RE: [ActiveDir] Question on Replication Topology
Funny that - I lost mine when I JOINED Microsoft. I was told that it might be hard to get as my job doesn't require access to source... Rick P.S. I say just plain blech They're great for throwing As to eating - Have no use for them. :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Tuesday, August 16, 2005 12:59 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology I am fortunate enough to be provided with source access by Microsoft. Actually, I say Tom-arto since I'm British. ;0) -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 1:37 PM To: ActiveDir@mail.activedir.org; Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology No Problem at all.. You say Tomato I say Tamato..I also misunderstood his question as I assumed him meant DC's and not GC's. Thanks for clarifying this is more detail. BTW: How did you get to look at the source code? Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dean Wells Sent: Tuesday, August 16, 2005 10:08 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Jose, I don't wish to continue going back and forth on this topic, the behavior and constraints are what they are. I'm not stating an opinion or an interpretation of a paper, I'm stating a fact based upon the source code of the product (as of 2K and 2K3). Your understanding of the articles you've read is very close but not entirely accurate. Phantoms of this kind are not permitted on GCs ... this is manifested in the interface when you attempt to add a user to a Universal group but the user has not yet replicated to the GC (an error will occur stating exactly that), if phantoms were permitted one would be created based on the info. from the DC used to browse the domain containing the user. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 12:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I am afraid not... One of the common replies and misunderstood rumors is that the Infrastructure Master (IM) is only allowed to run on a Global Catalog Server (GC) if every Domain Controller (DC) in the Forest is Global Catalog Server. That rumor is just based on misleading wording. The infrastructure masters job is to compare objects of the local domain against objects in other domains of the same forest. If the server holding the infrastructure master is also a global catalog it won't ever see any differences, since the global catalog holds a partitial copy of every object in the forest itself. Therefore the infrastructure master won't do anything in its domain. However if every DC in the Domain is also global catalog server there's no job for the IM since the GC already knows about the objects of other domains. So if you look at the job the IM has to do, it's pretty clear that it may reside on a GC if it's a single domain forest (no need to pull updates from other domains). It's also pretty clear that it may reside on a GC if it's in a multiple domain forest but every DC in the domain where the IM runs on the GC are also GCs (no need to pull updates since the GC knows everything). So the following infrastructure is a valid configuration: One domain: R-DC1 (GC + IM) R-DC2 (GC) R-DC3-x (must be GC) Other domain: O-DC1 (GC) O-DC2 (IM) O-DC3-x (might or might not be GC, does not matter) The first domain does not need to pull updates since the GCs know everything, the other domain has the IM running on a non-GC so it pulls the updates and replicates them to other DCs. The following KB states that correctly: http://support.microsoft.com/kb/223346/EN-US/ So to be short: The Infrastructure Master is not allowed to run on a Global Catalog Server if either there are multiple Domains in the Forest there are Domain Controllers in the same Domain which are not Global Catalog Servers The Infrastructure Master is allowed to run on a Global Catalog Server in a Domain if either there's only one Domain in the Forest every Domain Controller in the Domain in question is Global Catalog Server --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dean Wells Sent: Tuesday, August 16, 2005 8:26 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology I'm afraid it's not correct, when all DCs are GCs (within a single domain), the IM can happily co-reside with a GC. I'd also mention that the impact
RE: [ActiveDir] Question on Replication Topology
Dean, what did you mean by the last line, indicated here? The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC - (beneath the awareness of the directory itself). Cheers, BrettSh On Tue, 16 Aug 2005, Francis Ouellet wrote: Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me to comment on a snippet just to be sure we're on the same page: DEJI IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating phantoms because it is also acting as a GC, then the facility does not exist for the non-GC DCs to use. /DEJI The DCs that are NOT GCs still can reference the object since it's replicated in after the phantom is created, however if your GC is on the IM ***AND*** you DO NOT have ALL DCs as GCs then the DCs which are GCs will not ever update the objects when they are renamed since there aren't any phantoms to update on the GC. And Dean, Brett, or Eric will hopefully correct me if I'm wrong but any DC can and will create the phantom when necessary (or will it be the IM or PDC which actually 'creates' the phantom??) but it's the IMs job to update them...I think from the IM's perspective that it really doesn't care how they are created, its job is to just keep them accurate. That part I'm not 100% clear on so I hope someone straightens it out for me / us. Dean, Brett, or Eric...it's getting kinda deep here, can you clarify some of these things if possible? Thanks! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 2:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Your conclusion sounds good to me. When I talk about this IM/GC thingy, this is how I present it (to non- or semi-technical CxOs): In a multi-Domain environment: Each domain needs to know something about objects in the other domain. A GC in one domain knows something about objects in other domains in a multi-domain environment. An IM provides references to objects in OTHER domains by creating phantoms of those objects. These phantoms are used by other DCs in the IM's domain (who are not GCs) when they need to reference those objects that exist in the OTHER domain. These phantoms are NOT used by GCs because they already have a way to reference these objects. Now, IF a GC is also the IM, it will NOT create phantoms BECAUSE it already knows about those objects that exist in the OTHER domain. IF
RE: [ActiveDir] GPO with folder redirection not applying against machines OU
Dear Andrew, Thanks again. I can see it now showing up in the results now that the policies have refreshed although It still doesnt show up in the modeler Im not so worried about that as its working, thanks for the help on the loopback option. Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cace, Andrew Sent: 16 August 2005 16:59 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO with folder redirection not applying against machines OU Robert, I can't replicate your situation. I created a GPO, configured folder redirection in the user portion of the GPO and loopback processing in replace mode in the computer portion of the GPO, in Replace mode. When I ran the modeling wizard, the Summary tab shows the policy applying and the Settings tab shows the folder redirection under the computer portion of the GPO. -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Dale Sent: Tuesday, August 16, 2005 9:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO with folder redirection not applying against machines OU Dear Andrew, Thanks. I tried this and although it shows the loopback policy option in the modeling report once rerun it does not show the folder redirection, could this be a weakness in the modeler and that it simply will show up when the users login ? Robert Dale From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cace, Andrew Sent: 16 August 2005 15:37 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO with folder redirection not applying against machines OU Robert, Check out Loopback Processing. This will allow user policies to be applied based upon the AD location of the computer. See the following link for details: http://support.microsoft.com/?kbid=231287 -Andrew From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Dale Sent: Tuesday, August 16, 2005 8:04 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO with folder redirection not applying against machines OU Ive setup OU for my citrix farm and for my users then created a GPO called FR that only contains the folder redirection information in it and linked this to the OU that all my Citrix servers are in however when I run the modeling wizard the gpo is never shown unless I place a link for it in the users OU however I only want the folder redirection to apply when the users log into the citrix server not for there local desktops. If I add any entries in the machine part of the GPO none of them are applied only the user parts are applied as the winning GPO. I dont have folder redirection enable in any other GPOs. Its not just with folder redirection any change I make that is machine related doesnt show up, inspite of the fact that I have the GPO enabled for both user and computer configuration. Any ideas or work around so that I can have folder redirection only for users logging into specific machines ?
