RE: [ActiveDir] Ntds.dit file corruption

[Eric Fleischman]

Distributed systems hurt the head in that it is not clear *where* the
problem is. It is hard to point a finger at something/someone and say
there's the issue! when the issue lies in the state in which some
number of servers exist relative to one another.

However, in a system which aims to provide convergence (in mission and
in assumption by clients), such divergence is, I think, corruption.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, December 06, 2005 5:55 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ntds.dit file corruption

Good post ~Eric, thanks for chiming in. 

I see where you are coming from with the corruption at the distributed
level. In terms of corruption at that level I see it as corruption but
just
can't get myself to see it as AD corruption. I am not sure if I can put
it
down in words why. I just don't. :)

  joe

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Tuesday, December 06, 2005 5:42 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ntds.dit file corruption

snip
I would generally not call USN rollback a corruption either, but I think
Dean make a fair and quasi-valid point that if you consider the
distributed
system, yes such a thing is a corruption.  Feel free to shim in a AD
Distributed System Logical Layer in the above stack, between AD Logical
Layer and App Logical Layer.  I'm waffling on this point though, as
somethign smells differnent that other types of corruption.  I'm going
to
think about that for a long time ... in fact Eric yes the ~Eric) is at
my
door and says he would consider it corruption, so there is a long debate
in
my future as well ...
/snip

Over lunch, Brett and I discussed this some more. My contention is that
USN
rollback would be a form of corruption under a somewhat broad
definition.
The reality is that there is a layer that Brett mentioned which actually
has
a two parts when looked at from a high level. Namely, this layer:
 AD Logical Layer

The first piece could be thought of as local logical layer. That is,
data
hierarchy, conforming to the code assumptions of how it should be, data
conforming to the schema as defined, etc. This is a layer of data that
clearly need be proper (leaving the definition of proper to another
day),
else we are in some sort of corrupt state. Brett and I both agree on
this
I'm pretty sure.

However, there is then distributed systems corruption. In AD, one of the
services we aim to provide is convergence. If we do not converge, we
define
this divergence as at a minimum bad, perhaps corrupt. 
USN rollback breaks our convergence guarantees, it breaks replication
such
that you will not attain convergence in the system. I would as such
consider
it a form of corruption.

Over Teriyaki a few minutes ago, Brett posited the question well if USN
rollback is corruption, what else? Valid question. I would concede that
if
USN rollback is considered distributed systems corruption, so too would
be
other conditions which yield divergence. Perhaps this is a slippery
slope
that goes too far. I need to think about this some more.

I would also toss out there that corruption should not be confused with
forever broken. There are many states in which the directory can exist
where it is functional, but in some way broken. Such divergences can
typically be repaired with administrative action, so long as it is a
savvy
administrator. :) If we are willing to assume that divergence is
corruption,
I'd tend to believe that most people on this list have recovered from
some
form of corruption before. The worse the corruption, the more help you
likely want to recover from it. :)

Anyway, we'll likely debate this for a few months, as we usually do on
such
points. More thoughts to come as we debate further.

~Eric



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley
Sent: Tuesday, December 06, 2005 12:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ntds.dit file corruption

I wouldn't say that, joe ...

Lets take another hypothetical real quick, lets say you have a column
for
the RDN of an AD object (well we do) and that value is NULL.  From AD's
perspective this object is well not really an object, it would be
corrupt,
and might even crash lsass.exe (I don't know, it might).

However, from ESE's persepctive though, the table/row/column is valid,
it
has a particular column that doesn't have a value.  A column which I
might
add is declared optional (real term is tagged) in the ESE layer
schema
(real term is catalog).  ESE is simply a store of data, it passes no
judgement on the data as long as it fits the schema guidelines for the
column.

Joe, is the DB corrupt?  An AD object without an RDN?



I have tendency to think in layers and sources of corruption.
   App Logical Layer
   AD Logical Layer
   ESE Logical Layer
   [ESE] Physical 

RE: [ActiveDir] remove logon script?

[Harding, Devon]

That did itthanks Joe.











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, December 06, 2005
8:21 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?





Yeah I have seen odd
things like that before if you cut and paste from email or doc files, some
bogus character you can't see is in there or something like that. Retype it...



[Tue 12/06/2005 20:20:01.78]
G:\Adfind
-f ((objectCategory=person)(objectClass=user)(scriptpath=logon.bat))
-default -dsq | admod -unsafe scriptpath:-
(objectClass was unexpected at this time.







[Tue 12/06/2005 20:20:07.26]
G:\Adfind
-f
((objectcategory=person)(objectclass=user)(scriptpath=logon.bat))
-default -dsq | admod -unsafe scriptpath:-







AdMod V01.06.00cpp Joe Richards ([EMAIL PROTECTED]) June 2005







DN Count: 0







No object DNs to update.







The command completed successfully.








[Tue 12/06/2005
20:20:10.93]















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding,
 Devon
Sent: Tuesday, December 06, 2005
4:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?

I get the following
error:



(objectClass was
unexpected at this time.















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, December 06, 2005
2:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?





It works
against the current default domain which is the domain of the default domain
controller. You can determine what that is with 



adfind
-default -s base -dn





If you
want it to work against another domain, remove -default and add -b domain_dn
(i.e. change the search base of the adfind query).















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding,
 Devon
Sent: Tuesday, December 06, 2005
1:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?

This
will work for the currently logged in domain right?



















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, December 05, 2005
4:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?





One tiny
correction :)



Adfind f
((objectCategory=person)(objectClass=user)(scriptpath=logon.bat))
default dsq | admod unsafe scriptpath:-

















From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Brian Desmond
Sent: Monday, December 05, 2005
4:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] remove
logon script?

Adfind and admod from joeware.net



Adfind f
((objectCategory=person)(objectClass=user)(scriptpath=logon.bat))
default dsq | admod unsafe scriptpath-





Thanks,
Brian
Desmond

[EMAIL PROTECTED]



c - 312.731.3132























From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Harding, Devon
Sent: Monday, December 05, 2005
3:40 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] remove logon
script?





How can I remove the logon.bat from
all my user (2000+) accounts at one time in my domain? Ive switch
to GPO for the logon scripts.



Devon Harding

Windows
Systems Engineer

Southern
Wine  Spirits - BSG

954-602-2469

















__
This message and any attachments are
solely for the intended recipient
and may contain confidential or
privileged information. If you are not
the intended recipient, any disclosure,
copying, use or distribution of
the information included in the message
and any attachments is
prohibited. If you have received this
communication in error, please
notify us by reply e-mail and
immediately and permanently delete this
message and any attachments. Thank You.








__
This message and any attachments are
solely for the intended recipient
and may contain confidential or
privileged information. If you are not
the intended recipient, any disclosure,
copying, use or distribution of
the information included in the message
and any attachments is
prohibited. If you have received this
communication in error, please
notify us by reply e-mail and
immediately and permanently delete this
message and any attachments. Thank You.

[ActiveDir] search option for file and folders dont work

[Sudhir Kaushal]

Hi,

My search options for files and folders
dont work in 2000. Though it works very well when opened from Windows Explorer.
Any pointers to the probable reasons are appreciated. 

Regards,
Sudhir Kaushal
Systems Engineer (GIS)
Computer Sciences Corporation.
India - + 91
120 2582323 Ext. 2649
Denmark - + 45
70100024 Ext. 2649

“You never win Silver, You
lose Gold”



This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.

[ActiveDir] Found bug in Active Directory DNS (integrated)

[AD]

Ok, this is the scenario.I needed to create 123 DNS entries really quick so I decided to use DNSCMD. It ended it being a big mistake.

The mandatory parameters for DNSCMD /RECORDADD are the following:

servername
/RecordAdd
Zone
NodeName
RRType
RRData
[command parameters]

So I typed in the following: (entered it on different lines for easy readibiltiy).

ncdc01 
/RecordAdd 
myDomain.com 
hostA.myDomain.com
A
192.168.1.2

The command completes with a "Command Completed Successfuly". Great. Only one problem. It does not show up in the DNS management console. I can see it in the directory but not in the DNS snapin. When I do a NsLookup on that record it comes up as hostA.myDomain.com.myDomain.com. Ok so I figured out that you do not need to specify the domain name for the NodeName parameter of the command. I go ahead and delete the entry in ADUC because I can't see it in DNS console, clear the DNS cache on the server and clear the cache on my client. When I run NsLookup on the host again it shows up as hostA.myDomain.com.myDomain.com. That is impossible right? The only way I was able to clear this entry from the server cache was to restart DNS on the DC. Not a feasible solution when you have 20 DC across the country.

Has anyone seen this before?

Thanks

Yves 

RE: [ActiveDir] Found bug in Active Directory DNS (integrated)

[Coleman, Hunter]

You're sure that it wasn't your client cache returning the 
value after the initial query?


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
ADSent: Wednesday, December 07, 2005 7:36 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Found bug in Active 
Directory DNS (integrated)

Ok, this is the scenario.I 
needed to create 123 DNS entries really quick so I decided to use DNSCMD. It 
ended it being a big mistake.

