RE: [ActiveDir] help troubleshoot ntds general 1049 error
Thanks, Eric! So I've enabled LDAP loging at level 5, and from time to time it shows me a warning : : NTDS LDAP : (16) :1216 : 03.01.2005 : 22:00:11 : : MAINDC : LDAP - , 995. ( c06028b::731). (The LDAP server closed the socket because of error situation, 995 (INTERNAL CODE c06028b::731)) Left path of code always c06028b but the right differs from time to time (731, 1037,1615,1627,1439) I think this happens after some unsuccesiffully connection from our Exchange, does it help to explain anything? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Fleischman Sent: Sunday, January 02, 2005 8:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error By virtue of you being on 2000 and not 2003, you won't get an object DN in the event as we didn't pass it in to the event then. I don't recall what the logging looks like, but perhaps you could figure out the source from LDAP interface logging. On 2003 I know this to be true (short of lack of correlation on a massively loaded DSA, but this is probably still doable through some educated guessing), on 2000 I'm not sure, I don't look at the logs as often. I'd give it a try thoughturn ldap interface logging to 5, then next time you experience the issue look at the events surrounding the problem event, and see if you can figure out the ldap query being issued. Also, if they happen quazi-regularly, you could take a network trace and correlate time of the event with ldap query that came in over the wire, and probably figure it out that way. That has the added benefit of showing you the source IP, which I think ldap interface logging on 2000 would not show you (though I'll admit I'm not sure if the logging really wouldn't show that). It's unlikely you'll get to a state where things stop working, because whatever this is that is doing it has probably been doing it for a while, and probably will keep doing it for a while longer. So long as it gets the data it needs from the directory, it will probably be happy. But I appreciate wanting to get to root cause too. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Procenko Sent: Sunday, January 02, 2005 8:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error Thanks for clarification. There was not any object DN's, the Description field is just a text about not found root references and that's all. we dont have any external directories. I think the only application, which uses directory intensively is Exchange2000, but it seems to work fine too. The most important thing to me is that everything won't get worse, so one day AD won't stop working because of this, or Exchange. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brett Shirley Sent: Sunday, January 02, 2005 4:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] help troubleshoot ntds general 1049 error Not really. It is OK to not generate a superior reference. Superior references are really for people who have a advanced directory setups, and intentionally want unknown LDAP DNs to be referred to another directory service (i.e. another AD forest, or Novel NDS, or Sun iPlanet / SunONE servers). But this means that there is some application that is generating a garbage DN, in that it is asking your directory for a DN base that isn't rooted in any of your domains/config/schema NCs. What is the object DN in the event? Can you use that to guess at the errant app hitting your directory? Cheers, Brett Shirley [msft] This posting is provided AS IS with no warranties, and confers no rights. On Sun, 2 Jan 2005, Pete Procenko wrote: I see, I found some references about superiorDNSRoot at the MS's site, could You please recommend what to look for in AD to see where the trouble is? As far as I understood superiorDNSRoot is something dynamically generated, but in my case sometimes this generation fail, am I right? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Add users?
Thank you Sakari, interesting. So what are we going to do about it? how about if you post the instructions to modify the schema to show Employee ID in ADUC :) ? When I try to use the dsadd and pass an input file that has the users I want to create it says worng data format, C:\dsadd user -uci dsaddtest.csv dsadd failed:Value for `Target object for this command' has incorrect format. type dsadd /? for help. C:\ What should I do? also I get the same error if the file fromat is in .txt? thanx r.c. On Tue, 4 Jan 2005 01:50:11 +0200, Sakari Kouti [EMAIL PROTECTED] wrote: Hi, Another source for ADUC-to-LDAP mappings is on our book's Web site at http://www.kouti.com/tables.htm There is a direct HTML version, but the Excel version (included in a ZIP file) is much more convenient. It's a Windows 2000 version, but Windows Server 2003 didn't change the ADUC fields at all, so for this scope it's still current. Even though I made it I dare to recommend it. Among other things, it also documents what's in each property set. Who volunteers to write a control that adds a new tab to ADUC, including the EmployeeID? And better still, that control could enable you to modify any string or integer attribute that you define. Yours, Sakari List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Get me off this list
___ VISIT THE FRIENDS PROVIDENT INTERNATIONAL WEB SITE FOR ALL THE LATEST COMPANY, PRODUCT AND FUND NEWS website: http://www.fpinternational.com/ This e-mail is intended for the addressee only. It may contain confidential information and if you are not an authorised recipient you are requested to preserve the confidentiality and to notify us immediately at [EMAIL PROTECTED] The contents are not to be used copied or disclosed to anyone other than the addressee. Friends Provident International Limited Registered Head Office: Royal Court, Castletown, Isle of Man, British Isles, IM9 1RA Telephone: +44 1624 821212 Facsimile: +44 1624 824405 Incorporated company limited by shares. Registered in the Isle of Man No. 11494 Authorised by the Isle of Man Insurance and Pensions Authority and regulated by the Financial Services Authority for the conduct of investment business in the UK. Provider of life assurance and investment products. The rules and regulations made by the Financial Services Authority for the protection of investors will not normally apply to persons resident outside the United Kingdom. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP
That helps a great deal, thank you. Although I'll still need to know some of these limits, it looks like I'll have to go to regmon and find out. Brett, I appreciate the thought and understand that the leases are recorded in the DB, but it won't be one scope. It'll be multiple scopes. Thanks folks. This helps out a great deal. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick Sent: Monday, January 03, 2005 11:50 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DHCP If you are only concerned about the RSL - does it help to know that in XP and greater this isnt an issue? http://support.microsoft.com/default.aspx?scid=kb;en-us;292726 steve - Original Message - From: Brett Shirley [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Monday, January 03, 2005 8:45 PM Subject: RE: [ActiveDir] DHCP So I got the info I needed out of band. If you manage the entire 10.*.*.* as a single scope I suspect* that you won't have any worries. I happen to know that DHCP uses an ESE database, and looking at my sample DHCP DB (~66k records), it is quite clear** this is where it stores IPs it gives out. Ergo the size of the IP blocks is irrelevant to usage of registry, only the number of scopes you want to define. I suspect* (there is that word again), that just the definition of the scope is in the registry, but (I'm 87% sure of this part) the actual per IP storage is pushed off to ESE / JET Blue (no, not the same JET that is in Microsoft Access, that's JET Red). Cheers, Brett Shirley * suspect = really that just means I'm making this all up. ** by clear, I mean the columns are called HardwareAddress, IpAddress, LeaseTerminates, ServerName, etc ... On Mon, 3 Jan 2005, Brett Shirley wrote: Is the 10.*.*.* block a single scope? Cheers, Brett This posting is provided AS IS with no warranties, and confers no rights. On Mon, 3 Jan 2005, Roger Seielstad wrote: Well, my friend, you could always break out a copy of RegMon from Sysinternals and build a dozen or so representative scopes out on a lab box. That should give you the per scope cost info you're after. From there, it seems like the number you really want is the maximum registry size for a Win2k3 implementation. Personally, I never got the 80/20 split jazz. I always do 50/50 (or 100% on one server in my current config, but that's a whole other story - redundancy isn't terribly important for DHCP with the boxes I manage). Roger Seielstad E-mail Geek MS-MVP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, January 03, 2005 10:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP Thanks John. I saw that one as well, but it doesn't tell me enough information about how much of an impact I can expect on the registry. I understand the paging file and the RSL, but I can't get a solid amount of information about a) what to expect to be put in the registry *exactly* and b) what exactly each registry entry can possibly take in terms of size. A thousand scopes? Nice to hear, but that doesn't solve the problem for me. For more background, I currently have similar running across four servers in two network sites. No problem. What I want to do is isolate two different business types. As you can imagine from the domain name, we're a financial institution and we have retail branches across all lines of business. We also have back-office needs. To make this more reliable, I need to take into account the 8th layer and design accordingly. My current track is to simplify by separation and put the branch scopes on two servers and the rest/exceptions on the other two. To do that, I need to know the limits. The additional benefit of knowing the quantifiable benefits is the ability to predict capacity and lifespan of the solution. That obviously plays into lifecycle management planning of the solution. Due to the business nature of finacial organizations, I have to plan for twice the capacity of current. In practice, that means that I have to at least know the capacity abilities of the current solution or the future solution enough to know that if an acquisition occurs, I can either deploy more capacity else know that I can use the current to that scale. The docs I've found so far, including the one you posted and the information from Jorge were too high-level for what I'm after. I appreciate them but I still need additional information to make this design right. Thoughts? Thanks John, Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Reijnders Sent: Monday, January 03, 2005 11:29 AM To:
RE: [ActiveDir] wireless DC
Does that solve the original problem? I read that post differently. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Monday, January 03, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] wireless DC Ok. That is a different problem. Check out this article, which could be related to this problem: http://support.microsoft.com/default.aspx?scid=kb;en-us;840669 Also, I have had luck disabling DHCP media sense when I've had this problem, but that is not always the best solution. In any case, that is described here: http://support.microsoft.com/kb/239924 If neither works, then I would turn on verbose userenv logging and see what messages are being thrown on the profile failure. It could be something like slow link detection, which can alter the way roaming profiles are treated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Monday, January 03, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] wireless DC The first one802.11x on corporate networkall laptops with wireless option do not load roamin profil at logone Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Darren Mar-Elia Verzonden: dinsdag 4 januari 2005 1:31 Aan: ActiveDir@mail.activedir.org Onderwerp: RE: [ActiveDir] wireless DC What do you mean by wireless? Do you mean you have 802.11x on a corporate network and your roaming profiles aren't being loaded at logon or do you mean remote mobile machines VPN'ing into a corporate network over a wireless connection? The former calls for a different solution to the latter. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Monday, January 03, 2005 4:01 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] wireless DC Hi, Does anyone have a solution to authenticate wireless networking workstations on a DC? So the domain becomes available before logon...and the roaming profile can be loaded Would appreciate some help/suggestions. Grtz J List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script working for some users, and not for others?