RE: [ActiveDir] Question on Replication Topology
... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 4:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Dean, what did you mean by the last line, indicated here? The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC - (beneath the awareness of the directory itself). Cheers, BrettSh On Tue, 16 Aug 2005, Francis Ouellet wrote: Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me to comment on a snippet just to be sure we're on the same page: DEJI IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating phantoms because it is also acting as a GC, then the facility does not exist for the non-GC DCs to use. /DEJI The DCs that are NOT GCs still can reference the object since it's replicated in after the phantom is created, however if your GC is on the IM ***AND*** you DO NOT have ALL DCs as GCs then the DCs which are GCs will not ever update the objects when they are renamed since there aren't any phantoms to update on the GC. And Dean, Brett, or Eric will hopefully correct me if I'm wrong but any DC can and will create the phantom when necessary (or will it be the IM or PDC which actually 'creates' the phantom??) but it's the IMs job to update them...I think from the IM's perspective that it really doesn't care how they are created, its job is to just keep them accurate. That part I'm not 100% clear on so I hope someone straightens it out for me / us. Dean, Brett, or Eric...it's getting kinda deep here, can you clarify some of these things if possible? Thanks! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 2:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Your conclusion sounds good to me. When I talk about this IM/GC thingy, this is how I present it (to non- or semi-technical CxOs): In a multi-Domain environment: Each domain needs to know something about objects in the other
RE: [ActiveDir] Question on Replication Topology
Please feel free, I'll happily do what I can ... -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Tuesday, August 16, 2005 10:38 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me to comment on a snippet just to be sure we're on the same page: DEJI IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating phantoms because it is also acting as a GC, then the facility does not exist for the non-GC DCs to use. /DEJI The DCs that are NOT GCs still can reference the object since it's replicated in after the phantom is created, however if your GC is on the IM ***AND*** you DO NOT have ALL DCs as GCs then the DCs which are GCs will not ever update the objects when they are renamed since there aren't any phantoms to update on the GC. And Dean, Brett, or Eric will hopefully correct me if I'm wrong but any DC can and will create the phantom when necessary (or will it be the IM or PDC which actually 'creates' the phantom??) but it's the IMs job to update them...I think from the IM's perspective that it really doesn't care how they are created, its job is to just keep them accurate. That part I'm not 100% clear on so I hope someone straightens it out for me / us. Dean, Brett, or Eric...it's getting kinda deep here, can you clarify some of these things if possible? Thanks! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 2:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Your conclusion sounds good to me. When I talk about this IM/GC thingy, this is how I present it (to non- or semi-technical CxOs): In a multi-Domain environment: Each domain needs to know something about objects in the other domain. A GC in one domain knows something about objects in other domains in a multi-domain environment. An IM provides references to objects in OTHER domains by creating phantoms of those objects. These phantoms are used by other DCs in the IM's domain (who are not GCs) when they need to reference those objects that exist in the OTHER domain. These phantoms are NOT used by GCs because they already have a way to reference these objects. Now, IF a GC is also the IM, it will NOT create phantoms BECAUSE it already knows about those objects that exist in the OTHER domain. IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating
RE: [ActiveDir] Question on Replication Topology
Yeah, that's what I thought you might mean ... that's not true. The process of injecting a phantom is carried out by the directory service itself. It's in the AD's dblayer code, barely above ESE, but it is still a behavior of the the DS not ESE. ESE has no idea what it is doing when a phantom is inserted, it's just 3 int columns to ESE, it has no concept of what a phantom is. link pairs (i.e. the 3 ints, forward link DNT, backlink DNT, and linkbase (=LinkID/2)) is how AD decided to use ESE to represent references for itself. Did that make sense? Cheers, -BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 4:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Dean, what did you mean by the last line, indicated here? The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC - (beneath the awareness of the directory itself). Cheers, BrettSh On Tue, 16 Aug 2005, Francis Ouellet wrote: Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me to comment on a snippet just to be sure we're on the same page: DEJI IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating phantoms because it is also acting as a GC, then the facility does not exist for the non-GC DCs to use. /DEJI The DCs that are NOT GCs still can reference the object since it's replicated in after the phantom is created, however if your GC is on the IM ***AND*** you DO NOT have ALL DCs as GCs then the DCs which are GCs will not ever update the objects when they are renamed since there aren't any phantoms to update on the GC. And Dean, Brett, or Eric will hopefully correct me if I'm wrong but any DC can and will create the phantom when necessary (or will it be the IM or PDC which actually 'creates' the phantom??) but it's the IMs job to update them...I think from the IM's perspective that it really doesn't care how they are
RE: [ActiveDir] Question on Replication Topology
Oh and I wasn't very clear, the link pair in the link table isn't the actual phantom ... the phantom is one referential phantom record, and zero or more structural phantoms records in the datatable ... the fact that AD wants to add a DN reference between two objects to the table is what makes the phantom necessary, and AD creates the phantomn if it doesn't exist. Cheers again, -B On Wed, 17 Aug 2005, Brett Shirley wrote: Yeah, that's what I thought you might mean ... that's not true. The process of injecting a phantom is carried out by the directory service itself. It's in the AD's dblayer code, barely above ESE, but it is still a behavior of the the DS not ESE. ESE has no idea what it is doing when a phantom is inserted, it's just 3 int columns to ESE, it has no concept of what a phantom is. link pairs (i.e. the 3 ints, forward link DNT, backlink DNT, and linkbase (=LinkID/2)) is how AD decided to use ESE to represent references for itself. Did that make sense? Cheers, -BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 4:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Dean, what did you mean by the last line, indicated here? The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC - (beneath the awareness of the directory itself). Cheers, BrettSh On Tue, 16 Aug 2005, Francis Ouellet wrote: Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me to comment on a snippet just to be sure we're on the same page: DEJI IF the IM does not create phantoms, then the DCs that are not GCs do not have a way to reference those objects that exist in the OTHER Domain. These DCs who are not GCs rely on the IM to provide this facility, but since the IM has stopped creating phantoms because it is also acting as a GC, then the facility does not exist for the non-GC DCs to use. /DEJI The DCs that are NOT GCs still can reference the object since it's replicated in after
RE: [ActiveDir] Question on Replication Topology
Nod, I understand your point but, to me, it's a matter of perspective -- where does the directory begin and end? From a developers standpoint, the directory may well be a whole component neatly organized into a single area of a source tree. From my perspective, the term directory (in this context) is used to relay the concept of a (mostly) standards based component with predictable features, interfaces, behaviors, structures, underlying mechanisms, etc. Any documentation deemed a 'standard' upon which any directory service can even remotely claim to be based doesn't incorporate the specifics of the underlying store. As such, I don't define the dblayer as part of the directory ... its purpose is to abstract such specifics. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 8:27 AM To: ActiveDir@mail.activedir.org Cc: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Yeah, that's what I thought you might mean ... that's not true. The process of injecting a phantom is carried out by the directory service itself. It's in the AD's dblayer code, barely above ESE, but it is still a behavior of the the DS not ESE. ESE has no idea what it is doing when a phantom is inserted, it's just 3 int columns to ESE, it has no concept of what a phantom is. link pairs (i.e. the 3 ints, forward link DNT, backlink DNT, and linkbase (=LinkID/2)) is how AD decided to use ESE to represent references for itself. Did that make sense? Cheers, -BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 4:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Dean, what did you mean by the last line, indicated here? The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC - (beneath the awareness of the directory itself). Cheers, BrettSh On Tue, 16 Aug 2005, Francis Ouellet wrote: Dean and all; This has been a great topic so far. It seems that the IM infrastructure role isn't quite grasped by everybody and can be a little confusing (me being first confused!) Can I suggest that we gather all of the information from this thread and publish it as a community article on the MS KB we can later refer to? I'm willing to whip up the article if everyone agrees; I can then post back to the list a draft (or publish it somewhere) for technical review. Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: August 16, 2005 3:44 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Sounds good to me Robert. For the sake of clarification and a little more detail, see below - The IM process itself does not create phantoms, if it were exclusively responsible for that task, all group modifications referencing non-local-domain members would require origination against the IM -- this is not the case. Phantoms are created locally by each DC (beneath the awareness of the directory itself). The well-known role of the IM is to identify the validity of local phantoms using the process that we've just recently described to death. In addition, a lesser known function of the IM is that of improving its own phantoms and replicating those improvements to the remaining DCs within its own domain. This is achieved by a 'sorta' replication proxy -- my earlier post describing an ADFIND.EXE syntax outlines a means of finding the objects used by this aspect of the IM's behavior (that's assuming you're interested of course). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I like your explanation...please allow me
[ActiveDir] HP teaming
Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Recovery console
I installed win2k3 standard sp1 and now when I run winnt32 /cmdcons, I get an error that the verison on disk is newer than the verison on the cd. I get the same error when I run it from the extracted sp1 folder as well. my question is, is there anyway to get around this besides slipstreaming the sp? thanks a lot. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] HP teaming
I've had great success using nic teaming on all my DCs running on hp Proliant hardware. They were all configured for FT. Make sure the network side of things fully supports it though, we had to upgrade a few catalyst switches for this to work correctly (I think it was an ARP issue) I'd suggest trying it on a member server first to make sure your networking hardware is capable of supporting it correctly. One last thing, are those DCs currently in place or you're considering nic teaming for future deployments? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:24 AM To: activedirectory Subject: [ActiveDir] HP teaming Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Property Sets?