The mandatory parameters for DNSCMD /RECORDADD are the following:

servername
/RecordAdd
Zone
NodeName
RRType
RRData
[command parameters]

So I typed in the following: (entered it on different lines for easy 
readibiltiy).

ncdc01 
/RecordAdd 
myDomain.com 
hostA.myDomain.com
A
192.168.1.2

The command completes with a "Command Completed Successfuly". Great. Only 
one problem. It does not show up in the DNS management console. I can see it in 
the directory but not in the DNS snapin. When I do a NsLookup on that record it 
comes up as hostA.myDomain.com.myDomain.com. Ok so I figured out that you do not 
need to specify the domain name for the NodeName parameter of the 
command. I go ahead and delete the entry in ADUC because I can't see it in DNS 
console, clear the DNS cache on the server and clear the cache on my client. 
When I run NsLookup on the host again it shows up as 
hostA.myDomain.com.myDomain.com. That is impossible right? The only way I was 
able to clear this entry from the server cache was to restart DNS on the DC. Not 
a feasible solution when you have 20 DC across the country.

Has anyone seen this before?

Thanks

Yves 

[ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003

[Danny]

Netware 5 with 2000 AD and Exchange 5.5 will all be migrated to 2003. 
Anyone have experience with this - any tips/suggestions?

Thank you,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Found bug in Active Directory DNS (integrated)

[Joe Pochedley]

Your NodeName is incorrect...

NodeName -- name of 
node for which a record will be 
added 
- FQDN of a node (name with a '.' at the end) 
OR 
- node name relative to the 
ZoneName 
OR 
- "@" for zone root 
node 
OR 
- service name for SRV only (e.g. _ftp._tcp)

The FQDN of the node in your example below should be "hostA." (note the . 
at the end of the name) not "hostA.myDomain.com" ...

Essentially, you added a host to the sub-domain myDomain.com.myDomain.com instead, which is why it doesn't show up in the GUI where 
expected.

Joe Pochedley A computer terminal is not some clunky old 
television with a typewriter in front of it. It is an 
interface where the mind and body can connect with the universe 
and move bits of it 
about. -Douglas Adams 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
ADSent: Wednesday, December 07, 2005 9:36 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Found bug in Active 
Directory DNS (integrated)

Ok, this is the scenario.I 
needed to create 123 DNS entries really quick so I decided to use DNSCMD. It 
ended it being a big mistake.

The mandatory parameters for DNSCMD /RECORDADD are the following:

servername
/RecordAdd
Zone
NodeName
RRType
RRData
[command parameters]

So I typed in the following: (entered it on different lines for easy 
readibiltiy).

ncdc01 
/RecordAdd 
myDomain.com 
hostA.myDomain.com
A
192.168.1.2

The command completes with a "Command Completed Successfuly". Great. Only 
one problem. It does not show up in the DNS management console. I can see it in 
the directory but not in the DNS snapin. When I do a NsLookup on that record it 
comes up as hostA.myDomain.com.myDomain.com. Ok so I figured out that you do not 
need to specify the domain name for the NodeName parameter of the 
command. I go ahead and delete the entry in ADUC because I can't see it in DNS 
console, clear the DNS cache on the server and clear the cache on my client. 
When I run NsLookup on the host again it shows up as 
hostA.myDomain.com.myDomain.com. That is impossible right? The only way I was 
able to clear this entry from the server cache was to restart DNS on the DC. Not 
a feasible solution when you have 20 DC across the country.

Has anyone seen this before?

Thanks

Yves 

RE: [ActiveDir] Moving 3rd party DNS to AD

[Figueroa, Johnny]

I appreciate the feedback on your experience with QIP and MS DNS. It
will all help 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield
Sent: Tuesday, December 06, 2005 8:52 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Moving 3rd party DNS to AD

probably not needed but here is a script I used and deployed with SMS to
all my member servers to update the DNS order.  The script was used to
add a third DNS server for 'just in-case' lookups but was effective in
updating the member servers w/o having to manually do it.  Probably
won't be useful but thought I would pass along.  You could easily make
this accept command line switches but by default only runs on the local
machine.  Hope that helps.

Sub Main()
 SetDNSServerSearchOrder()
End Sub


Sub SetDNSServerSearchOrder()
' On Error Resume Next
 Err.clear

 dim aDNS(1)

'Primary DNS server
 aDNS(0) = x.x.x.x

'Alternate DNS server
 aDNS(1) = x.x.x.x

 'Set Networking Managing Objects
 strComputer = .
 set objWMIService = GetObject(winmgmts:\\  strComputer 
\root\cimv2)  Set colItems = objWMIService.ExecQuery(Select * From
Win32_NetworkAdapterConfiguration Where IPEnabled = 1)

 For Each objItem in colItems
  errDNS = objItem.SetDNSServerSearchOrder()
  wscript.sleep 500
  errDNS = objItem.SetDNSServerSearchOrder(aDNS)
 Next

 set objWMIService = Nothing
 set colItems = Nothing

End Sub

Steve Schofield
Microsoft MVP - ASP/ASP.NET
ASPInsider Member - MCP

http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
- Original Message -
From: Steve Schofield [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, December 06, 2005 10:39 PM
Subject: Re: [ActiveDir] Moving 3rd party DNS to AD


 Boy that is a real toughie!  I have experience both with AD using QIP
(6.x 
 version) which was really good and now for the past year getting used
to 
 MS DNS with integrated zones on DC's which was ok but has been rock
solid 
 with w2k3  sp1 (lots of DNS fixes in w2k3 sp1).  What would I do, boy
not 
 sure but here is an attempt.  If your goal is have AD/DNS hosted on MS
to 
 quickly cutover one brainstorm is to have your DNS servers in AD be 
 secondary's and ability to *import* the QIP zones so you could have 
 real-time updates up to and just before cutover.   Not sure off-hand
if 
 that is possible but believe so.

 Then for cutover, unplug QIP network cable, change the IP on the MS
dns 
 servers, convert to a primary zone to allow dynamic updates if you are

 supporting that.  You can also setup the QIP to be the forwarders for
the 
 AD ones but would suggest to stay away from that if possible and just
use 
 the ROOT servers.   As far as performance,  DNS is not a very
intensive 
 process for a standard type setup.  I would suggest RAID 1 for
redundancy 
 with 1 or 2 gig of ram.  A dual proc machine would be more than 
 sufficient.   The RAID should use a hardware based controller with
some 
 cache for added boost.  One benefit if these were DC's vs. standard
DNS 
 servers is the multi-master replication being integrated into AD
database 
 providing redundancy. Depending on your AD database size and DC's
size, 
 the entire database is loaded into memory could provide a pretty good 
 boost.   The ISP I work for (orcsweb.com) our internal AD servers take
a 
 lot of requests and those machines sit idle regarding DNS (we send
lots of 
 emails a day pretty DNS lookup intensive and works well).   The QIP 
 experience I didn't directly manage so I can't provide any stats there

 sorry.   Hope that provides some ideas, the UI management tool in QIP
is 
 better than AD but the MMC is ok for a few domains.. Good luck, feel
free 
 to contact me [EMAIL PROTECTED]

 Steve Schofield
 Microsoft MVP - ASP/ASP.NET
 ASPInsider Member - MCP

 http://www.orcsweb.com/
 Managed Complex Hosting
 #1 in Service and Support


 - Original Message - 
 From: Figueroa, Johnny [EMAIL PROTECTED]
 To: ActiveDir@mail.activedir.org
 Sent: Tuesday, December 06, 2005 3:18 PM
 Subject: [ActiveDir] Moving 3rd party DNS to AD



 I will be removing a couple of Lucent QIP DNS servers running on Sun
 Solaris with Microsoft DNS.

 We already have our AD infrastructure. The _zones in the QIP DNS
servers
 were delegated to AD DNS/DCs so the domain controllers could update
 their SRV records.

 We debated if we should integrate the zones owned by the QIP solution
 into AD (DC/DNS Servers) or create a couple of standalone DNS servers
in
 AD, which will not be domain controllers. We chose to go with the
 standalone DNS servers mainly so that the testing, cutover and
potential
 roll back could be done with minimal changes. I.e. turn off QIP DNS
 servers, change IP on the MS DNS servers to that of the old QIP
servers
 and we are done. Roll back would be something like turn off MS DNS
 servers and turn QIP back on. The _zones in question are in our empty
 root domain, the clients and the AD resource records 

RE: [ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003

[Almeida Pinto, Jorge de]

More than half a year ago I did a migration from Netware 5, NT4 and Exchange 
5.5 to Windows/Exchange 2003. I remember posting information about it. Guido 
also posted some info about a migration job he did. Don't remember if it was 
last year or in the beginning of this year. So you might want to check out the 
archives. 
 
Another source you could use is the library from Quest. It contains 3 articles 
about migrating from Novell (http://wm.quest.com/library/)
 
I assume Netware 5 is used for file and print services and AD is used as the 
primary authentication system. Right?
 
Jorge



From: [EMAIL PROTECTED] on behalf of Danny
Sent: Wed 12/7/2005 4:23 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003



Netware 5 with 2000 AD and Exchange 5.5 will all be migrated to 2003.
Anyone have experience with this - any tips/suggestions?

Thank you,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
winmail.dat

Re: [ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003

[Danny]

On 12/7/05, Almeida Pinto, Jorge de
[EMAIL PROTECTED] wrote:
 More than half a year ago I did a migration from Netware 5, NT4 and Exchange
 5.5 to Windows/Exchange 2003. I remember posting information about it.

I will dust off the archives, then. Thanks.