Do you have a multiple domain forest? If so, the memberof attribute will not show group memberships if they are domain local groups in other domains. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Yes, it does have it. Its just not working for some people? They are all win2ksp4 and above. Thanks! jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Monday, January 03, 2005 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you also have Set adSysInfo = CreateObject(AdSystemInfo) before these 4 lines? Also, are the clients that are failing older than Win2k? If so, they need to have the AD client extension added. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadsadsysteminfo.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 12:41 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Script working for some users, and not for others? Hi all, I have this in my logion script, and for some users it works, and others the echo is blank? Set CurrentUser = GetObject(LDAP://; ADSysInfo.UserName) wscript.echo ADSysInfo.UserName strGroups = LCase(Join(CurrentUser.MemberOf)) wscript.echo strGroups Is there any known reason someone might share, or a caveat to using this method? Is there a more robust way to get group membership? Thanks! jlc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Add users?
The dsadd utility doesn't work with a csv file, if you want to use dsadd to bulk create users you will need to work up a .cmd file with each line having a dsadd command. Here we do this with Excel since our format is always the same we have predefined columns for the information that we need then we concatenate them into one column which pieces together the dsadd command so all you do is copy that column into a .cmd file and run it. Not too elegant, but it works. If you want to use a CSV file specifically then take a look at CSVDE. Be aware though that this won't allow you to set a password during user creation, you'd need to do that afterwards with another tool. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Tuesday, January 04, 2005 6:04 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Add users? Thank you Sakari, interesting. So what are we going to do about it? how about if you post the instructions to modify the schema to show Employee ID in ADUC :) ? When I try to use the dsadd and pass an input file that has the users I want to create it says worng data format, C:\dsadd user -uci dsaddtest.csv dsadd failed:Value for `Target object for this command' has incorrect format. type dsadd /? for help. C:\ What should I do? also I get the same error if the file fromat is in .txt? thanx r.c. On Tue, 4 Jan 2005 01:50:11 +0200, Sakari Kouti [EMAIL PROTECTED] wrote: Hi, Another source for ADUC-to-LDAP mappings is on our book's Web site at http://www.kouti.com/tables.htm There is a direct HTML version, but the Excel version (included in a ZIP file) is much more convenient. It's a Windows 2000 version, but Windows Server 2003 didn't change the ADUC fields at all, so for this scope it's still current. Even though I made it I dare to recommend it. Among other things, it also documents what's in each property set. Who volunteers to write a control that adds a new tab to ADUC, including the EmployeeID? And better still, that control could enable you to modify any string or integer attribute that you define. Yours, Sakari List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP
It may not be the registry that limits your servers' scalability. For instance the list of scopes could be loaded into a memory in a linked list, and thusly the scalability to many scopes degrades linearly (linear is usually unacceptable). Just a thought. Cheers, Brett Shirley On Tue, 4 Jan 2005, Mulnick, Al wrote: That helps a great deal, thank you. Although I'll still need to know some of these limits, it looks like I'll have to go to regmon and find out. Brett, I appreciate the thought and understand that the leases are recorded in the DB, but it won't be one scope. It'll be multiple scopes. Thanks folks. This helps out a great deal. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick Sent: Monday, January 03, 2005 11:50 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DHCP If you are only concerned about the RSL - does it help to know that in XP and greater this isnt an issue? http://support.microsoft.com/default.aspx?scid=kb;en-us;292726 steve - Original Message - From: Brett Shirley [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Monday, January 03, 2005 8:45 PM Subject: RE: [ActiveDir] DHCP So I got the info I needed out of band. If you manage the entire 10.*.*.