Title: Property Sets? Great info! Thanks Francis! :m:dsm:cci:mvp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Tuesday, August 16, 2005 10:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Property Sets? Hi Marcus, The best source of information I was able to gather on property sets were from the Sakari Kouti and Mika Seitsonen book called Inside ActiveDirectory from Addison-Wesley. Best 50$ I ever spent in my life. I consider it the AD bible. You get the exact steps on how to create new attributes, assign permissions for them and put them into a property set (in chapter 9) Hope this helps! Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: August 16, 2005 5:09 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Property Sets? Anyone have a good link detailing how to create and administer (e.g. apply permission) to property sets? Thanks! m
Re: [ActiveDir] HP teaming
They are member servers right now with no teaming. About to become DC's. Do you have anything against switch assisted load balancing? Also, which model catalyst did you have an issue with? Thanks a lot! On 8/17/05, Francis Ouellet [EMAIL PROTECTED] wrote: I've had great success using nic teaming on all my DCs running on hp Proliant hardware. They were all configured for FT. Make sure the network side of things fully supports it though, we had to upgrade a few catalyst switches for this to work correctly (I think it was an ARP issue) I'd suggest trying it on a member server first to make sure your networking hardware is capable of supporting it correctly. One last thing, are those DCs currently in place or you're considering nic teaming for future deployments? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:24 AM To: activedirectory Subject: [ActiveDir] HP teaming Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] HP teaming
Tom, I'd set up teaming asap before they are promoted. This way they'll register the proper IP in DNS right away. The problematic catalyst were 2850s (that was well over 18 months ago so any hardware running the latest IOS *should* be fine (we patched each nic in a different switch for fault tolerance) As for load balancing I've don't have any experience with it. Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:51 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] HP teaming They are member servers right now with no teaming. About to become DC's. Do you have anything against switch assisted load balancing? Also, which model catalyst did you have an issue with? Thanks a lot! On 8/17/05, Francis Ouellet [EMAIL PROTECTED] wrote: I've had great success using nic teaming on all my DCs running on hp Proliant hardware. They were all configured for FT. Make sure the network side of things fully supports it though, we had to upgrade a few catalyst switches for this to work correctly (I think it was an ARP issue) I'd suggest trying it on a member server first to make sure your networking hardware is capable of supporting it correctly. One last thing, are those DCs currently in place or you're considering nic teaming for future deployments? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:24 AM To: activedirectory Subject: [ActiveDir] HP teaming Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Question on Replication Topology
You're trying to weasel your way out of taking responsibility for your misunderstanding or misstatement ... ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. If I seperate that into two statements like so ... ... that the process of injecting the phantom isn't a behavioral requirement imposed out by the directory service itself. and ... that the process of injecting the phantom isn't a behavior carried out by the directory service itself. ... with the first you could argue (as you just did) that you were talking about DS in the generic sense. And in that sense I might half-heartedly agree with you, the phantom stuff perhaps isn't a behavioral requirement ... But that wasn't what you were really saying, (well seemed to me) it was more the 2nd, which subltely changes the meaning of DS to be about the DS as a specific component and implementation, because you go on to mention the database componet of the stack thusly: It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). Imagine an alternate reality where AD ran against SQL as it's store, would you have said this: ... that the process of injecting the phantom isn't a behavior carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by SQL to provide uniform representation of object references (i.e. link pairs). I don't think you would've made that claim. Everyone would say, SQL doesn't provides object references. No the DS decided to store object references in SQL that way. Just because the phantom is an implementation detail, doesn't mean it's an implementation detail in the database vs. in the directory service component. There are alot of implementation specifics in the DS. The phantom stuff is an implementation detail of the DS proper (and the dblayer therein), not ESE. If you want to seperate the dblayer that's fine, but combining it with ESE moves people farther from true understanding. Exchange, MSN Desktop Search, DHCP, and don't use that dblayer code, nor have phantoms / DN references / link pairs / etc, yet they store in ESE. Besides, I thought you liked to understand how this stuff actually works? Otherwise, why am I bothering to read your posts? SO you either misstated or misunderstood ... I'll forgive you either way. Cheers, BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: Nod, I understand your point but, to me, it's a matter of perspective -- where does the directory begin and end? From a developers standpoint, the directory may well be a whole component neatly organized into a single area of a source tree. From my perspective, the term directory (in this context) is used to relay the concept of a (mostly) standards based component with predictable features, interfaces, behaviors, structures, underlying mechanisms, etc. Any documentation deemed a 'standard' upon which any directory service can even remotely claim to be based doesn't incorporate the specifics of the underlying store. As such, I don't define the dblayer as part of the directory ... its purpose is to abstract such specifics. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 8:27 AM To: ActiveDir@mail.activedir.org Cc: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Yeah, that's what I thought you might mean ... that's not true. The process of injecting a phantom is carried out by the directory service itself. It's in the AD's dblayer code, barely above ESE, but it is still a behavior of the the DS not ESE. ESE has no idea what it is doing when a phantom is inserted, it's just 3 int columns to ESE, it has no concept of what a phantom is. link pairs (i.e. the 3 ints, forward link DNT, backlink DNT, and linkbase (=LinkID/2)) is how AD decided to use ESE to represent references for itself. Did that make sense? Cheers, -BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 4:24 AM To:
[ActiveDir] OT:Exchange 2003 SP1 bloat
OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] HP teaming
What problem do you have (or are trying to prevent) that makes you want to set up teaming? I only ask because you will be adding complexity to your environment that may not be justified by the perceived benefit. On the other hand, maybe it will... Hunter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:51 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] HP teaming They are member servers right now with no teaming. About to become DC's. Do you have anything against switch assisted load balancing? Also, which model catalyst did you have an issue with? Thanks a lot! On 8/17/05, Francis Ouellet [EMAIL PROTECTED] wrote: I've had great success using nic teaming on all my DCs running on hp Proliant hardware. They were all configured for FT. Make sure the network side of things fully supports it though, we had to upgrade a few catalyst switches for this to work correctly (I think it was an ARP issue) I'd suggest trying it on a member server first to make sure your networking hardware is capable of supporting it correctly. One last thing, are those DCs currently in place or you're considering nic teaming for future deployments? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:24 AM To: activedirectory Subject: [ActiveDir] HP teaming Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Question on Replication Topology
Completely agree. I love the spirited discussions on this alias. I learn a lot. But I have also learned to respect those on it, and speaking in a demeaning way is just not something I would ever want to see creep in here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Wednesday, August 17, 2005 11:25 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology As is often the case, your response is rude and comes across as little more than an effort to belittle others ... me in this case. You don't address my singular point; that the directory is a standard, the underlying database is not part of that definition. In my opinion, my original and subsequent posts remain accurate. Your opinion is, of course, your own and it could easily be conveyed in a less insulting and less patronizing manner were you to bother yourself with the additional effort. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 11:37 AM To: ActiveDir@mail.activedir.org Cc: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology You're trying to weasel your way out of taking responsibility for your misunderstanding or misstatement ... ... that the process of injecting the phantom isn't a behavioral requirement imposed or carried out by the directory service itself. If I seperate that into two statements like so ... ... that the process of injecting the phantom isn't a behavioral requirement imposed out by the directory service itself. and ... that the process of injecting the phantom isn't a behavior carried out by the directory service itself. ... with the first you could argue (as you just did) that you were talking about DS in the generic sense. And in that sense I might half-heartedly agree with you, the phantom stuff perhaps isn't a behavioral requirement ... But that wasn't what you were really saying, (well seemed to me) it was more the 2nd, which subltely changes the meaning of DS to be about the DS as a specific component and implementation, because you go on to mention the database componet of the stack thusly: It is a requirement imposed by the underlying database and is necessary because of the mechanism used by ESE to provide uniform representation of object references (i.e. link pairs). Imagine an alternate reality where AD ran against SQL as it's store, would you have said this: ... that the process of injecting the phantom isn't a behavior carried out by the directory service itself. It is a requirement imposed by the underlying database and is necessary because of the mechanism used by SQL to provide uniform representation of object references (i.e. link pairs). I don't think you would've made that claim. Everyone would say, SQL doesn't provides object references. No the DS decided to store object references in SQL that way. Just because the phantom is an implementation detail, doesn't mean it's an implementation detail in the database vs. in the directory service component. There are alot of implementation specifics in the DS. The phantom stuff is an implementation detail of the DS proper (and the dblayer therein), not ESE. If you want to seperate the dblayer that's fine, but combining it with ESE moves people farther from true understanding. Exchange, MSN Desktop Search, DHCP, and don't use that dblayer code, nor have phantoms / DN references / link pairs / etc, yet they store in ESE. Besides, I thought you liked to understand how this stuff actually works? Otherwise, why am I bothering to read your posts? SO you either misstated or misunderstood ... I'll forgive you either way. Cheers, BrettSh On Wed, 17 Aug 2005, Dean Wells wrote: Nod, I understand your point but, to me, it's a matter of perspective -- where does the directory begin and end? From a developers standpoint, the directory may well be a whole component neatly organized into a single area of a source tree. From my perspective, the term directory (in this context) is used to relay the concept of a (mostly) standards based component with predictable features, interfaces, behaviors, structures, underlying mechanisms, etc. Any documentation deemed a 'standard' upon which any directory service can even remotely claim to be based doesn't incorporate the specifics of the underlying store. As such, I don't define the dblayer as part of the directory ... its purpose is to abstract such specifics. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, August 17, 2005 8:27 AM To: ActiveDir@mail.activedir.org Cc: Send - AD mailing list
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] HP teaming