[...]
 Another source you could use is the library from Quest. It contains 3 articles
 about migrating from Novell (http://wm.quest.com/library/)

Checking it out.


 I assume Netware 5 is used for file and print services and AD is used as the
 primary authentication system. Right?

File, Print, and user login - with some type of syncronizcation
between the two directories so that Exchange and Outlook works.

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Help with VB script to map printers

[Noah Eiger]

Hi 



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from: http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers



'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



' WScript.Echo
Your printer is mapped from :   UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

RE: [ActiveDir] Found bug in Active Directory DNS (integrated)

[AD]

I concur. I understand why it does not show up in the gui but I do not understand why the server is still caching it. Deleting the object, clearing the pc cache and the server DNS cache does not get rid of the A record. 

I was hoping someone can try it in their environment and see if they get the same results.

Y


From: Joe PochedleySent: Wed 07/12/2005 10:34 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Found bug in Active Directory DNS (integrated)

Your NodeName is incorrect...

NodeName -- name of node for which a record will be added - FQDN of a node (name with a '.' at the end) OR - node name relative to the ZoneName OR - "@" for zone root node OR - service name for SRV only (e.g. _ftp._tcp)

The FQDN of the node in your example below should be "hostA." (note the . at the end of the name) not "hostA.myDomain.com" ...

Essentially, you added a host to the sub-domain myDomain.com.myDomain.com instead, which is why it doesn't show up in the GUI where expected.

Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Wednesday, December 07, 2005 9:36 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Found bug in Active Directory DNS (integrated)

Ok, this is the scenario.I needed to create 123 DNS entries really quick so I decided to use DNSCMD. It ended it being a big mistake.

The mandatory parameters for DNSCMD /RECORDADD are the following:

servername
/RecordAdd
Zone
NodeName
RRType
RRData
[command parameters]

So I typed in the following: (entered it on different lines for easy readibiltiy).

ncdc01 
/RecordAdd 
myDomain.com 
hostA.myDomain.com
A
192.168.1.2

The command completes with a "Command Completed Successfuly". Great. Only one problem. It does not show up in the DNS management console. I can see it in the directory but not in the DNS snapin. When I do a NsLookup on that record it comes up as hostA.myDomain.com.myDomain.com. Ok so I figured out that you do not need to specify the domain name for the NodeName parameter of the command. I go ahead and delete the entry in ADUC because I can't see it in DNS console, clear the DNS cache on the server and clear the cache on my client. When I run NsLookup on the host again it shows up as hostA.myDomain.com.myDomain.com. That is impossible right? The only way I was able to clear this entry from the server cache was to restart DNS on the DC. Not a feasible solution when you have 20 DC across the country.

Has anyone seen this before?

Thanks

Yves 

RE: [ActiveDir] Help with VB script to map printers

[WILLIAMS, J.D.]

My wsh book shows the command to be 

.AddPrinterConnection not .AddWindowsPrinterConnection



HTH





Thanks, 
JD 

Northrop Grumman 
Information Technology 
 Commercial,
State  Local Solutions
512-377-x235 
Alphapage 866-521-6091 
E-Page [EMAIL PROTECTED] 











From: Noah Eiger [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 07, 2005
1:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Help with _vbscript_ to map printers





Hi -



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from:
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers



'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



'
WScript.Echo Your printer is mapped from :  
UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

RE: [ActiveDir] Help with VB script to map printers

[AD]

Actually both are valid.


From: WILLIAMS, J.D.Sent: Wed 07/12/2005 2:31 PMTo: 'ActiveDir@mail.activedir.org'Cc: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Help with _vbscript_ to map printers


My wsh book shows the command to be 
.AddPrinterConnection not .AddWindowsPrinterConnection

HTH


Thanks, JD 
Northrop Grumman Information Technology  Commercial, State  Local Solutions512-377-x235 Alphapage 866-521-6091 E-Page [EMAIL PROTECTED] 




From: Noah Eiger [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 07, 2005 1:10 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Help with _vbscript_ to map printers

Hi -

I am trying to modify a VBS found on the Internet to map multiple printers. This will be run for every user in an OU. I keep getting the following error for line 8: 8007007B - The filename, directory name or volume syntax is incorrect

I have played around with the syntax but think I am missing something very basic here. Any thoughts?

I got this from: http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers

' Poached from Guy Thomas February 2004.
' **
Dim multiPrinter, UNCpath1, UNCpath2, UNCpath3
UNCpath1 = "\\server.abc.private\HP Color LaserJet 3500"
UNCpath2 = "\\server.abc.private\HP LaserJet 3300"
UNCpath2 = "\\server.abc.private\HP LaserJet 5000"
Set multiPrinter = CreateObject("WScript.Network") 
multiPrinter.AddWindowsPrinterConnection UNCpath1
multiPrinter.AddWindowsPrinterConnection UNCpath2
multiPrinter.AddWindowsPrinterConnection UNCpath3

' WScript.Echo "Your printer is mapped from : "  UNCpath1 _
'  "and from : "  UNCpath2
WScript.Quit
' End of _vbscript_
--No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005

RE: [ActiveDir] Help with VB script to map printers

[Rich Milburn]

Try using Chr(34) instead of quotes for your paths i.e. 

UNCpath1
= \\server.abc.private\
 Chr(34)  HP Color LaserJet 3500  Chr(34)



Chr(34)
is how you get quotes into a string  at least its the only way Ive ever
gotten to work my WSH doesnt seem to like the double quotes I see some people
use sometimes (i.e. MsgBox I
said, Hello. would always give me an error. MsgBox I said,   chr(34)
 Hello.  Chr(34) works)



Rich





---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
I love the smell of red herrings in the morning -
anonymous











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Wednesday, December 07, 2005
1:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Help with _vbscript_ to map printers





Hi 



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from:
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers



'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



'
WScript.Echo Your printer is mapped from :  
UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_





---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / 
CONFIDENTIAL INFORMATION may be contained in this message or any attachments. 
This information is strictly confidential and may be subject to attorney-client 
privilege. This message is intended only for the use of the named addressee. If 
you are not the intended recipient of this message, unauthorized forwarding, 
printing, copying, distribution, or using such information is strictly 
prohibited and may be unlawful. If you have received this in error, you should 
kindly notify the sender by reply e-mail and immediately destroy this message. 
Unauthorized interception of this e-mail is a violation of federal criminal law. 
Applebee's International, Inc. reserves the right to monitor and review the 
content of all messages sent to and from this e-mail address. Messages sent to 
or from this e-mail address may be stored on the Applebee's International, Inc. 
e-mail system.








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

Re: [ActiveDir] Help with VB script to map printers

[Paul Wilkinson]

I'd guess that you have path problem. Try copying and pasting \\server.abc.private\HP Color LaserJet 3500 , with the quotes, in your start-run box and see if it connects that printer. If it doesn't work then you need to look at the ip name and share name, and double check security permissions.
On 12/7/05, Noah Eiger [EMAIL PROTECTED] wrote:















Hi –



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from: http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers




'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



' WScript.Echo
Your printer is mapped from :   UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

-- Paul Wilkinson[EMAIL PROTECTED]

RE: [ActiveDir] Help with VB script to map printers

[Ed Crowley [MVP]]

This should work:

UNCpath1 = "\\server.abc.private\"HP Color 
LaserJet 3500"""

Ed Crowley MCSE+Internet MVPFreelance E-Mail 
PhilosopherProtecting the world from PSTs and Bricked 
Backups!



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Wednesday, December 07, 2005 12:17 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Help with _vbscript_ to map printers


Try using Chr(34) instead of quotes for 
your paths i.e. 
UNCpath1 = "\\server.abc.private\"  Chr(34)  
HP Color LaserJet 3500"  Chr(34)

Chr(34) 
is how you get quotes into a string  at least its the only way Ive ever 
gotten to work my WSH doesnt seem to like the double quotes I see some people 
use sometimes (i.e. MsgBox I 
said, Hello. would always give me an error. MsgBox I said,   chr(34)  
Hello.  Chr(34) works)

Rich


---Rich 
MilburnMCSE, 
Microsoft MVP - Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 W. 107th 
StOverland Park, KS 
66207913-967-2819--I love 
the smell of red herrings in the morning - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Noah 
EigerSent: Wednesday, December 
07, 2005 1:10 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Help with _vbscript_ to 
map printers

Hi 


I am 
trying to modify a VBS found on the Internet to map multiple printers. This will 
be run for every user in an OU. I keep getting the following error for line 8: 
8007007B - The filename, directory name or volume syntax is 
incorrect

I have 
played around with the syntax but think I am missing something very basic here. 
Any thoughts?