* as a single scope I suspect* that you won't have any worries. I happen to know that DHCP uses an ESE database, and looking at my sample DHCP DB (~66k records), it is quite clear** this is where it stores IPs it gives out. Ergo the size of the IP blocks is irrelevant to usage of registry, only the number of scopes you want to define. I suspect* (there is that word again), that just the definition of the scope is in the registry, but (I'm 87% sure of this part) the actual per IP storage is pushed off to ESE / JET Blue (no, not the same JET that is in Microsoft Access, that's JET Red). Cheers, Brett Shirley * suspect = really that just means I'm making this all up. ** by clear, I mean the columns are called HardwareAddress, IpAddress, LeaseTerminates, ServerName, etc ... On Mon, 3 Jan 2005, Brett Shirley wrote: Is the 10.*.*.* block a single scope? Cheers, Brett This posting is provided AS IS with no warranties, and confers no rights. On Mon, 3 Jan 2005, Roger Seielstad wrote: Well, my friend, you could always break out a copy of RegMon from Sysinternals and build a dozen or so representative scopes out on a lab box. That should give you the per scope cost info you're after. From there, it seems like the number you really want is the maximum registry size for a Win2k3 implementation. Personally, I never got the 80/20 split jazz. I always do 50/50 (or 100% on one server in my current config, but that's a whole other story - redundancy isn't terribly important for DHCP with the boxes I manage). Roger Seielstad E-mail Geek MS-MVP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, January 03, 2005 10:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DHCP Thanks John. I saw that one as well, but it doesn't tell me enough information about how much of an impact I can expect on the registry. I understand the paging file and the RSL, but I can't get a solid amount of information about a) what to expect to be put in the registry *exactly* and b) what exactly each registry entry can possibly take in terms of size. A thousand scopes? Nice to hear, but that doesn't solve the problem for me. For more background, I currently have similar running across four servers in two network sites. No problem. What I want to do is isolate two different business types. As you can imagine from the domain name, we're a financial institution and we have retail branches across all lines of business. We also have back-office needs. To make this more reliable, I need to take into account the 8th layer and design accordingly. My current track is to simplify by separation and put the branch scopes on two servers and the rest/exceptions on the other two. To do that, I need to know the limits. The additional benefit of knowing the quantifiable benefits is the ability to predict capacity and lifespan of the solution. That obviously plays into lifecycle management planning of the solution. Due to the business nature of finacial organizations, I have to plan for twice the capacity of current. In practice, that means that I have to at least know the capacity abilities of the current solution or the future solution enough to know that if an acquisition occurs, I can either deploy more capacity else know that I can use the current to that scale. The
RE: [ActiveDir] Software License Management
Title: Message Computer Associates Unicenter Asset Management Dana From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Monday, January 03, 2005 1:55 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Software License Management I need to do some real software metering. X number of users using this piece of software at once on the network. SMS 2k3 doesn't provide this. Can anyone point me to a system that does? Thanks, Dave //SIGNED// David J. Perdue NetworkSecurity Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597
RE: [ActiveDir] Add users?
OK. The control I was talking about would require Visual Basic or C++ programming, and the result would be a binary DLL file. Fortunately, there is also a lighter script-based version. It doesn't create a new tab in user properties, but it appears in the context menu of the user. I copied the following lines from our book Inside Active Directory, and hope that our publisher wont sue me because of a copyright violation... 1. Using ADSI Edit, locate the user-Display object (in CN=409, CN=DisplaySpecifiers, CN=Configuration). 2. Select the adminContextMenu attribute. Add to the attribute the value 2, Employee ID, c:\test\employeeid.vbs (without quotes). Do not remove the existing values, and if number 2 is already in use, select a free number. 3. On the computer, where you will test or use ADUC, create the file c:\test\employeeid.vbs and add the lines from http://www.kouti.com/scripts.htm. I wrote the script today, but cannot post it until a couple of hours later. I'll put it under Bonus Material at the bottom of the page. 4. Start ADUC and right-click any user object, and you should see Employee ID in the context menu. Yours, Sakari -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Tuesday, January 04, 2005 1:04 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Add users? Thank you Sakari, interesting. So what are we going to do about it? how about if you post the instructions to modify the schema to show Employee ID in ADUC :) ? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Add users?
