Remember the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymou s key in 2000, that you needed to set to 2 to do any good? Seems that's been deprecated in 2003, and the new correct value is split into 2 registry keys: ..\RestrictAnonymous=1 ..\RestrictAnonymousSAM=1 Now, I've obviously only done this on my network, but I can tell you that a setting of 2 in ..\RestrictAnonymous had me wide open and getting hammered by account enumeration attacks, whereas changing it to a 1 now has my IPC$ share behaving the way I thought it should've been. The kicker? I can't find any mention of the change in an MS Article (though Deji or someone will doubtless prove me wrong in about 5 seconds with their superior Google-fu skills :-)). And the Windows Server 2003 Deployment Kit actually references 2 as a valid entry for ..\RestrictAnonymous. Can anyone confirm or deny this before I go making a fool out of myself by submitting an incorrect or redundant KB article? Laura E. Hunter MCSE, MVP - Windows Networking University of Pennsylvania List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] uptime utility
Title: RE: [ActiveDir] Macs, LDAP Source it's called uptime. As in uptime.exe. It tells me the following: file://myServer/ has been up for:93 day(s), 14 hour(s), 19 minute(s), 42 second(s) Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP -Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Douglas M. LongSent: Sun 10/17/2004 6:58 PMTo: [EMAIL PROTECTED]Subject: OT: uptime utility Is there an uptime utility for 2k3 anywhere? One like the sysinternals (theirs doesnt seem to work on 2k3) that gives you percentage statistics. I didnt see a switch for systeminfo that gives such, just the uptime since last reboot. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Wireless EAP-TLS, IAS, and certificates
Just an FYI, that you need a Win2003 AD schema (no just XP on the client side) to be able to support Wireless Policy, because the 2003 schema adds a new class to support wireless policy objects. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Sent: Sunday, October 17, 2004 3:13 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Wireless EAP-TLS, IAS, and certificates Ken, If you are lucky enough to have all your clients with XP, you can use GPO to configure the Wireless policies. Check it out under Computer Configuration\Security Settings\Wireless network (IEEE 802.11) policies The link below should answer your questions regarding computer/user authentication (check the Notes section): http://www.microsoft.com/resources/documentation/WindowsServ/2003/standa rd/proddocs/en-us/define_8021x_inGP.asp If you run into issues with XP pre-SP2, also take a look at the following wireless update rollup for XP: http://support.microsoft.com/default.aspx?scid=kb;en- us;826942Product=winxp. It did resolve some issues I was having. Not sure all this will work with W2K though - have not tested that yet. Cheers, Guy On Fri, 2004-10-08 at 11:06 -0500, Ken Cornetet wrote: Is there any way to force EAP-TLS wireless authentication to use machine certificates exclusively (instead of user certs) for client side authentication? Or better yet, require BOTH user and machine certs? Here's the setup: IBM Thinkpads with either integrated cisco 802.11b or Cisco cards. Running XP. Cisco access points MS Internet Authentication Server running on a non DC 2k3 box. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS naming confused
Actually, the use of .local may become more of a problem if ZeroConf IP takes hold. http://files.zeroconf.org/draft-ietf-zeroconf-ipv4-linklocal.txt It is already a technology built-in to the current Macintosh OS and is no doubt elsewhere. Using .local causes havoc with these other OS machines. You might use something like .loc or .private. Or, register another domain that you will never use in the outside world but IS globally unique (e.g., inside-company.com). -- nme -Original Message- From: Robert Rutherford [mailto:[EMAIL PROTECTED] Sent: Sunday, October 17, 2004 3:22 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS naming confused I would simply suggest using a domain name of yourcompany.local for your installation size. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sveta Sent: 16 October 2004 20:29 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS naming confused Hi I have scenario , one server win 2003 std , confused with the dns naming , we have company.com , but it hosted somewhere else mail and web , what I should name my new installation only one server 10 users file server -- Best regards, Sveta mailto:[EMAIL PROTECTED] ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/