I got 
this from: 
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers

' 
Poached from Guy Thomas February 2004.
' 
**
Dim 
multiPrinter, UNCpath1, UNCpath2, UNCpath3
UNCpath1 = "\\server.abc.private\HP Color LaserJet 
3500"
UNCpath2 = "\\server.abc.private\HP LaserJet 
3300"
UNCpath2 = "\\server.abc.private\HP LaserJet 
5000"
Set 
multiPrinter = CreateObject("WScript.Network") 
multiPrinter.AddWindowsPrinterConnection 
UNCpath1
multiPrinter.AddWindowsPrinterConnection 
UNCpath2
multiPrinter.AddWindowsPrinterConnection 
UNCpath3

' 
WScript.Echo "Your printer is mapped from : "  UNCpath1 
_
' 
 "and from : "  UNCpath2
WScript.Quit
' End 
of _vbscript_




---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or 
any attachments. This information is strictly confidential and may be subject to 
attorney-client privilege. This message is intended only for the use of the 
named addressee. If you are not the intended recipient of this message, 
unauthorized forwarding, printing, copying, distribution, or using such 
information is strictly prohibited and may be unlawful. If you have received 
this in error, you should kindly notify the sender by reply e-mail and 
immediately destroy this message. Unauthorized interception of this e-mail is a 
violation of federal criminal law. Applebee's International, Inc. reserves the 
right to monitor and review the content of all messages sent to and from this 
e-mail address. Messages sent to or from this e-mail address may be stored on 
the Applebee's International, Inc. e-mail system.




--No virus found in this outgoing message.Checked by AVG 
Free Edition.Version: 7.1.371 / Virus Database: 267.13.12/194 - Release 
Date: 12/7/2005

RE: [ActiveDir] Help with VB script to map printers

[Ed Crowley [MVP]]

Strange. I've never had problems with double 
double-quotes in a _vbscript_.

Ed Crowley MCSE+Internet MVPFreelance E-Mail 
PhilosopherProtecting the world from PSTs and Bricked 
Backups!



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Wednesday, December 07, 2005 12:17 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Help with _vbscript_ to map printers


Try using Chr(34) instead of quotes for 
your paths i.e. 
UNCpath1 = "\\server.abc.private\"  Chr(34)  
HP Color LaserJet 3500"  Chr(34)

Chr(34) 
is how you get quotes into a string  at least its the only way Ive ever 
gotten to work my WSH doesnt seem to like the double quotes I see some people 
use sometimes (i.e. MsgBox I 
said, Hello. would always give me an error. MsgBox I said,   chr(34)  
Hello.  Chr(34) works)

Rich


---Rich 
MilburnMCSE, 
Microsoft MVP - Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 W. 107th 
StOverland Park, KS 
66207913-967-2819--I love 
the smell of red herrings in the morning - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Noah 
EigerSent: Wednesday, December 
07, 2005 1:10 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Help with _vbscript_ to 
map printers

Hi 


I am 
trying to modify a VBS found on the Internet to map multiple printers. This will 
be run for every user in an OU. I keep getting the following error for line 8: 
8007007B - The filename, directory name or volume syntax is 
incorrect

I have 
played around with the syntax but think I am missing something very basic here. 
Any thoughts?

I got 
this from: 
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers

' 
Poached from Guy Thomas February 2004.
' 
**
Dim 
multiPrinter, UNCpath1, UNCpath2, UNCpath3
UNCpath1 = "\\server.abc.private\HP Color LaserJet 
3500"
UNCpath2 = "\\server.abc.private\HP LaserJet 
3300"
UNCpath2 = "\\server.abc.private\HP LaserJet 
5000"
Set 
multiPrinter = CreateObject("WScript.Network") 
multiPrinter.AddWindowsPrinterConnection 
UNCpath1
multiPrinter.AddWindowsPrinterConnection 
UNCpath2
multiPrinter.AddWindowsPrinterConnection 
UNCpath3

' 
WScript.Echo "Your printer is mapped from : "  UNCpath1 
_
' 
 "and from : "  UNCpath2
WScript.Quit
' End 
of _vbscript_




---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or 
any attachments. This information is strictly confidential and may be subject to 
attorney-client privilege. This message is intended only for the use of the 
named addressee. If you are not the intended recipient of this message, 
unauthorized forwarding, printing, copying, distribution, or using such 
information is strictly prohibited and may be unlawful. If you have received 
this in error, you should kindly notify the sender by reply e-mail and 
immediately destroy this message. Unauthorized interception of this e-mail is a 
violation of federal criminal law. Applebee's International, Inc. reserves the 
right to monitor and review the content of all messages sent to and from this 
e-mail address. Messages sent to or from this e-mail address may be stored on 
the Applebee's International, Inc. e-mail system.




--No virus found in this outgoing message.Checked by AVG 
Free Edition.Version: 7.1.371 / Virus Database: 267.13.12/194 - Release 
Date: 12/7/2005

RE: [ActiveDir] Help with VB script to map printers

[WILLIAMS, J.D.]

Quite. And, when I change the script for a
server\printer on my network, it works. The only difference is that I don't
have any printer shares with spaces. Not sure if it would be a big deal.



Along with what Rich said, if you write scripts in Word,
opposed to Notepad, the " character is not translated correctly.
Word may use the 66 99 looking ones, depending on your font, I guess. 



If you haven't, try to copy it to Notepad and edit it
there. May also try creating a test printer share with no spaces, see if
that helps.





Thanks, 
JD 

Northrop Grumman 
Information Technology 
 Commercial,
State  Local Solutions
512-377-x235 
Alphapage 866-521-6091 
E-Page [EMAIL PROTECTED] 











From: AD [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 07, 2005
1:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Help with
_vbscript_ to map printers









Actually both are valid.















From: WILLIAMS, J.D.
Sent: Wed 07/12/2005 2:31 PM
To: 'ActiveDir@mail.activedir.org'
Cc: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Help with
_vbscript_ to map printers





My wsh book shows the command to be 

.AddPrinterConnection not .AddWindowsPrinterConnection



HTH





Thanks, 
JD 

Northrop Grumman 
Information Technology 
 Commercial,
State  Local Solutions
512-377-x235 
Alphapage 866-521-6091 
E-Page [EMAIL PROTECTED] 











From: Noah Eiger [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 07, 2005
1:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Help with _vbscript_ to map printers





Hi -



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from:
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers



'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



'
WScript.Echo Your printer is mapped from :  
UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005

RE: [ActiveDir] Help with VB script to map printers

[Noah Eiger]

Thanks to all for suggestions. 



I pasted the path directly into the run line as Paul
suggested. This worked fine and brought up the printer immediately. I then made
the Chr(34) change as Rich suggested. When I did this, it told me the printer
name was wrong. If I add an echo as below, the result is 0.



UNCpath1
= \\server.abc.private\
 Chr(34)  HP Color LaserJet 3500  Chr(34)

Wscript.Echo UNCpath1



Hmmm.













From: Rich Milburn [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 07, 2005
12:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Help with
_vbscript_ to map printers





Try using Chr(34) instead of quotes for your paths i.e. 

UNCpath1
= \\server.abc.private\
 Chr(34)  HP Color LaserJet 3500  Chr(34)



Chr(34)
is how you get quotes into a string  at least its the only way Ive ever
gotten to work my WSH doesnt seem to like the double quotes I see some people
use sometimes (i.e. MsgBox I
said, Hello. would always give me an error. MsgBox I said,   chr(34)
 Hello.  Chr(34) works)



Rich





---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
--
I love the smell of red herrings in the morning -
anonymous











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Noah Eiger
Sent: Wednesday, December 07, 2005
1:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Help with _vbscript_ to map printers





Hi 



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from:
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers



'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



'
WScript.Echo Your printer is mapped from :  
UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_









---APPLEBEE'S
INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.
This information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal
law. Applebee's International, Inc. reserves the right to monitor and review
the content of all messages sent to and from this e-mail address. Messages sent
to or from this e-mail address may be stored on the Applebee's International,
Inc. e-mail system.


















--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

Re: [ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003

[Tomasz Onyszko]

Danny wrote:
Netware 5 with 2000 AD and Exchange 5.5 will all be migrated to 2003. 
Anyone have experience with this - any tips/suggestions?


Check out this document:
Solution for Migrating File, Print, and Directory Services from Novell 
NetWare to Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?familyid=19be5289-37a8-469c-b03a-70a189e8314fdisplaylang=en


--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Netware 5, 2000 AD, and Exchange 5.5 to 2003

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

http://www.microsoft.com/downloads/details.aspx?familyid=19be5289-37a8-469c-b03a-70a189e8314fdisplaylang=en 
http://www.microsoft.com/downloads/details.aspx?familyid=19be5289-37a8-469c-b03a-70a189e8314fdisplaylang=en


A guide for IT Professionals on the process and tools needed to migrate 
file, print, and directory services to a Microsoft Windows Server from a 
Novell Netware platform.


Danny wrote:

On 12/7/05, Almeida Pinto, Jorge de
[EMAIL PROTECTED] wrote:
  

More than half a year ago I did a migration from Netware 5, NT4 and Exchange
5.5 to Windows/Exchange 2003. I remember posting information about it.



I will dust off the archives, then. Thanks.

[...]
  

Another source you could use is the library from Quest. It contains 3 articles
about migrating from Novell (http://wm.quest.com/library/)



Checking it out.


  

I assume Netware 5 is used for file and print services and AD is used as the
primary authentication system. Right?



File, Print, and user login - with some type of syncronizcation
between the two directories so that Exchange and Outlook works.

Thanks,

...D
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

  


--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Help with VB script to map printers

[Cace, Andrew]

You shouldn't need the extra quotes in the printer 
name/path. The value of the variable is passed in its entirety, it doesn't 
get truncated because it contains spaces. Someone else already recommended 
trying to connect to the printer from the Run line, I'll second 
that.