OK, new machine (AMD64... oh yeah!) is up and running. I'm not going to go back and catch up on everything, but this one caught my eye. We used NIC teaming for years. We had multitudes of problems, more associated with either our setup team not setting the NICs to 100/Full consistently, or the Network Engineers not doing the same. If this is NOT done, you will have issues. Also, there are specific problems that can crop up with ARP and virtual MACs that the teaming software creates. This becomes most apparent during troubleshooting, but can cause issues that only your Network Engineering team will see - and they really aren't worth irritating, because to a great degree - you need them more than they need you! :o) That being said - in 6 years of doing and managing NIC teaming, our stats showed that we had two NIC failures, which were easy to diagnose and resolve. Conversely, we had uncounted numbers of issues with ARP, MAC, and other teaming related issues that affected troubleshooting, problem resolution, and overall network (subnet or switch scope) performance when things went bad. Given that, we made a decision to bail on teaming (except for very specific systems that it had shown to be a true benefit - and DCs are far from a system that showed benefit) due to the lopsided number of issues caused as related to those actually solved. For me, that's the metric. If a solution is not really solving a problem, or is causing more problems than it is solving - why do it? It's basic Risk Management. However - YMMV. This is just my view. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 8:51 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] HP teaming They are member servers right now with no teaming. About to become DC's. Do you have anything against switch assisted load balancing? Also, which model catalyst did you have an issue with? Thanks a lot! On 8/17/05, Francis Ouellet [EMAIL PROTECTED] wrote: I've had great success using nic teaming on all my DCs running on hp Proliant hardware. They were all configured for FT. Make sure the network side of things fully supports it though, we had to upgrade a few catalyst switches for this to work correctly (I think it was an ARP issue) I'd suggest trying it on a member server first to make sure your networking hardware is capable of supporting it correctly. One last thing, are those DCs currently in place or you're considering nic teaming for future deployments? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 9:24 AM To: activedirectory Subject: [ActiveDir] HP teaming Any for or against Hp nic teaming on DC's? Also which type would you use(if any)? Fault tolerence or load balancing? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
The first thing after eseutil is the command. Everything after the command is an option to the command. Microsoft(R) Exchange Server Database Utilities Version 6.5 Copyright (C) Microsoft Corporation. All Rights Reserved. DESCRIPTION: Maintenance utilities for Microsoft(R) Exchange Server databases. MODES OF OPERATION: Defragmentation: ESEUTIL /d database name [options] Recovery: ESEUTIL /r logfile base name [options] Integrity: ESEUTIL /g database name [options] Checksum: ESEUTIL /k file name [options] Repair: ESEUTIL /p database name [options] File Dump: ESEUTIL /m[mode-modifier] filename Copy File: ESEUTIL /y source file [options] Restore: ESEUTIL /c[mode-modifier] path name [options] Press a key for more help D=Defragmentation, R=Recovery, G=inteGrity, K=checKsum, P=rePair, M=file duMp, Y=copY file, C=restore = -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
OK, so we've got a mixed environment of acrobat 6 and 7, maybe a couple of 5s left, too. Acrobat says install our 7.0.3 to take care of a security flaw. So we have a 7.0 MSI and MST for our environment we've been rolling out on an as needed basis that we can use as a base for this. Problem is, according to Adobe (http://www.adobe.com/support/downloads/detail.jsp?ftpID=2990), to get to 7.0.3, you have to install 7.0, then the 7.0.1 update, then the 7.0.2 update, then the 7.0.3 update. Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. I really don't want to do a manual multi-tier installation if I can avoid it... Thanks! ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] FRS Replication
Hi, I'm wondering how FRS replicates it's data to outbound partners located in other Sites. I know the intrasite replication work a bit like AD replication but... Does FRS bother to check for intersite connection objects and replication interval to send out file updates? Is it only using the schedule for the replica set? I'm pretty sure I've read that it will bother with site link costs to figure out the cheapest way to replicate but the questions above remain. Any help greatly appreciated. Thanks, Francis
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
What is the security flaw in Acrobat Reader that you must upgrade it? Charlie Kaiser wrote: OK, so we've got a mixed environment of acrobat 6 and 7, maybe a couple of 5s left, too. Acrobat says install our 7.0.3 to take care of a security flaw. So we have a 7.0 MSI and MST for our environment we've been rolling out on an as needed basis that we can use as a base for this. Problem is, according to Adobe (http://www.adobe.com/support/downloads/detail.jsp?ftpID=2990), to get to 7.0.3, you have to install 7.0, then the 7.0.1 update, then the 7.0.2 update, then the 7.0.3 update. Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. I really don't want to do a manual multi-tier installation if I can avoid it... Thanks! ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] exchange weirdeness
I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] w2k domain - sp3 to sp4
Make certain that drivers (especially SCSI drivers) and BIOS are current. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Wednesday, August 17, 2005 1:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] w2k domain - sp3 to sp4 Our AD is based on Windows 2000 sp3 machines. With the advent of the ms05-039 worms our computer security people are requiring that all Windows systems have the patch applied or lose network access. Since the patch isn't available for sp3 we want to apply sp4 (and patches). Is there anything we should watch for in doing this? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List
Re: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
Charlie Kaiser wrote: snip Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. /snip Actually, once you run the .exe, the file will create a folder in your Program Files directory (e.g. C:\Program Files\Adobe\{9F59C8B4-EAF5-425D-9A32-F94AC000D84D} for the 7.0.1 update) which contains the actual msi. As far as rolling up the three 7.0.x updates into one, I'm not sure that's possible. You may have to just assign 3 separate packages. The msi will figure out which package to install. Of course, it means that the computers with 7.0 installed will need to reboot 3 times to get updated. Clunky, to be sure :-( I'm hoping someone else has a better answer. Wilson List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: List Servers
Hmm.. Microsoft now offers a tool to do this, however I have never used it. I installed Imail 5 6 by IPSWITCH for the NT Engineering Association and it was an excellent GUI based list server. Mailman and Majordomo are also very popular but are much more difficult to configure unless your profecient in PERL. I believe that the ActiveDir list aslo uses Imail. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
[ActiveDir] Joining computers to a 2K3 domain
I am very perplexed by this behavior, so my hope is that some of the more knowledgeable on this list can shed light. In our Windows 2K3 functional forest (with a root placeholder domain and two child domains), when a machine is disjoined from the domain (one of the child domains) it is not removed from the OU it occupied in AD. Its object is set to disabled, but the computer just stays there (even after weeks of sitting to see if maybe replication would clear up the object). If we then rejoin that computer to the domain, its object is re-enabled and the same SID is given to the object. This has presented many problems, as you can imagine. In another job I worked, when the computer was disjoined, it dropped out of AD and then when you rejoined the computer, it dropped into the built-in Computers OU (as I expected). Is the first behavior I described normal? If not, what is the remedy to fix this? I have searched high and low and nobody seems to know what I am talking about. Any help appreciated. -Doug
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ:
Re: [ActiveDir] w2k domain - sp3 to sp4
No.
RE: [ActiveDir] OT: List Servers
Is imail easy to deploy? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: List Servers Hmm.. Microsoft now offers a tool to do this, however I have never used it. I installed Imail 5 6 by IPSWITCH for the NT Engineering Association and it was an excellent GUI based list server. Mailman and Majordomo are also very popular but are much more difficult to configure unless your profecient in PERL. I believe that the ActiveDir list aslo uses Imail. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
What you see in ESM is not disabled accounts, but deleted accounts. An account with the red-X through it means that the A/D user account for that mailbox has been deleted. Then, the mailbox is retained for however long deleted mailbox retention is set for. Without associated external account set, I wouldn't expect that you'd be able to log into a disabled mailbox. Exmerge does a login too. Permissions are held in a mailbox cache up to two hours. You can restart the IS to speed the process, or apply a registry change (which, unfortunately, also requires a restart of the IS - but helps for future needs). I set my caches to 10, 12, and 15 minutes respectively. That may or may not work in your environment. I can tell you that 1, 2, and 5 are too low (in my environment). http://support.microsoft.com/default.aspx?scid=kb;[LN];327378 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: List Servers
You can certainly set up a distribution group containing both internal and external people. However, if you want something that does subscribes, unsubscribes, digests, etc. etc. -- then no, that capability is not built-in. I would buy/build depending on the size and volume. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 2:21 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Unless your processor is truly underpowered, it's an i/o bound activity and the speed of the defrag is directly related to how fast your disk is. If you use the do not instate switch (/p), then you will have to change the names of the database files yourself -- otherwise the DB you mount will be the old one. :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 3:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List info :
Re: [ActiveDir] exchange weirdeness
I enabled the account an hour ago. what you're saying is the IS won't know that for 2 hrs by default? also, if i associate an external account to a disabled user mbox, this account can't have a mbox, correct? finally, if i do that, the IS also won't know that for 2hrs? thanks On 8/17/05, Michael B. Smith [EMAIL PROTECTED] wrote: What you see in ESM is not disabled accounts, but deleted accounts. An account with the red-X through it means that the A/D user account for that mailbox has been deleted. Then, the mailbox is retained for however long deleted mailbox retention is set for. Without associated external account set, I wouldn't expect that you'd be able to log into a disabled mailbox. Exmerge does a login too. Permissions are held in a mailbox cache up to two hours. You can restart the IS to speed the process, or apply a registry change (which, unfortunately, also requires a restart of the IS - but helps for future needs). I set my caches to 10, 12, and 15 minutes respectively. That may or may not work in your environment. I can tell you that 1, 2, and 5 are too low (in my environment). http://support.microsoft.com/default.aspx?scid=kb;[LN];327378 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] exchange weirdeness
actually, i thought that was dsaccess and i thought dsaccess contacts a dc every 15 mins for changes in user objects? thanks On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I enabled the account an hour ago. what you're saying is the IS won't know that for 2 hrs by default? also, if i associate an external account to a disabled user mbox, this account can't have a mbox, correct? finally, if i do that, the IS also won't know that for 2hrs? thanks On 8/17/05, Michael B. Smith [EMAIL PROTECTED] wrote: What you see in ESM is not disabled accounts, but deleted accounts. An account with the red-X through it means that the A/D user account for that mailbox has been deleted. Then, the mailbox is retained for however long deleted mailbox retention is set for. Without associated external account set, I wouldn't expect that you'd be able to log into a disabled mailbox. Exmerge does a login too. Permissions are held in a mailbox cache up to two hours. You can restart the IS to speed the process, or apply a registry change (which, unfortunately, also requires a restart of the IS - but helps for future needs). I set my caches to 10, 12, and 15 minutes respectively. That may or may not work in your environment. I can tell you that 1, 2, and 5 are too low (in my environment). http://support.microsoft.com/default.aspx?scid=kb;[LN];327378 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] exchange weirdeness
so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] w2k domain - sp3 to sp4
If you use delegation then read over this entry: http://msmvps.com/ulfbsimonweidner/archive/2005/05/29/49659.aspx When I upgraded to SP4 (seems so long ago) I ran into this Gotcha and was able to fix the permissions nightmare that was created with some help from Microsoft. That's about the only thing that stands out in my mind as a bad memory upgrading to W2K SP4. Regards, Lou Finally, South Carolina gets a code camp! For details, or to sign up, please visit http://www.gcnug.org/codecamp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Wednesday, August 17, 2005 1:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] w2k domain - sp3 to sp4 Our AD is based on Windows 2000 sp3 machines. With the advent of the ms05-039 worms our computer security people are requiring that all Windows systems have the patch applied or lose network access. Since the patch isn't available for sp3 we want to apply sp4 (and patches). Is there anything we should watch for in doing this? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives. While your at it you may want to also run ISINTEG which takes even longer. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb *Is it a good idea to use the /p switch (I have enough space) **If using the /p switch, what is the mounting procedure for the new DB? 4. Full backup of new DB Any comments are very welcome, and appreciated. List