The control I was talking about would require Visual Basic or C++ programming, and the result would be a binary DLL file. I sent the above text a few minutes ago. Now I noticed that the Platform SDK actually says It is not currently possible to create an Active Directory property sheet extension using Visual Basic. Sorry about the error. Yours, Sakari List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows Server 2003 Clustering.
Afternoon all, Is there an easy (okay, easy...ish?) way to query a 2K3 cluster from the command-line for Tell me which cluster node is hosting this resource? The short back-story: I've clustered this monster document-imaging application that [1] doesn't understand clustering, and [2] creates access tokens for about half a dozen networked scanners based on the MAC address of the -server-. What this means is: wrong token? Scanners no workie. Which, in this scenario, equates to: cluster fail over? Scanners no workie. I'm trying to put something in a computer startup script that will do a simple (forgive the pseudocode.) If ScannerServiceClusterHost = Server1 Copy license1.txt c:\ Else // ScannerService running on server 2 Copy license2.txt c:\ But I haven't come up with the magical google search phrase to tell me how that first line should read. Thanks! Laura List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows Server 2003 Clustering.
the cluster.exe command that comes installed with the cluster service -Original Message- From: Hunter, Laura E. [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 2:13 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows Server 2003 Clustering. Afternoon all, Is there an easy (okay, easy...ish?) way to query a 2K3 cluster from the command-line for Tell me which cluster node is hosting this resource? The short back-story: I've clustered this monster document-imaging application that [1] doesn't understand clustering, and [2] creates access tokens for about half a dozen networked scanners based on the MAC address of the -server-. What this means is: wrong token? Scanners no workie. Which, in this scenario, equates to: cluster fail over? Scanners no workie. I'm trying to put something in a computer startup script that will do a simple (forgive the pseudocode.) If ScannerServiceClusterHost = Server1 Copy license1.txt c:\ Else // ScannerService running on server 2 Copy license2.txt c:\ But I haven't come up with the magical google search phrase to tell me how that first line should read. Thanks! Laura List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows Server 2003 Clustering.
http://labmice.techtarget.com/windows2000/Clustering/admin.htm Has several articles on clustering. http://labmice.techtarget.com/windows2000/Clustering/troubleshoot.htm This section covers troubleshooting. Also the Cluster.exe is a good place to look as well. Toddler (Newbee to clustering!) -Original Message- From: Hunter, Laura E. [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 2:13 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows Server 2003 Clustering. Afternoon all, Is there an easy (okay, easy...ish?) way to query a 2K3 cluster from the command-line for Tell me which cluster node is hosting this resource? The short back-story: I've clustered this monster document-imaging application that [1] doesn't understand clustering, and [2] creates access tokens for about half a dozen networked scanners based on the MAC address of the -server-. What this means is: wrong token? Scanners no workie. Which, in this scenario, equates to: cluster fail over? Scanners no workie. I'm trying to put something in a computer startup script that will do a simple (forgive the pseudocode.) If ScannerServiceClusterHost = Server1 Copy license1.txt c:\ Else // ScannerService running on server 2 Copy license2.txt c:\ But I haven't come up with the magical google search phrase to tell me how that first line should read. Thanks! Laura List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP
Return Receipt Your RE: [ActiveDir] DHCP document : was Bradley Schutter/Hill Holliday Advertising Inc./US received by: at: 01/04/2005 03:50:59 PM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script working for some users, and not for others?
Nope, small single forest. jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Tuesday, January 04, 2005 8:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you have a multiple domain forest? If so, the memberof attribute will not show group memberships if they are domain local groups in other domains. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Yes, it does have it. Its just not working for some people? They are all win2ksp4 and above. Thanks! jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Monday, January 03, 2005 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you also have Set adSysInfo = CreateObject(AdSystemInfo) before these 4 lines? Also, are the clients that are failing older than Win2k? If so, they need to have the AD client extension added. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadsadsysteminfo.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 12:41 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Script working for some users, and not for others? Hi all, I have this in my logion script, and for some users it works, and others the echo is blank? Set CurrentUser = GetObject(LDAP://; ADSysInfo.UserName) wscript.echo ADSysInfo.UserName strGroups = LCase(Join(CurrentUser.MemberOf)) wscript.echo strGroups Is there any known reason someone might share, or a caveat to using this method? Is there a more robust way to get group membership? Thanks! jlc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP
Return Receipt Your RE: [ActiveDir] DHCP document: wasJustin Leney/US/DCI received by: at:01/04/2005 04:42:25 PM This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script working for some users, and not for others ?