-Andrew



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley 
[MVP]Sent: Wednesday, December 07, 2005 2:32 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Help with _vbscript_ to map printers

This should work:

UNCpath1 = "\\server.abc.private\"HP Color 
LaserJet 3500"""

Ed Crowley MCSE+Internet MVPFreelance E-Mail 
PhilosopherProtecting the world from PSTs and Bricked 
Backups!



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rich 
MilburnSent: Wednesday, December 07, 2005 12:17 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Help with _vbscript_ to map printers


Try using Chr(34) instead of quotes for 
your paths i.e. 
UNCpath1 = "\\server.abc.private\"  Chr(34)  
HP Color LaserJet 3500"  Chr(34)

Chr(34) 
is how you get quotes into a string  at least its the only way Ive ever 
gotten to work my WSH doesnt seem to like the double quotes I see some people 
use sometimes (i.e. MsgBox I 
said, Hello. would always give me an error. MsgBox I said,   chr(34)  
Hello.  Chr(34) works)

Rich


---Rich 
MilburnMCSE, 
Microsoft MVP - Directory ServicesSr 
Network Analyst, Field Platform DevelopmentApplebee's International, 
Inc.4551 W. 107th 
StOverland Park, KS 
66207913-967-2819--I love 
the smell of red herrings in the morning - 
anonymous




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Noah 
EigerSent: Wednesday, December 
07, 2005 1:10 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Help with _vbscript_ to 
map printers

Hi 


I am 
trying to modify a VBS found on the Internet to map multiple printers. This will 
be run for every user in an OU. I keep getting the following error for line 8: 
8007007B - The filename, directory name or volume syntax is 
incorrect

I have 
played around with the syntax but think I am missing something very basic here. 
Any thoughts?

I got 
this from: 
http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers

' 
Poached from Guy Thomas February 2004.
' 
**
Dim 
multiPrinter, UNCpath1, UNCpath2, UNCpath3
UNCpath1 = "\\server.abc.private\HP Color LaserJet 
3500"
UNCpath2 = "\\server.abc.private\HP LaserJet 
3300"
UNCpath2 = "\\server.abc.private\HP LaserJet 
5000"
Set 
multiPrinter = CreateObject("WScript.Network") 
multiPrinter.AddWindowsPrinterConnection 
UNCpath1
multiPrinter.AddWindowsPrinterConnection 
UNCpath2
multiPrinter.AddWindowsPrinterConnection 
UNCpath3

' 
WScript.Echo "Your printer is mapped from : "  UNCpath1 
_
' 
 "and from : "  UNCpath2
WScript.Quit
' End 
of _vbscript_




---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- 
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or 
any attachments. This information is strictly confidential and may be subject to 
attorney-client privilege. This message is intended only for the use of the 
named addressee. If you are not the intended recipient of this message, 
unauthorized forwarding, printing, copying, distribution, or using such 
information is strictly prohibited and may be unlawful. If you have received 
this in error, you should kindly notify the sender by reply e-mail and 
immediately destroy this message. Unauthorized interception of this e-mail is a 
violation of federal criminal law. Applebee's International, Inc. reserves the 
right to monitor and review the content of all messages sent to and from this 
e-mail address. Messages sent to or from this e-mail address may be stored on 
the Applebee's International, Inc. e-mail system. 




--No virus found in this outgoing message.Checked by AVG 
Free Edition.Version: 7.1.371 / Virus Database: 267.13.12/194 - Release 
Date: 12/7/2005


smime.p7s
Description: S/MIME cryptographic signature

[ActiveDir] logon scripts

[Tom Kern]

What happends if you have 2 differentlogon scripts for users-
one in the legacy location and one in a domain GPO?

how do they execute?
does one start sooner?
are there any issues with doing things this way for a short time period?

Both scripts do completley different things.

Thanks

Re: [ActiveDir] Help with VB script to map printers

[Paul Wilkinson]

Try multiPrinter.AddWindowsPrinterConnection \\server.abc.private\HP Color LaserJet 3500etc.Rewrite it all out in a basic text editor like notepad to ensure you aren't getting some hidden character junk.
Btw, I've confirmed in one of my login scripts that has the same line, and it works with a printer share that has spaces. No need for extra quotes.On 12/7/05, 
Noah Eiger [EMAIL PROTECTED] wrote:














Hi –



I am
trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I got
this from: http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers




'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



' WScript.Echo
Your printer is mapped from :   UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

' End
of _vbscript_








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

-- Paul Wilkinson[EMAIL PROTECTED]

[ActiveDir] DNS Question

[Figueroa, Johnny]

As I am getting ready to migrate a number of zones from a QIP DNS server
to a Microsoft DNS server, I have a concern about giving support folks
access to the DNS MMC. Some folks just need to be able to use the MMC to
troubleshoot, so I thought I would give them Read Only access to DNS.
I see dhcp and wins users (view only) but I do not see the same thing
for DNS.

I created a test user in the domain, I tried to start the DNS mmc and it
told me that access was denied. I then went to the DNS server object and
gave the user list and read access to the objects. To my surprise the
test userid was able to add or delete DNS records in the AD DNS zone. It
probably should not be a surprise since the zone is AD integrated and
set to secure updates. I take it this means that as long as a user is a
member of the domain, they CAN create and delete resource records in
DNS. I take it all I did was expose the UI by giving the user read
access to the objects.

How do you mitigate this?

Thanks

Johnny Figueroa
Enterprise Network Consultant/Integrator
Network Services Banner Health Voice (602)
495-4195 Fax (602) 495-4406
 
WARNING: This message, and any attachments, are intended only for the
use of the individual or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law.  If the reader of this message is not the intended
recipient or employee/agent responsible for delivering the message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of the communication is strictly prohibited.  If
you receive this communication in error, please notify us immediately

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] logon scripts

[Darren Mar-Elia]

Tom-
Its not a problem to do this. Both will end up running at 
roughly the same time (independent of one another) and by default will run 
asynchronous to the Explorer shell being up and available (i.e. before the user 
sees their desktop). So, just make that you are not relying on one script 
completing before the other runs.

Darren


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tom 
KernSent: Wednesday, December 07, 2005 12:58 PMTo: 
activedirectorySubject: [ActiveDir] logon 
scripts

What happends if you have 2 differentlogon scripts for users-
one in the legacy location and one in a domain GPO?

how do they execute?
does one start sooner?
are there any issues with doing things this way for a short time 
period?

Both scripts do completley different things.

Thanks

RE: [ActiveDir] Help with VB script to map printers

[Noah Eiger]

Ok. The problem appears to be that I was
testing it on the machine that held the shares. I was under the (mistaken)
impression that you could map a network printer on the machine that is sharing
that printer  just as you can do with file shares. Guess not. When I tried it
(finally) from a workstation, the original script ran correctly.



This process has led me to other
questions:

- So far, all of these printers have the
default Windows drivers. What if I try to automate the install of a new printer
or want to specify a different driver? 

- If the printer is already installed, the
script appears to leave it alone. Is it actually leaving it alone or is it just
writing over it? If someone has made a change to the printer under their
profile, will that get wiped away?



Thanks again for all the help.



-- nme













From: Paul Wilkinson
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 07, 2005
1:42 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Help with
_vbscript_ to map printers





Try 

multiPrinter.AddWindowsPrinterConnection \\server.abc.private\HP Color
LaserJet 3500
etc.

Rewrite it all out in a basic text editor like notepad to ensure you aren't
getting some hidden character junk. 

Btw, I've confirmed in one of my login scripts that has the same line, and it
works with a printer share that has spaces. No need for extra
quotes.





On 12/7/05, Noah
Eiger [EMAIL PROTECTED]
wrote:



Hi




I
am trying to modify a VBS found on the Internet to map multiple printers. This
will be run for every user in an OU. I keep getting the following error for
line 8: 8007007B - The filename, directory name or volume syntax is incorrect



I
have played around with the syntax but think I am missing something very basic
here. Any thoughts?



I
got this from: http://www.computerperformance.co.uk/ezine/ezine16.htm#Example%203:%20Mapping%20Multiple%20Printers




'
Poached from Guy Thomas February 2004.

'
**

Dim
multiPrinter, UNCpath1, UNCpath2, UNCpath3

UNCpath1
= \\server.abc.private\HP Color LaserJet 3500

UNCpath2
= \\server.abc.private\HP LaserJet 3300

UNCpath2
= \\server.abc.private\HP LaserJet 5000

Set
multiPrinter = CreateObject(WScript.Network) 

multiPrinter.AddWindowsPrinterConnection
UNCpath1

multiPrinter.AddWindowsPrinterConnection
UNCpath2

multiPrinter.AddWindowsPrinterConnection
UNCpath3



'
WScript.Echo Your printer is mapped from :  
UNCpath1 _

'
 and from :   UNCpath2

WScript.Quit

'
End of _vbscript_





--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005






-- 
Paul Wilkinson
[EMAIL PROTECTED] 

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005










--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/194 - Release Date: 12/7/2005
 

RE: [ActiveDir] Ntds.dit file corruption

[Rick Kingslan]

Replication is at an attribute level and the corruption is 
usually a bit flip - whichisn't replicated. The data itself (a table 
or an index) is checked and if found to be invalid, I *believe* (joe, ~Eric, 
brettsh) is marked as such and is no longer replicated.