Re: [ActiveDir] exchange weirdeness
If self has FC and associate mbox with external account, i can then access the box with an account that has FC on the mbox and run exmerge? Also, is nomas avaiable for download or do i have to go thru PSS? thanks a lot. you really helped me out here! On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
Up to 2 hours. Depends on how fresh the cache was when you made the change. The NoMas tool is designed to deal with the other question. I think someone has already posted about it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 3:50 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness I enabled the account an hour ago. what you're saying is the IS won't know that for 2 hrs by default? also, if i associate an external account to a disabled user mbox, this account can't have a mbox, correct? finally, if i do that, the IS also won't know that for 2hrs? thanks On 8/17/05, Michael B. Smith [EMAIL PROTECTED] wrote: What you see in ESM is not disabled accounts, but deleted accounts. An account with the red-X through it means that the A/D user account for that mailbox has been deleted. Then, the mailbox is retained for however long deleted mailbox retention is set for. Without associated external account set, I wouldn't expect that you'd be able to log into a disabled mailbox. Exmerge does a login too. Permissions are held in a mailbox cache up to two hours. You can restart the IS to speed the process, or apply a registry change (which, unfortunately, also requires a restart of the IS - but helps for future needs). I set my caches to 10, 12, and 15 minutes respectively. That may or may not work in your environment. I can tell you that 1, 2, and 5 are too low (in my environment). http://support.microsoft.com/default.aspx?scid=kb;[LN];327378 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Agreed.. the newer CPU speeds and Hard Drives speeds do improve the defrag times. I also ran ISINTEG which took even longer. Looking back I should have ran it first before using the /d option with Esutil. However I did find this : Microsoft recommends a conservative 5 - 7 GB per hour for a defrag operation, which means that your server will be offline for as long as it takes, assuming no hardware failures will occur. Thanks for the feedback, Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Unless your processor is truly underpowered, it's an i/o bound activity and the speed of the defrag is directly related to how fast your disk is. If you use the do not instate switch (/p), then you will have to change the names of the database files yourself -- otherwise the DB you mount will be the old one. :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 3:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a
RE: [ActiveDir] OT: List Servers
Easier than this: http://www.csh.rit.edu/~jon/projects/majordomo/#postfix :) Jose, what's Microsoft's tool for this? -Al From: [EMAIL PROTECTED] on behalf of Salandra, Justin A. Sent: Wed 8/17/2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: List Servers Is imail easy to deploy? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: List Servers Hmm.. Microsoft now offers a tool to do this, however I have never used it. I installed Imail 5 6 by IPSWITCH for the NT Engineering Association and it was an excellent GUI based list server. Mailman and Majordomo are also very popular but are much more difficult to configure unless your profecient in PERL. I believe that the ActiveDir list aslo uses Imail. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
Re: [ActiveDir] OT: List Servers
Imail is so simple and quick, you really won't think you just set up a mail server. I used to run it at a previous job. Recommended. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 - Original Message - From: Salandra, Justin A. [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Wednesday, August 17, 2005 3:15 PM Subject: RE: [ActiveDir] OT: List Servers Is imail easy to deploy? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: List Servers Hmm.. Microsoft now offers a tool to do this, however I have never used it. I installed Imail 5 6 by IPSWITCH for the NT Engineering Association and it was an excellent GUI based list server. Mailman and Majordomo are also very popular but are much more difficult to configure unless your profecient in PERL. I believe that the ActiveDir list aslo uses Imail. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
For folks who have already left, I'd go with granting Self full mailbox access. I haven't tested it, but if the account has already been disabled then I don't think that setting it to expire on a date in the past will restore the necessary mailbox permissions for you to access it. For future departures, I think the ideal thing is to have some sort of deprovisioning utility that handles disabling the account, possibly moving it to a different OU, sets the Self mailbox access, and any other rules that your business processes dictate. You could have that as a script or front-end it with a web page. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
Inline... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness If self has FC and associate mbox with external account, i can then access the box with an account that has FC on the mbox and run exmerge? Yes, allowing for the mailbox permissions cache that Michael mentioned Also, is nomas avaiable for download or do i have to go thru PSS? PSS, but I think it's a no-charge call if that's all you are asking for. If you have a support agreement your TAM should be able to get it for you as well. thanks a lot. you really helped me out here! On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Hi Michael, I just got off the phone with the Sales rep, I am mistaken. GoExchange will not have the additional functionally to do a full defrag of the data base with out taking the server offline until end of year. My apologies. However it does give excellent reporting capability on the condition of the data base. The demo is free, and although the demo will not let you actually repair the data base it will give you a full report as to it's present state. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange than the Exchange list, I am looking for comments. Here are the steps I am planning on taking: 1. Full backup of General store 2. Dismount General store 3. eseutil /d /p F:\Exchsrvr\mdbdata\General.edb
[ActiveDir] cloning DC's
I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: List Servers
Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Partipilo Sent: Wednesday, August 17, 2005 4:29 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: List Servers Imail is so simple and quick, you really won't think you just set up a mail server. I used to run it at a previous job. Recommended. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 - Original Message - From: Salandra, Justin A. [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Wednesday, August 17, 2005 3:15 PM Subject: RE: [ActiveDir] OT: List Servers Is imail easy to deploy? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: List Servers Hmm.. Microsoft now offers a tool to do this, however I have never used it. I installed Imail 5 6 by IPSWITCH for the NT Engineering Association and it was an excellent GUI based list server. Mailman and Majordomo are also very popular but are much more difficult to configure unless your profecient in PERL. I believe that the ActiveDir list aslo uses Imail. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Salandra, Justin A. Sent: Wednesday, August 17, 2005 11:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: List Servers Is it possible to utilize Exchange 2003 to setup a list server that internal and external people can use or is it better to just buy a product to do this? Does any one have any opinions? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Little OT: Packaging software
Ok guys have a little bit of an issue. Trying to distribute some software but the logo testing warning message comes up. Even though the policy is set to silent install for drivers. I found this article that describes the issue elequently. But not really a solution. http://www.ewall.org/displayarticle93.html The Guy talks about using a Auto-IT script to click the continue but, no information bout that script available. Nother guy says make sure the cryptographic service is automatic and running. Well Mine is running and I still get this window pop up. Oh I am using sms installer to create the executable to install the set of programs. Any ideas? Jeff List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
I don't believe I've seen the reason that you want to defrag in the first place. Any reason you would choose to defrag vs. just moving the users to a new db? Safer and faster IMHO than taking 3-10 hours to defrag and backing up the mail while doing so. Al From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Wed 8/17/2005 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives. While your at it you may want to also run ISINTEG which takes even longer. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: 17 August 2005 18:13 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT:Exchange 2003 SP1 bloat OK, so I have scheduled a window this weekend to run an offline defrag of the mailbox store. Now I am looking for the best way to do this, and since this list seems to have more/better experience with Exchange
RE: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
Sweet. That worked just fine to extract the .MSIs. Noticed that as usual with Adobe products though, after canceling the install, the MSIs are still there taking up space... Now to see if I can package them all up to make it work... Thanks! ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wilson chang Sent: Wednesday, August 17, 2005 11:41 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus Charlie Kaiser wrote: snip Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. /snip Actually, once you run the .exe, the file will create a folder in your Program Files directory (e.g. C:\Program Files\Adobe\{9F59C8B4-EAF5-425D-9A32-F94AC000D84D} for the 7.0.1 update) which contains the actual msi. As far as rolling up the three 7.0.x updates into one, I'm not sure that's possible. You may have to just assign 3 separate packages. The msi will figure out which package to install. Of course, it means that the computers with 7.0 installed will need to reboot 3 times to get updated. Clunky, to be sure :-( I'm hoping someone else has a better answer. Wilson List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] exchange weirdeness
thanks a lot!! On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: For folks who have already left, I'd go with granting Self full mailbox access. I haven't tested it, but if the account has already been disabled then I don't think that setting it to expire on a date in the past will restore the necessary mailbox permissions for you to access it. For future departures, I think the ideal thing is to have some sort of deprovisioning utility that handles disabling the account, possibly moving it to a different OU, sets the Self mailbox access, and any other rules that your business processes dictate. You could have that as a script or front-end it with a web page. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [spam] [ActiveDir] w2k domain - sp3 to sp4
We ran into an unusual problem with the Nortel Contivity VPN client v.4.65 for this upgrade. I won't waste space here, but you're welcome to get me offlist for more info. if it applies (or if anyone else cares :D ). -DaveC Reuters IST Service Delivery -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Wednesday, August 17, 2005 1:20 PM To: ActiveDir@mail.activedir.org Subject: [spam] [ActiveDir] w2k domain - sp3 to sp4 Our AD is based on Windows 2000 sp3 machines. With the advent of the ms05-039 worms our computer security people are requiring that all Windows systems have the patch applied or lose network access. Since the patch isn't available for sp3 we want to apply sp4 (and patches). Is there anything we should watch for in doing this? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Latest MS patch KB899588
Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] Latest MS patch KB899588
Juan, InstallPatch.vbs: set oshell = wscript.CreateObject("wscript.shell")oshell.run("%PathToPatch%\importantpatch.exe /quiet /norestart") I renamed the patch importantpatch.exe James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, JuanSent: Thursday, 18 August 2005 8:15 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
http://www.adobe.com/support/techdocs/321644.html ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Wednesday, August 17, 2005 11:11 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus What is the security flaw in Acrobat Reader that you must upgrade it? Charlie Kaiser wrote: OK, so we've got a mixed environment of acrobat 6 and 7, maybe a couple of 5s left, too. Acrobat says install our 7.0.3 to take care of a security flaw. So we have a 7.0 MSI and MST for our environment we've been rolling out on an as needed basis that we can use as a base for this. Problem is, according to Adobe (http://www.adobe.com/support/downloads/detail.jsp?ftpID=2990 ), to get to 7.0.3, you have to install 7.0, then the 7.0.1 update, then the 7.0.2 update, then the 7.0.3 update. Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. I really don't want to do a manual multi-tier installation if I can avoid it... Thanks! ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus
Charlie, FYI, http://www.msfn.org/board/index.php has a really good forum for unattended installs of most common software products. If you ever get stuck have a look at the Application Install section... James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Thursday, 18 August 2005 7:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus Sweet. That worked just fine to extract the .MSIs. Noticed that as usual with Adobe products though, after canceling the install, the MSIs are still there taking up space... Now to see if I can package them all up to make it work... Thanks! ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wilson chang Sent: Wednesday, August 17, 2005 11:41 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Acrobat reader 7.0.3 upgrade for the Group Policy gurus Charlie Kaiser wrote: snip Is there a way, using group policies/software installation to roll this all into one package? The updates are setup.exes, not .msis.. /snip Actually, once you run the .exe, the file will create a folder in your Program Files directory (e.g. C:\Program Files\Adobe\{9F59C8B4-EAF5-425D-9A32-F94AC000D84D} for the 7.0.1 update) which contains the actual msi. As far as rolling up the three 7.0.x updates into one, I'm not sure that's possible. You may have to just assign 3 separate packages. The msi will figure out which package to install. Of course, it means that the computers with 7.0 installed will need to reboot 3 times to get updated. Clunky, to be sure :-( I'm hoping someone else has a better answer. Wilson List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Latest MS patch KB899588
Are you wondering if restarting the server is mandatory? I suspect that it is, unless you really dont want to be protected. Often times, the components being replaced are only read on system startup. Given that the bulletin specifically says: Restart Requirement You must restart your system after you apply this security update. Id say, u, yeah. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Wednesday, August 17, 2005 5:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] Little OT: Packaging software
This behavior is actually documented. The warn but allowed installation was never intended to work in unattended scenario. You are either left with the Auto-IT option, or do what this guy suggested here (I haven't personally done that, mind you): http://www.appdeploy.com/messageboards/tm.asp?m=257 Either, or insist that your vendors sign whatever they give you - yeah right :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Cothern Jeff D. Team EITC Sent: Wed 8/17/2005 2:12 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Little OT: Packaging software Ok guys have a little bit of an issue. Trying to distribute some software but the logo testing warning message comes up. Even though the policy is set to silent install for drivers. I found this article that describes the issue elequently. But not really a solution. http://www.ewall.org/displayarticle93.html The Guy talks about using a Auto-IT script to click the continue but, no information bout that script available. Nother guy says make sure the cryptographic service is automatic and running. Well Mine is running and I still get this window pop up. Oh I am using sms installer to create the executable to install the set of programs. Any ideas? Jeff List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] exchange weirdeness
FWIW, I've always been a fan of disassociating the user account from the mailbox and then disabling the user access by disabling the user object from login, moving it to a new OU, removing the groups, marking the object with a time stamp for later use, and logging every action taken to a text file for later review and auditing functions. I can leave a user account that I can associate and disassociate at will if I need access. It's not pretty, but then again, there is no pretty way to make this work. The scripts involved are pretty straightforward; it's a matter of figuring out what the process should be. My $0.04 anyway. Al From: [EMAIL PROTECTED] on behalf of Tom Kern Sent: Wed 8/17/2005 5:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness thanks a lot!! On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: For folks who have already left, I'd go with granting Self full mailbox access. I haven't tested it, but if the account has already been disabled then I don't think that setting it to expire on a date in the past will restore the necessary mailbox permissions for you to access it. For future departures, I think the ideal thing is to have some sort of deprovisioning utility that handles disabling the account, possibly moving it to a different OU, sets the Self mailbox access, and any other rules that your business processes dictate. You could have that as a script or front-end it with a web page. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 2:06 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange weirdeness so, what is a good practice to deal with user's who have left and their mailboxes? Should you just expire the account to a date in the past and then you can access their box? or can you give Self full mailbox access to a disabled account and then access the box? which way works? thanks alot On 8/17/05, Coleman, Hunter [EMAIL PROTECTED] wrote: No. You're running into the msExchMasterAccountSID problem. http://support.microsoft.com/default.aspx?scid=kb;en-us;555410 has information, and points to the NoMAS tool. You can also handle this by setting the attributes manually or via script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 12:48 PM To: activedirectory Subject: Re: [ActiveDir] exchange weirdeness update- i enabled the user account about 30mins ago and updated the RUS. stilll i get denied trying to log on via outlook and an event id 9548 gets logged on the exchange server everytime i try logging on, stating that the account is still disabled... replication issue? dns is up and running. the only known issue is no connectivity to the root. but the root has no users or mailservers. strange On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I have mailbox enabled users in AD that have been disabled. However in ESM, they are not marked as such. When i run the cleanup agent, they are still not marked as disabled. When i try to Exmerge the box, I get an access denied error(i have full exchange admin rights inherited from the org and full mailbox right on the user). Also, i can't open their box via outlook as well. My situation at this firm is as such- we have no network connectivity to the root(for about 2 wks. don't ask, long story..). The users are all in my child domain as are their mailboxes. the root is empty. We are also running with netbios/tcp disabled forest wide. i know there are some issues with netbios being disabled and exmerge and ESM and outlook. Could this be a cause? I don't know the exact error you would get. I don't think having no connectivity to the root should be an issue. We have 4 dc's, 3 of which are gc's in the child domain. any advice would be great. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Latest MS patch KB899588
Are you wondering if restarting the server is mandatory? I suspect that it is, unless you really dont want to be protected. Often times, the components being replaced are only read on system startup. Given that the bulletin specifically says: Restart Requirement You must restart your system after you apply this security update. Id say, u, yeah. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Wednesday, August 17, 2005 5:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] Latest MS patch KB899588
The /norestart option is available for this patch. You can choose to use it and wait for the latest mutation of the worm to hit the server and reboot it for you, or you could just simply schedule your patch-and-reboot time and ensure that the server is REALLY protected. What I'm trying to say in a round-about way is patch and reboot ALREADY!. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Ibarra, Juan Sent: Wed 8/17/2005 3:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
You make a very good point. Now that Exchange 2000 and 2003 allow such easy moves of mailboxe's between servers, that is probably the best solution. However your assuming that you have multiple Exchange back end servers. But very good point. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Al Mulnick Sent: Wednesday, August 17, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I don't believe I've seen the reason that you want to defrag in the first place. Any reason you would choose to defrag vs. just moving the users to a new db? Safer and faster IMHO than taking 3-10 hours to defrag and backing up the mail while doing so. Al From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Wed 8/17/2005 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives. While your at it you may want to also run ISINTEG which takes even longer. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Title: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I was thinking about that today and thought there must be reason not to do it that way since no one else has mentioned it. Does the white space in a DB exist in the mailbox, or the DB level? Moving to a new mailbox store will definitely get rid of the white space? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, August 17, 2005 5:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I don't believe I've seen the reason that you want to defrag in the first place. Any reason you would choose to defrag vs. just moving the users to a new db? Safer and faster IMHO than taking 3-10 hours to defrag and backing up the mail while doing so. Al From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Wed 8/17/2005 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives. While your at it you may want to also run ISINTEG which takes even longer. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
If you choose to purchase the product, I would certainly be interested in knowing your perspective on it after a couple of months. From my perspective, it gives some pretty reports (which other packages do just as well); and it puts a nice GUI in front of something that you shouldn't be doing very often anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 5:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, I just got off the phone with the Sales rep, I am mistaken. GoExchange will not have the additional functionally to do a full defrag of the data base with out taking the server offline until end of year. My apologies. However it does give excellent reporting capability on the condition of the data base. The demo is free, and although the demo will not let you actually repair the data base it will give you a full report as to it's present state. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till I run eseutil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 17, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Well IIRC /p is a hard repair whilst /d is for defrag. If you have a working, mountable store that you want to defrag you don't need the /p switch. Anyone got any comment? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
[ActiveDir] IP Schema
Just wondering what IP schema people on this list like to use... we just outgrew our class C and spent a few hours on Saturday supernetting. We're now using a 13 bit subnet mask (255.255.255.248) and debating the best and most efficient way to organize our IP addressing schema. Previously, we were using (for example) 192.168.10.1-30 were static for network devices (routers, firewalls, switches, etc), 31-50 were for Linux servers, 51-80 were for Windows servers, 81-99 were for other static IP's, 100-200 were DHCP and 201-254 were for printers. The debate now that we have supernetted is: do we keep that schema across each subnet (eg - 192.168.9.100-200, 192.168.10.100-200, 192.168.11.100-200, etc are all for DHCP) or do we organize by stating that everything on the 192.168.9.x and 192.168.10.x subnets are DHCP, while all static devices are on (for example) the 192.168.8.x subnet? Hopefully I explained myself well ehough. Our network admin wants to do it one way while our CIO wants it done the other way. I know there are benefits to both methods, but wanted to get some opinions from members on this list regarding your methods, and benefits/drawbacks. Thanks! List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Douglas, Why not just move them between databases on the same server? Exchange 2000/2003 does support multiple Storage Groups and multiple DBs within each SG. In fact you should probably look into splitting your 91GB DB into several smaller DBs so if in fact you do need to perform some kind of offline repair (Eseutil/Isinteg) you can do so on smaller DBs over the course of several scheduled downtimes. Regards, Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 4:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat You make a very good point. Now that Exchange 2000 and 2003 allow such easy moves of mailboxe's between servers, that is probably the best solution. However your assuming that you have multiple Exchange back end servers. But very good point. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Al Mulnick Sent: Wednesday, August 17, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I don't believe I've seen the reason that you want to defrag in the first place. Any reason you would choose to defrag vs. just moving the users to a new db? Safer and faster IMHO than taking 3-10 hours to defrag and backing up the mail while doing so. Al From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Wed 8/17/2005 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives. While your at it you may want to also run ISINTEG which takes even longer. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Douglas M. Long Sent: Wednesday, August 17, 2005 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Ah man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the