For those users that it returns blank, does this return blank as well? wscript.echo ADSysInfo.UserName Or just the for the groups? Can you post the rest of the code if any? That might be helpful as well. al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Tuesday, January 04, 2005 4:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Nope, small single forest. jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Tuesday, January 04, 2005 8:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you have a multiple domain forest? If so, the memberof attribute will not show group memberships if they are domain local groups in other domains. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Yes, it does have it. Its just not working for some people? They are all win2ksp4 and above. Thanks! jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Monday, January 03, 2005 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you also have Set adSysInfo = CreateObject(AdSystemInfo) before these 4 lines? Also, are the clients that are failing older than Win2k? If so, they need to have the AD client extension added. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadsadsysteminfo.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 12:41 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Script working for some users, and not for others? Hi all, I have this in my logion script, and for some users it works, and others the echo is blank? Set CurrentUser = GetObject(LDAP://; ADSysInfo.UserName) wscript.echo ADSysInfo.UserName strGroups = LCase(Join(CurrentUser.MemberOf)) wscript.echo strGroups Is there any known reason someone might share, or a caveat to using this method? Is there a more robust way to get group membership? Thanks! jlc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Script working for some users, and not for others ?
Sure, I will post it tomorrow. And check on the username issue! thanks, jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 04, 2005 2:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others ? For those users that it returns blank, does this return blank as well? wscript.echo ADSysInfo.UserName Or just the for the groups? Can you post the rest of the code if any? That might be helpful as well. al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Tuesday, January 04, 2005 4:33 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Nope, small single forest. jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Tuesday, January 04, 2005 8:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you have a multiple domain forest? If so, the memberof attribute will not show group memberships if they are domain local groups in other domains. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Yes, it does have it. Its just not working for some people? They are all win2ksp4 and above. Thanks! jlc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry Sent: Monday, January 03, 2005 2:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Script working for some users, and not for others? Do you also have Set adSysInfo = CreateObject(AdSystemInfo) before these 4 lines? Also, are the clients that are failing older than Win2k? If so, they need to have the AD client extension added. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadsadsysteminfo.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe L. Casale Sent: Monday, January 03, 2005 12:41 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Script working for some users, and not for others? Hi all, I have this in my logion script, and for some users it works, and others the echo is blank? Set CurrentUser = GetObject(LDAP://; ADSysInfo.UserName) wscript.echo ADSysInfo.UserName strGroups = LCase(Join(CurrentUser.MemberOf)) wscript.echo strGroups Is there any known reason someone might share, or a caveat to using this method? Is there a more robust way to get group membership? Thanks! jlc List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Software License Management
Title: Message That went away with SMS 2.0. It ran on a FoxPro db hahaha J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Monday, January 03, 2005 5:15 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Software License Management I can do that in SMS 2k3 natively. I when that X+1 user tries to run the app, I want them to be denied. Dave //SIGNED// David J. Perdue NetworkSecurity Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gonzalez, Thomas, ISD Sent: Monday, January 03, 2005 14:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Software License Management In SMS 2K3 you can create a software metering usage and you can get the plugin called SAM(http://www.extendedtools.com/) for SMS 2K3. Cheers: Thomas From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: Monday, January 03, 2005 3:55 PM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Software License Management I need to do some real software metering. X number of users using this piece of software at once on the network. SMS 2k3 doesn't provide this. Can anyone point me to a system that does? Thanks, Dave //SIGNED// David J. Perdue NetworkSecurity Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597 * If you are not the intended recipient of this e-mail, please notify the sender immediately. The contents of this e-mail do not amend any existing disclosures or agreements unless expressly stated. *
[ActiveDir] Setting up AD trusts
My company was recently purchased and I need to integrate my current Windows 2000 AD Domain with the new companies Windows 2003 AD Domain. I want to be able to migrate all my Current users, objects, etc, into the new domain without having to recreate everything. Then once all is done remove my current domain, leaving only the new one. My question is will setting up a trust between the 2 domains allow me to accomplish this or will I still have to manually recreate accounts, mailboxes and resources for my local users, also do I need to upgrade my Domain to 2003 first? Thanks in advance for any advice. Mike