-r

--Posting is provided "AS IS", and confers no rights or 
warranties ... 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Tuesday, December 06, 2005 2:49 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Ntds.dit file corruption

Is this guaranteed? How can we/you be sure that the system 
will recognise the corruptions and therefore not replicate them? Surely this is 
akin to the new feature added to e2k3 sp1, but which is (sadly) missing from 
AD(?)

I must be missing a subtle point - please show me the light 
:)


neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Steve 
LinehanSent: 05 December 2005 19:26To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file 
corruption

We do not replicate corruption so if you have local 
corruption as noted below there is no worry that it would replicate around to 
other servers in the environment.

Thanks,

-Steve


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Phil 
RenoufSent: Monday, December 05, 2005 1:04 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Ntds.dit file 
corruption

Will Read Only DC's take care of this? I don't know much about them yet, 
but it makes sense that if the copy of the dit that a DC has is RO that it won't 
try to replicate that anywhere and would only be the recipient of replication. 
Anyone with more knowledge about how RO DC's will work to comment on that? 


Phil
On 12/5/05, Medeiros, 
Jose [EMAIL PROTECTED] 
wrote: 
Well 
  at least the corruption occurred on just a single DC. One thing that has 
  bugged me about Active Directory is not being able to select if you want a DC 
  in a remote office to not have the ability to replicate back in a large 
  enterprise environment. Since most remote offices only have a few people at 
  the location and a DC is usually placed for improvised logon and 
  authentication time, many companies will either use a very low end server or a 
  very old decommissioned one from their production data center ( Which is 
  probably close to useable life ). I am always concerned that once the NTDS.DIT 
  file becomes corrupt it will replicate the corruption to the other DC's in the 
  Forrest.Maybe I am just being a worry wort and this really is not an 
  issue.Sincerely,Jose MedeirosADP | National Account 
  Services ProBusiness Division | Information Services925.737.7967 | 
  408-449-6621 CELL-Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Susan Bradley,CPA aka Ebitz - SBS Rocks [MVP]Sent: Monday, 
  December 05, 2005 8:53 AMTo: ActiveDir@mail.activedir.orgSubject: 
  Re: [ActiveDir] Ntds.dit file corruptionI did? :-)I 
  think I still said all I know is what the poster said:-)I 
  think I need a course in event log reading because even with the logs, and 
  the default size of the logs, I still don't see a smoking 
  gun.Thedirectory services one is filled with events 'post' 
  blow up.What is interesting is that it seems to me big server land 
  goes .. ohyeah... ntds.dit corruption... and sbsland freaks 
  out.Either we doindeed need to ensure we have a secondary DC 
  or we need to park a secondcopy of a system state offsite [say at the 
  vap/var]Brett Shirley wrote: She replied offline, very likely 
  a single bit flip, tragedy, they aren't one release later (Longhorn), 
  where this would've probably been non-disruptively handled, logged, 
  and possibly self-healed: http://blogs.technet.com/efleis/archive/2005/01.aspx 
  Anyway, this kind of thing is usually hardware ... While there 
  are much better disk sub-system testers, one that is freely  available 
  to any box with Exchange is jetstress.You might give that 
  a try.If you can reproduce the event / error with 
  jetstress I would not use that box in production. If 
  you do reproduce the issue several times (several times is key, as you 
   want a trend before you start playing the variable game), some 
  things you might vary (one at a time):- 
  Try making sure you have the latest driver and motherboard / 
  controller firmware.Then see if you can reproduce. 
  - Try a different RAID configuration, such as 
  RAID1/RAID1+0 if you're on RAID5.- Try 
  swapping out the hard drives, one at a time.- 
  Adding the jetstress files to the exclude list in the Anti-Virus  
  software. (A low probablility, I've never heard of Anit-Virus causing 
  this paticular type of error, and I can't imagine the mistake an 
  anti-virus product would have to have to cause this side effect) 
  - If you can reproduce it several times, you could 
  followup with Dell. Good luck. I'm not sure if I 
  answered your question ... 

[ActiveDir] Listserv software with Active Directory intergration

[Steve Shaff]

Group,

Does anyone know of a piece of software
for creating / maintaining listserv(s) that integrates with Active Directory
and/or Sharepoint? Management wants to createcollaboration
between departments and other groups, internally, for issues or discussions.
They looked at the Sharepoint collab, but it was not robust enough for them. 

Any thoughts?

Thanks
S

RE: [ActiveDir] Help with VB script to map printers

[Ken Schaefer]

--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Thursday, 8 December 2005 7:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Help with VB script to map printers

: my WSH doesn't seem to like the double quotes I see some people 
: use sometimes (i.e. MsgBox I said, Hello. would always give me an
error.

You'd get an unterminated string constant error if you ran that code
snippet :-)

MsgBox I said, Hello. would work

Cheers
Ken
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] VBScript help(OT)

[Tom Kern]

I have this _vbscript_ i wrote/stole tomove all files with an .eml extension from many subdirs into a folder only if the folder is empty and only to move 999 at a time.

it works great except when it sees files with duplicate names it bombs out while moving them.
i'd like it to rename the dup(maybe add some random #'s or characters to the end) and continune movingall thefiles.

I think I have to use FileExists method and Select...Case but I'm not sure how.

Was wondering if anyone could help me with this.

Here is the code-



source=H:\tempxtendertarget=c:\inetpub\mailroot\drop\
Set fso = CreateObject(Scripting.FileSystemObject)set root=fso.getFolder(source)set targ=fso.getFolder(target)
dim full
doif targ.files.count=0 then full=falseif full=false then call folderlist(root)wscript.sleep 1000loop
sub folderlist(grp)call filelist(grp)if full then exit subfor each fldr in grp.subFolders set nf=fso.GetFolder(fldr.path) call folderlist(nf) set nf=nothingnextend sub
sub filelist(grp)for each file in grp.files if targ.files.count=999 then full=true:exit for if lcase(fso.getextensionname) = eml then file.move targetnextend sub


My aologies for bugging you guys with this OT.

Thanks

[ActiveDir] Bit OT: ports needed to authenticate

[Bruyere, Michel]

Hi, 
Can someone tell me the ports that I need to open for a server
behind a firewall to authenticate to the DCs. 

It's a secured space but it need to be on another interface of a PIX
(call it secure DMZ if you want). I know that it's not the best
configuration, but I need to make it work.


Thanks! 




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Bit OT: ports needed to authenticate

[Tomasz Onyszko]

Bruyere, Michel wrote:
Hi, 
	Can someone tell me the ports that I need to open for a server
behind a firewall to authenticate to the DCs. 


It's a secured space but it need to be on another interface of a PIX
(call it secure DMZ if you want). I know that it's not the best
configuration, but I need to make it work.


This document should be helpful:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767-a9166368434eDisplayLang=en


--
Tomasz Onyszko
http://www.w2k.pl
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Ntds.dit file corruption

[Rick Kingslan]

I've been informed that I'm wrong on this. Please 
ignore, and listen to joe/~Eric/Dean/Brett/Anyone else.

Cheers!

-r

--Posting is provided "AS IS", and confers no rights or 
warranties ... 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Rick 
KingslanSent: Wednesday, December 07, 2005 5:19 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file 
corruption

Replication is at an attribute level and the corruption is 
usually a bit flip - whichisn't replicated. The data itself (a table 
or an index) is checked and if found to be invalid, I *believe* (joe, ~Eric, 
brettsh) is marked as such and is no longer replicated.

-r

--Posting is provided "AS IS", and confers no rights or 
warranties ... 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
[EMAIL PROTECTED]Sent: Tuesday, December 06, 2005 2:49 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
Ntds.dit file corruption

Is this guaranteed? How can we/you be sure that the system 
will recognise the corruptions and therefore not replicate them? Surely this is 
akin to the new feature added to e2k3 sp1, but which is (sadly) missing from 
AD(?)

I must be missing a subtle point - please show me the light 
:)


neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Steve 
LinehanSent: 05 December 2005 19:26To: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ntds.dit file 
corruption

We do not replicate corruption so if you have local 
corruption as noted below there is no worry that it would replicate around to 
other servers in the environment.

Thanks,

-Steve


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Phil 
RenoufSent: Monday, December 05, 2005 1:04 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Ntds.dit file 
corruption

Will Read Only DC's take care of this? I don't know much about them yet, 
but it makes sense that if the copy of the dit that a DC has is RO that it won't 
try to replicate that anywhere and would only be the recipient of replication. 
Anyone with more knowledge about how RO DC's will work to comment on that? 