RE: [ActiveDir] Latest MS patch KB899588
Thanks. So the reboot is not mandatory/required using this script right? Juan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Wednesday, August 17, 2005 3:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latest MS patch KB899588 Juan, InstallPatch.vbs: set oshell = wscript.CreateObject(wscript.shell) oshell.run(%PathToPatch%\importantpatch.exe /quiet /norestart) I renamed the patch importantpatch.exe James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Thursday, 18 August 2005 8:15 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Title: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Al makesan excellent point - I just presumed I hadn't been paying attention and it had been discussed earlier, with aconclusion that you need to do an offline defrag. :-) White space is actually at the file level (a store is composed of two files, an EDB file and an STM file), which is approximately the DB level. Both files may or may not have whitespace. Moving to a new store does not carry along the whitespace, it's left behind. You'll still be left withthe original91 GB store, "empty" but still there -- you'll still need to either defrag it (if you don't/can't move everyone) or delete it (if you are certain everyone has been moved) to recover the space. However, the defrag is very fast if you just have white space. Do remember that if you don't turn on circular logging temporarily that a 91 GB store which is move-mailboxed will result inLOTS oflog files. (I'm thinking it's 2xactual data, but I'm fuzzy on cold medicine right now.) What is the size of the white space? (And thus theactual data...) "Many" MS folks will recommend that you consider splitting up stores when they hit the 35 - 50 GB range. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. LongSent: Wednesday, August 17, 2005 7:21 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I was thinking about that today and thought there must be reason not to do it that way since no one else has mentioned it. Does the white space in a DB exist in the mailbox, or the DB level? Moving to a new mailbox store will definitely get rid of the white space? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Wednesday, August 17, 2005 5:15 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I don't believe I've seen the reason that you want to defrag in the first place. Any reason you would choose to defrag vs. just moving the users to a new db? Safer and faster IMHO than taking 3-10 hours to defrag and backing up the mail while doing so. Al From: [EMAIL PROTECTED] on behalf of Medeiros, JoseSent: Wed 8/17/2005 4:13 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Keep in mind that this was a DELL Server Xeon 4 way 800 MHZ system with a Perc 2 controller with U160, 10,000 rpm drives and the database resided on the DAS external array. I am sure that it will run much faster on the newer 3.0 GHZ Xeon's with Ultra 320 15,000 rpm Drives.While your at it you may want to also run ISINTEG which takes even longer.Jose :-)-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of Douglas M. LongSent: Wednesday, August 17, 2005 12:06 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloatAh man, don't tell me that it took 10 hours for a 30GB database...the one I am defragging is 91GB.-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Medeiros, JoseSent: Wednesday, August 17, 2005 2:32 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloatI am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers.Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish.Jose-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of Michael B. SmithSent: Wednesday, August 17, 2005 11:08 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloatI would never recommend a tool that does offline defragmentation as preventive maintenance.-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Medeiros, JoseSent: Wednesday, August 17, 2005 1:56 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloatWant a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things )You won't even have to take your Exchange servers offline to defrag the information and public folder stores.Jose :-)-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]Sent: Wednesday, August 17, 2005 10:28 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloatKB192185 has good info on this. You are on the right path, IMO.Sincerely,Dèjì Akómöláfé, MCSE+M MCSA+M MCP+IMicrosoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anonFrom: [EMAIL PROTECTED] on behalf of Douglas
RE: [ActiveDir] Latest MS patch KB899588
Juan, A reboot is REQUIRED only IF you want the system to be protected. IF you install the patch and do not reboot the system, the patch will NOT protect you. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Ibarra, Juan Sent: Wed 8/17/2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latest MS patch KB899588 Thanks. So the reboot is not mandatory/required using this script right? Juan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Wednesday, August 17, 2005 3:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latest MS patch KB899588 Juan, InstallPatch.vbs: set oshell = wscript.CreateObject(wscript.shell) oshell.run(%PathToPatch%\importantpatch.exe file:///\\enebrisdc02\scripts$\kb899588\importantpatch.exe /quiet /norestart) I renamed the patch importantpatch.exe James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Thursday, 18 August 2005 8:15 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Hi Michael, Until they add the feature to compact ( Or defrag ) the Information store while online, it's probably not some thing we would have an interest in. As far as other solutions for reporting, do you have any recommendations as to which tools you prefer? Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 4:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat If you choose to purchase the product, I would certainly be interested in knowing your perspective on it after a couple of months. From my perspective, it gives some pretty reports (which other packages do just as well); and it puts a nice GUI in front of something that you shouldn't be doing very often anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 5:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, I just got off the phone with the Sales rep, I am mistaken. GoExchange will not have the additional functionally to do a full defrag of the data base with out taking the server offline until end of year. My apologies. However it does give excellent reporting capability on the condition of the data base. The demo is free, and although the demo will not let you actually repair the data base it will give you a full report as to it's present state. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk). This switch lets you preserve your original defragmented database (which lets you revert back to your original database if necessary). This switch also significantly reduces the amount of time it takes to defragment a database, because you are rebuilding to a new location, rather then rebuilding the database in place. I was thinking...hmmm, it takes less time, and I have a little more protection from something going wrong...sounds good to me. Comments? And now that I think of it, my command probably needed a PATH for the new DB unless there is a default, but I won't know that till
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
I tested PromoDag about 2-3 years ago. I was very impressed and would have bought it in a jiffy if their price had not been too high. They later offered some deal, but by then I was out of budget. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Medeiros, Jose Sent: Wed 8/17/2005 5:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, Until they add the feature to compact ( Or defrag ) the Information store while online, it's probably not some thing we would have an interest in. As far as other solutions for reporting, do you have any recommendations as to which tools you prefer? Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 4:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat If you choose to purchase the product, I would certainly be interested in knowing your perspective on it after a couple of months. From my perspective, it gives some pretty reports (which other packages do just as well); and it puts a nice GUI in front of something that you shouldn't be doing very often anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 5:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, I just got off the phone with the Sales rep, I am mistaken. GoExchange will not have the additional functionally to do a full defrag of the data base with out taking the server offline until end of year. My apologies. However it does give excellent reporting capability on the condition of the data base. The demo is free, and although the demo will not let you actually repair the data base it will give you a full report as to it's present state. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on a different hard disk).
RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
It rather depends on what you want. If you want table-level usage reports, then eseutil /ms does just a fine job. If you want management reports, then I think the MOM Management Pack does a great job. For even more detailed (and configurable) information, I think the Quest MessageStats for Exchange (for management) and SpotLight on Exchange (for administrators) are both pretty good. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 8:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, Until they add the feature to compact ( Or defrag ) the Information store while online, it's probably not some thing we would have an interest in. As far as other solutions for reporting, do you have any recommendations as to which tools you prefer? Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 4:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat If you choose to purchase the product, I would certainly be interested in knowing your perspective on it after a couple of months. From my perspective, it gives some pretty reports (which other packages do just as well); and it puts a nice GUI in front of something that you shouldn't be doing very often anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 5:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Hi Michael, I just got off the phone with the Sales rep, I am mistaken. GoExchange will not have the additional functionally to do a full defrag of the data base with out taking the server offline until end of year. My apologies. However it does give excellent reporting capability on the condition of the data base. The demo is free, and although the demo will not let you actually repair the data base it will give you a full report as to it's present state. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 12:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat This tool, I believe, runs eseutil in the background. The message store that goExchange is working on must be offline while it's being maintained: http://www.lucid8.com/faq/faq_general6.asp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 2:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I am not sure I understand your point.. if he is trying to fix his bloat issue, this tool will do the same thing as Esutuil in compacting the database with out having to take down his exchange servers. Last time I ran Esutuil on a 30gb data base it took nearly 10 hours to finish. Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael B. Smith Sent: Wednesday, August 17, 2005 11:08 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I would never recommend a tool that does offline defragmentation as preventive maintenance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Wednesday, August 17, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat Want a simpler method? Try http://www.goexchange.com/, ( GOexchange is painless to use and saves you time by running automatic expert preventive maintenance while you attend to more important things ) You won't even have to take your Exchange servers offline to defrag the information and public folder stores. Jose :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat KB192185 has good info on this. You are on the right path, IMO. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 8/17/2005 10:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat I guess I was thinking of using the /p switch because of a paragraph Run ESEUTIL with the /p switch to configure ESEUTIL to create the new defragmented database on an alternate location (for example, to a location on
[ActiveDir] Certification service
Hello, As my company wants to implement PKI and I am quite new with this I was wondering if I can integrate a purchased certificate (from VeriSign or SSL.com) and integrate into AD? Or do I have to create one with Microsoft? Sorry if this is a dumb question. Thanks for the information. Katrin Wilhelm (MCSA) CVGT Employment Training Specialists Australia E-mail: [EMAIL PROTECTED] Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document.Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material.Please contact us at www.cvgt.com.au for further information regarding this disclaimer.