Phil
On 12/5/05, Medeiros, 
Jose [EMAIL PROTECTED] 
wrote: 
Well 
  at least the corruption occurred on just a single DC. One thing that has 
  bugged me about Active Directory is not being able to select if you want a DC 
  in a remote office to not have the ability to replicate back in a large 
  enterprise environment. Since most remote offices only have a few people at 
  the location and a DC is usually placed for improvised logon and 
  authentication time, many companies will either use a very low end server or a 
  very old decommissioned one from their production data center ( Which is 
  probably close to useable life ). I am always concerned that once the NTDS.DIT 
  file becomes corrupt it will replicate the corruption to the other DC's in the 
  Forrest.Maybe I am just being a worry wort and this really is not an 
  issue.Sincerely,Jose MedeirosADP | National Account 
  Services ProBusiness Division | Information Services925.737.7967 | 
  408-449-6621 CELL-Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Susan Bradley,CPA aka Ebitz - SBS Rocks [MVP]Sent: Monday, 
  December 05, 2005 8:53 AMTo: ActiveDir@mail.activedir.orgSubject: 
  Re: [ActiveDir] Ntds.dit file corruptionI did? :-)I 
  think I still said all I know is what the poster said:-)I 
  think I need a course in event log reading because even with the logs, and 
  the default size of the logs, I still don't see a smoking 
  gun.Thedirectory services one is filled with events 'post' 
  blow up.What is interesting is that it seems to me big server land 
  goes .. ohyeah... ntds.dit corruption... and sbsland freaks 
  out.Either we doindeed need to ensure we have a secondary DC 
  or we need to park a secondcopy of a system state offsite [say at the 
  vap/var]Brett Shirley wrote: She replied offline, very likely 
  a single bit flip, tragedy, they aren't one release later (Longhorn), 
  where this would've probably been non-disruptively handled, logged, 
  and possibly self-healed: http://blogs.technet.com/efleis/archive/2005/01.aspx 
  Anyway, this kind of thing is usually hardware ... While there 
  are much better disk sub-system testers, one that is freely  available 
  to any box with Exchange is jetstress.You might give that 
  a try.If you can reproduce the event / error with 
  jetstress I would not use that box in production. If 
  you do reproduce the issue several times (several times is key, as you 
   want a trend before you start playing the variable game), some 
  things you might vary (one at a time):- 
  Try making sure you have the latest driver and motherboard / 
  controller firmware.Then see if you can reproduce. 
  - Try a different RAID configuration, such as 
  RAID1/RAID1+0 if you're on RAID5.- Try 
  swapping out the hard drives, one at a time.- 
  Adding the 

RE: [ActiveDir] VBScript help(OT)

[Brian Desmond]

I dont see the need for a select case, but File.Exists would help.



What I would do is something like this



Dim moveName

moveName = CurrentNameOfFile



While TargetFolder.FileExists(currentNameofFile)

 currentNameOfFile = currentNameofFile + Cstr(Int(Rnd * 1))

Wend



moveTheFile()



Rnd*1000 will get you some random # 0  1000 int makes it an
integer and cstr makes it a string. 





Thanks,
Brian Desmond

[EMAIL PROTECTED]



c -
312.731.3132















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, December 07, 2005
7:01 PM
To: activedirectory
Subject: [ActiveDir] _vbscript_
help(OT)







I have this _vbscript_ i wrote/stole tomove all files with an .eml
extension from many subdirs into a folder only if the folder is empty and
only to move 999 at a time.











it works great except when it sees files with duplicate names it bombs
out while moving them.





i'd like it to rename the dup(maybe add some random #'s or characters
to the end) and continune movingall thefiles.











I think I have to use FileExists method and
Select...Case but I'm not sure how.











Was wondering if anyone could help me with this.











Here is the code-

















source=H:\tempxtender
target=c:\inetpub\mailroot\drop\

Set fso =
CreateObject(Scripting.FileSystemObject)
set root=fso.getFolder(source)
set targ=fso.getFolder(target)

dim full

do
if targ.files.count=0 then full=false
if full=false then call folderlist(root)
wscript.sleep 1000
loop

sub
folderlist(grp)
call filelist(grp)
if full then exit sub
for each fldr in grp.subFolders
 set nf=fso.GetFolder(fldr.path)
 call folderlist(nf)
 set nf=nothing
next
end sub

sub
filelist(grp)
for each file in grp.files
 if targ.files.count=999 then full=true:exit for
 if lcase(fso.getextensionname) = eml then file.move
target
next
end sub





My
aologies for bugging you guys with this OT.



Thanks

RE: [ActiveDir] logon scripts

[Jeff Salisbury]

We had this happen by accident for a short time. The 
old logon script specied in the user account properties was running as well as 
the desired logon script, which we tie to AD Sites. Both were running, and if I 
remember right the drive mappings in the legacy script were winning - which 
would mean that it was running after the script that was triggered by group 
policy. I don't think there is any harm provided there aren't conflicting drive 
mappings or other settings where script timing would need to be verified and 
accounted for.
Jeff

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tom 
  KernSent: Wednesday, December 07, 2005 12:58 PMTo: 
  activedirectorySubject: [ActiveDir] logon 
  scripts
  
  What happends if you have 2 differentlogon scripts for users-
  one in the legacy location and one in a domain GPO?
  
  how do they execute?
  does one start sooner?
  are there any issues with doing things this way for a short time 
  period?
  
  Both scripts do completley different things.
  
  Thanks
ConfidentialThis e-mail and any files transmitted with 
it are the propertyof Belkin Corporation and/or its affiliates, are 
confidential,and are intended solely for the use of the individual 
orentity to whom this e-mail is addressed. If you are not oneof 
the named recipients or otherwise have reason to believethat you have 
received this e-mail in error, please notify thesender and delete this 
message immediately from your computer.Any other use, retention, 
dissemination, forwarding, printingor copying of this e-mail is strictly 
prohibited.

Re: [ActiveDir] VBScript help(OT)

[Tom Kern]

Thanks.

My real problem is, I'm not sure where to put that in my exisiting script without screwing things up

Should that be a seperate sub?

Thanks again
On 12/7/05, Brian Desmond [EMAIL PROTECTED] wrote:


I don't see the need for a select case, but File.Exists would help.

What I would do is something like this

Dim moveName
moveName = CurrentNameOfFile

While TargetFolder.FileExists(currentNameofFile)
 currentNameOfFile = currentNameofFile + Cstr(Int(Rnd * 1))
Wend

'moveTheFile()

Rnd*1000 will get you some random # 0 – 1000 int makes it an integer and cstr makes it a string. 



Thanks,
Brian Desmond

[EMAIL PROTECTED]

c - 312.731.3132






From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
On Behalf Of Tom KernSent: Wednesday, December 07, 2005 7:01 PMTo: activedirectory
Subject: [ActiveDir] _vbscript_ help(OT)



I have this _vbscript_ i wrote/stole tomove all files with an .eml extension from many subdirs into a folder only if the folder is empty and only to move 999 at a time.




it works great except when it sees files with duplicate names it bombs out while moving them.

i'd like it to rename the dup(maybe add some random #'s or characters to the end) and continune movingall thefiles.



I think I have to use FileExists method and Select...Case but I'm not sure how.



Was wondering if anyone could help me with this.



Here is the code-





source=H:\tempxtendertarget=c:\inetpub\mailroot\drop\
Set fso = CreateObject(Scripting.FileSystemObject)set root=fso.getFolder(source)set targ=fso.getFolder(target)
dim full
doif targ.files.count=0 then full=falseif full=false then call folderlist(root)wscript.sleep 1000loop
sub folderlist(grp)call filelist(grp)if full then exit subfor each fldr in grp.subFolders set nf=fso.GetFolder(fldr.path) call folderlist(nf)
 set nf=nothingnextend sub
sub filelist(grp)for each file in grp.files if targ.files.count=999 then full=true:exit for if lcase(fso.getextensionname) = eml then 
file.move targetnextend sub


My aologies for bugging you guys with this OT.

Thanks

Re: [ActiveDir] logon scripts

[Tom Kern]

The 2nd script reads a value from HKCU\Software and writes it to file

I need to read a value from it but I can only access it when the current user is logged on.

I don't know how else to gain access to that key since i don't know the user's sid, so i put it into a user logon script via GPO so i can read it when the user logs on and that key is loaded.

should i run scripts sycncronously to get this key or is there a way to read it without the user logged on?
thanks
On12/7/05, Jeff Salisbury [EMAIL PROTECTED] wrote:

We had this happen by accident for a short time. The old logon script specied in the user account properties was running as well as the desired logon script, which we tie to AD Sites. Both were running, and if I remember right the drive mappings in the legacy script were winning - which would mean that it was running after the script that was triggered by group policy. I don't think there is any harm provided there aren't conflicting drive mappings or other settings where script timing would need to be verified and accounted for.

Jeff



From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, December 07, 2005 12:58 PMTo: activedirectorySubject: [ActiveDir] logon scripts

What happends if you have 2 differentlogon scripts for users-
one in the legacy location and one in a domain GPO?

how do they execute?
does one start sooner?
are there any issues with doing things this way for a short time period?

Both scripts do completley different things.

Thanks
ConfidentialThis e-mail and any files transmitted with it are the propertyof Belkin Corporation and/or its affiliates, are confidential,and are intended solely for the use of the individual or
entity to whom this e-mail is addressed. If you are not oneof the named recipients or otherwise have reason to believethat you have received this e-mail in error, please notify thesender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printingor copying of this e-mail is strictly prohibited.

RE: [ActiveDir] Listserv software with Active Directory intergration

[Ed Crowley [MVP]]

Here are the ones I've 
heard of.
Build your own:
http://www.ftponline.com/wss/2002_04/magazine/columns/maximumexchange/
Exchange-based products:
http://www.ikakura.com/
http://www.gfi.com/mes/ 
(More than just a list server)

Ed Crowley MCSE+Internet MVPFreelance E-Mail 
PhilosopherProtecting the world from PSTs and Bricked 
Backups!