RE: [ActiveDir] Certification service
Either one. You can set up your own or purchase a certificate. It kinda depends on what you want to do and how much you want to spend. If you have an external-facing public website and you want your customers to be able to have secure transactions with it, best to go with a commercial trusted cert authority. If you're trying to secure internal communications with IPSec or PEAP-TLS, then an internal CA is a better bet. You can also use a combination of both. MS has numerous white papers and guides available... ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm Sent: Wednesday, August 17, 2005 5:43 PM To: AD list Subject: [ActiveDir] Certification service Hello, As my company wants to implement PKI and I am quite new with this I was wondering if I can integrate a purchased certificate (from VeriSign or SSL.com) and integrate into AD? Or do I have to create one with Microsoft? Sorry if this is a dumb question. Thanks for the information. Katrin Wilhelm (MCSA) CVGT Employment Training Specialists Australia E-mail: [EMAIL PROTECTED] Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document. Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGT's entire liability will be limited to resupplying the material. Please contact us at www.cvgt.com.au http://www.cvgt.com.au for further information regarding this disclaimer. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] cloning DC's
I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Folder Redirection
I left off the %username% variable on the redirection folder . Working really nice and in almost real time! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Tuesday, August 16, 2005 9:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Folder Redirection Probably a permissions problem. Since youre just TESTING, start by setting perms on the folder so that the user has full control. This is not the ideal permission set, but it will tell you whether thats causing the problem. Once you know if thats the issue, we can chat about the exact permissions for future tests Also check DNS, etc try connecting to a normal shared folder on the same server Dan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Paul Sent: Tuesday, August 16, 2005 11:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Folder Redirection I am a newbie studying for mcse 2000. I do not claim to know much but could use your patience and help! I logged on to one of the pcs as the user that has the GPO (no override is checked) for folder redirection (its my docs folder) saved something in it, but did not find the saved file in the redirected folder . Any advice is greatly appreciated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Sunday, August 14, 2005 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Right click and goto properties A subject would help your message greatly. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Paul Sent: Sunday, August 14, 2005 7:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] How do you setup folder redirection? How does it work? 1. create shared folder 2. start, programs, administrative tools, AD Users Computers 3. OU right click, properties, Group policy 4. new, any name, click name, edit, user config, windows settings 5. folder redirection, my docs Where do you go from here? Thanks all
RE: [ActiveDir] cloning DC's
Yes this is a very very bad idea and is not supported. In fact I believe that sysprep will even block in this scenario and not run. While you can build the base Operating System and while it is a member or stand alone server sysprep it and then use that image to build several servers which can then be DC Promoed you can not image an existing DC. If you are running Windows Server 2003 here is what I suggest doing: 1) Create a base OS image of a standalone or member server. 2) Use this image to create the servers that you will use then promote to new DCs. 3) Make a system state backup of the original DC. 4) Use the Install From Media(IFM) option to build the new DC/GCs, see http://support.microsoft.com/default.aspx?scid=kb;en-us;311078 This is a supported method and should result in an install time that is very close to the unsupported cloning method. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:56 PM To: activedirectory Subject: Re: [ActiveDir] cloning DC's I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] cloning DC's
As far as documentation that states this please see the following Knowledge Base Article: http://support.microsoft.com/default.aspx?scid=kb;en-us;830958 Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: Wednesday, August 17, 2005 8:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] cloning DC's Yes this is a very very bad idea and is not supported. In fact I believe that sysprep will even block in this scenario and not run. While you can build the base Operating System and while it is a member or stand alone server sysprep it and then use that image to build several servers which can then be DC Promoed you can not image an existing DC. If you are running Windows Server 2003 here is what I suggest doing: 1) Create a base OS image of a standalone or member server. 2) Use this image to create the servers that you will use then promote to new DCs. 3) Make a system state backup of the original DC. 4) Use the Install From Media(IFM) option to build the new DC/GCs, see http://support.microsoft.com/default.aspx?scid=kb;en-us;311078 This is a supported method and should result in an install time that is very close to the unsupported cloning method. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:56 PM To: activedirectory Subject: Re: [ActiveDir] cloning DC's I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] cloning DC's
I'm thinking out loud here, why not clone/sysprep the server as stand alone machine then join the root domain and then DCPROMO? Those steps can be automated and are from my perspective very easy to do. If you sending DCs to a remote location then use dcpromo with install from media Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 17, 2005 5:03 PM To: activedirectory Subject: [ActiveDir] cloning DC's I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Certification service
Thanks for that information Katrin Wilhelm (MCSA) CVGT Employment Training Specialists Australia E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Thursday, 18 August 2005 10:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Certification service Either one. You can set up your own or purchase a certificate. It kinda depends on what you want to do and how much you want to spend. If you have an external-facing public website and you want your customers to be able to have secure transactions with it, best to go with a commercial trusted cert authority. If you're trying to secure internal communications with IPSec or PEAP-TLS, then an internal CA is a better bet. You can also use a combination of both. MS has numerous white papers and guides available... ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm Sent: Wednesday, August 17, 2005 5:43 PM To: AD list Subject: [ActiveDir] Certification service Hello, As my company wants to implement PKI and I am quite new with this I was wondering if I can integrate a purchased certificate (from VeriSign or SSL.com) and integrate into AD? Or do I have to create one with Microsoft? Sorry if this is a dumb question. Thanks for the information. Katrin Wilhelm (MCSA) CVGT Employment Training Specialists Australia E-mail: [EMAIL PROTECTED] Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document. Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGT's entire liability will be limited to resupplying the material. Please contact us at www.cvgt.com.au http://www.cvgt.com.au for further information regarding this disclaimer. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document. Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material. Please contact us at www.cvgt.com.au for further information regarding this disclaimer List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Latest MS patch KB899588
Juan Apparently you didnt read MY message YES its mandatory to apply the patch.. If you DO NOT REBOOT youre going to get slapped by the worm. Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Wednesday, August 17, 2005 6:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latest MS patch KB899588 Thanks. So the reboot is not mandatory/required using this script right? Juan From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Wednesday, August 17, 2005 3:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Latest MS patch KB899588 Juan, InstallPatch.vbs: set oshell = wscript.CreateObject(wscript.shell) oshell.run(%PathToPatch%\importantpatch.exe /quiet /norestart) I renamed the patch importantpatch.exe James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan Sent: Thursday, 18 August 2005 8:15 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Latest MS patch KB899588 Hi there, I am trying to apply this patch to some windows 2000 servers and I was wondering if the reboot is strictly mandatory?! If I used the /norestart switch to ran it from the command line I do get the patch under add and remove programs. Also the version of the file gets updated under c:\winnt\ssystem32. What do you think? Juan
RE: [ActiveDir] cloning DC's
Tom - Regardless of the scenario and how it's done - you never, never, never, clone DCs. This will lead to very bad things - possibly including the appearance of the Anti-Christ, opening of Black Holes, ABBA coming back to prominence. Do NOT do this. Do NOT allow IBM to do it. Period. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:56 PM To: activedirectory Subject: Re: [ActiveDir] cloning DC's I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] cloning DC's
There is a way to have your cake and eat it too, however. Take a backup of the DC, then use the install from media (IFM) feature to dcpromo more machines in to the environment using the backup taken as a seed for the dataset. This will allow you to rapidly bring up new DCs without having to re-source all of the info yet still not do damage to your environment (with the definition of do damage left out for brevity, as it has been covered on this DL previously if memory serves me correctly). IFM was added in WS2003 to address scenarios such as this. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, August 17, 2005 7:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] cloning DC's Tom - Regardless of the scenario and how it's done - you never, never, never, clone DCs. This will lead to very bad things - possibly including the appearance of the Anti-Christ, opening of Black Holes, ABBA coming back to prominence. Do NOT do this. Do NOT allow IBM to do it. Period. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:56 PM To: activedirectory Subject: Re: [ActiveDir] cloning DC's I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] cloning DC's
Eric, I just want to be sure that you are not equating backup with cloning. I am afraid that the OP may take your eat cake statement to mean that you are agreeing with the cloning proposal. Install from media was not made for cloning. Unless I am wrong again, the install from media is not done (nor is it supposed to be done) on a cloned image of existing DCs. Cloned in this case means something like Ghost image of a DC taken from who knows when. This is completely different from a backup of a DC, backup being NTBackup or similar. So, I am not very sure that he is not going to be eating some very stale cakes if he reads you literally. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Eric Fleischman Sent: Wed 8/17/2005 9:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] cloning DC's There is a way to have your cake and eat it too, however. Take a backup of the DC, then use the install from media (IFM) feature to dcpromo more machines in to the environment using the backup taken as a seed for the dataset. This will allow you to rapidly bring up new DCs without having to re-source all of the info yet still not do damage to your environment (with the definition of do damage left out for brevity, as it has been covered on this DL previously if memory serves me correctly). IFM was added in WS2003 to address scenarios such as this. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, August 17, 2005 7:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] cloning DC's Tom - Regardless of the scenario and how it's done - you never, never, never, clone DCs. This will lead to very bad things - possibly including the appearance of the Anti-Christ, opening of Black Holes, ABBA coming back to prominence. Do NOT do this. Do NOT allow IBM to do it. Period. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 17, 2005 7:56 PM To: activedirectory Subject: Re: [ActiveDir] cloning DC's I went back and i saw B. Shirley's remarks on cloning dc's. I'm wondering if this applies to my senario below- cloning a DC with Disk Image and sysprep and creating new DC's that way? Is this very very bad? is there an article or paper explaining why? or anyone care to explain why. or is this ok? thanks. sorry to harp but these AD consultants from IBM want to go this route tomorrow and I'm thinking its not a good idea for some reason but I'd like to be sure before i bring it up. Thanks again On 8/17/05, Tom Kern [EMAIL PROTECTED] wrote: I know i read this thread before but i can't seem to find it. we are creating a new forest root and the IBM consultants here created the first root dc and now they want to clone it using Disk Image and sysprep to create the other DC's in the root. I think i heard this is a bad idea. Am I right? I can't seem to find any article on this but I do remember this being spoken of on the list and I don't remeber what the conculsion was. thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/