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Steve 
ShaffSent: Wednesday, December 07, 2005 3:33 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Listserv software 
with Active Directory intergration



Group,
Does anyone know of a 
piece of software for creating / maintaining listserv(s) that integrates with 
Active Directory and/or Sharepoint? Management wants to 
createcollaboration between departments and other groups, internally, for 
issues or discussions. They looked at the Sharepoint collab, but it was 
not robust enough for them. 
Any 
thoughts?
ThanksS

RE: [ActiveDir] VBScript help(OT)

[Brian Desmond]

if lcase(fso.getextensionname) = eml then 

 Pseudo code from me



End if





Thanks,
Brian Desmond

[EMAIL PROTECTED]



c -
312.731.3132















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian
 Desmond
Sent: Wednesday, December 07, 2005
7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] _vbscript_
help(OT)





I dont see the need for a select case, but File.Exists would help.



What I would do is something like this



Dim moveName

moveName = CurrentNameOfFile



While TargetFolder.FileExists(currentNameofFile)


currentNameOfFile = currentNameofFile + Cstr(Int(Rnd * 1))

Wend



moveTheFile()



Rnd*1000 will get you some random # 0  1000 int makes it an
integer and cstr makes it a string. 





Thanks,
Brian Desmond

[EMAIL PROTECTED]



c -
312.731.3132















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, December 07, 2005
7:01 PM
To: activedirectory
Subject: [ActiveDir] _vbscript_
help(OT)







I have this _vbscript_ i wrote/stole tomove all files with an .eml
extension from many subdirs into a folder only if the folder is empty and
only to move 999 at a time.











it works great except when it sees files with duplicate names it bombs
out while moving them.





i'd like it to rename the dup(maybe add some random #'s or characters
to the end) and continune movingall thefiles.











I think I have to use FileExists method and
Select...Case but I'm not sure how.











Was wondering if anyone could help me with this.











Here is the code-

















source=H:\tempxtender
target=c:\inetpub\mailroot\drop\

Set fso =
CreateObject(Scripting.FileSystemObject)
set root=fso.getFolder(source)
set targ=fso.getFolder(target)

dim full

do
if targ.files.count=0 then full=false
if full=false then call folderlist(root)
wscript.sleep 1000
loop

sub
folderlist(grp)
call filelist(grp)
if full then exit sub
for each fldr in grp.subFolders
 set nf=fso.GetFolder(fldr.path)
 call folderlist(nf)
 set nf=nothing
next
end sub

sub
filelist(grp)
for each file in grp.files
 if targ.files.count=999 then full=true:exit for
 if lcase(fso.getextensionname) = eml then file.move target
next
end sub





My
aologies for bugging you guys with this OT.



Thanks

RE: [ActiveDir] VBScript help(OT)

[Ken Schaefer]

At the moment you have this line which does the copy:

if lcase(fso.getextensionname) = eml then file.move target

So, instead of doing the copy, check to see if the file exists at the target,
and if not do the copy. If it does exist, rename the file at the source, then
do the copy.

If LCase(FSO.getExtensionName) = eml Then

If objTarg.FileExists(strSourceFileName) Then

' Rename Source File

End If

' Now do the copy

End If

Cheers
Ken



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, 8 December 2005 12:00 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] VBScript help(OT)

Thanks.
 
My real problem is, I'm not sure where to put that in my exisiting script
without screwing things up
 
Should that be a seperate sub?
 
Thanks again

 
On 12/7/05, Brian Desmond [EMAIL PROTECTED] wrote: 
I don't see the need for a select case, but File.Exists would help.
 
What I would do is something like this
 
Dim moveName
moveName = CurrentNameOfFile
 
While TargetFolder.FileExists(currentNameofFile)
    currentNameOfFile = currentNameofFile + Cstr(Int(Rnd * 1))
Wend
 
'moveTheFile()
 
Rnd*1000 will get you some random # 0 - 1000 int makes it an integer and cstr
makes it a string. 
 
Thanks, 
Brian Desmond
[EMAIL PROTECTED]
 
c - 312.731.3132
 
 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, December 07, 2005 7:01 PM
To: activedirectory
Subject: [ActiveDir] VBScript help(OT)
 
I have this VBScript i wrote/stole to move all files with an .eml extension
from many subdirs  into a folder only if the folder is empty and only to move
999 at a time. 
 
it works great except when it sees files with duplicate names it bombs out
while moving them.
i'd like it to rename the dup(maybe add some random #'s or characters to the
end) and continune moving all the files.
 
I think I have to use FileExists method and Select...Case but I'm not
sure how.
 
Was wondering if anyone could help me with this.
 
Here is the code-
 
 
source=H:\tempxtender
target=c:\inetpub\mailroot\drop\
Set fso = CreateObject(Scripting.FileSystemObject)
set root=fso.getFolder(source)
set targ=fso.getFolder(target)
dim full
do
 if targ.files.count=0 then full=false
 if full=false then call folderlist(root)
 wscript.sleep 1000
loop
sub folderlist(grp)
 call filelist(grp)
 if full then exit sub
 for each fldr in grp.subFolders
  set nf=fso.GetFolder(fldr.path)
  call folderlist(nf) 
  set nf=nothing
 next
end sub
 sub filelist(grp)
 for each file in grp.files
  if targ.files.count=999 then full=true:exit for
   if lcase(fso.getextensionname) = eml then file.move target
 next
 end sub
 
 
My aologies for bugging you guys with this OT.
 
Thanks
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] VBScript help(OT)

[Tom Kern]

Oops, I guess i didn't check my code.

before i made any changes, i get Wrong number of arguments or invalid propery assignment:'fso.getextensionname'.

sorry.
I wonder why that is?
On 12/7/05, Ken Schaefer [EMAIL PROTECTED] wrote:
At the moment you have this line which does the copy:if lcase(fso.getextensionname) = eml then 
file.move targetSo, instead of doing the copy, check to see if the file exists at the target,and if not do the copy. If it does exist, rename the file at the source, thendo the copy.If LCase(FSO.getExtensionName
) = eml Then If objTarg.FileExists(strSourceFileName) Then ' Rename Source File End If ' Now do the copyEnd IfCheersKen
From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]
] On Behalf Of Tom KernSent: Thursday, 8 December 2005 12:00 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] _vbscript_ help(OT)Thanks.
My real problem is, I'm not sure where to put that in my exisiting scriptwithout screwing things upShould that be a seperate sub?Thanks againOn 12/7/05, Brian Desmond 
[EMAIL PROTECTED] wrote:I don't see the need for a select case, but File.Exists would help.What I would do is something like thisDim moveNamemoveName = CurrentNameOfFileWhile TargetFolder.FileExists
(currentNameofFile)currentNameOfFile = currentNameofFile + Cstr(Int(Rnd * 1))Wend'moveTheFile()Rnd*1000 will get you some random # 0 - 1000 int makes it an integer and cstrmakes it a string.
Thanks,Brian Desmond[EMAIL PROTECTED]c - 312.731.3132From: 
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, December 07, 2005 7:01 PMTo: activedirectory
Subject: [ActiveDir] _vbscript_ help(OT)I have this _vbscript_ i wrote/stole tomove all files with an .eml extensionfrom many subdirs into a folder only if the folder is empty and only to move999 at a time.
it works great except when it sees files with duplicate names it bombs outwhile moving them.i'd like it to rename the dup(maybe add some random #'s or characters to theend) and continune movingall thefiles.
I think I have to use FileExists method and Select...Case but I'm notsure how.Was wondering if anyone could help me with this.Here is the code-source=H:\tempxtender
target=c:\inetpub\mailroot\drop\Set fso = CreateObject(Scripting.FileSystemObject)set root=fso.getFolder(source)set targ=fso.getFolder(target)dim fulldoif targ.files.count=0
 then full=falseif full=false then call folderlist(root)wscript.sleep 1000loopsub folderlist(grp)call filelist(grp)if full then exit subfor each fldr in grp.subFoldersset nf=fso.GetFolder(fldr.path
)call folderlist(nf)set nf=nothingnextend subsub filelist(grp)for each file in grp.filesif targ.files.count=999 then full=true:exit forif lcase(fso.getextensionname) = eml then 
file.move targetnextend subMy aologies for bugging you guys with this OT.ThanksList info : http://www.activedir.org/List.aspxList FAQ: 
http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] DMZ domains and IPSec - looking for explanation re resource access and authentication

[Chakravarty, Sakti]

Title: DMZ domains and IPSec - looking for explanation re resource access and authentication






Hi all,


I'm looking for an explanation  this is a bit of a complicated scenario but I'll try to be succinct. Whilst I have a fair bit of AD experience, I'm not the AD administrator at my current place of work. The AD administrators are not forthcoming with information, hence my post here.

We have a corporate network with a Windows 2003 forest (mixed-mode) with multiple domains. We also have a DMZ, in which there is a separate Windows 2003 forest with a single domain. 

There is an IPSec policy set up between domain controllers in the DMZ domain and domain controllers in one of the domains in the corporate forest (I'll call it the internal domain).

There is a one-way trust, the DMZ domain trusts the internal domain.


Our aim is to provide access to resources in the DMZ domain, by using accounts in the internal domain.


My role includes managing Member Servers. We built a server in the internal domain, added some groups from that domain into the Administrators group, then physically moved it to the DMZ. Then, the names in the Administrators group would no longer resolve (since it is still a member of the internal domain, but physically disconnected from it). Next, we made the server a member of the DMZ domain, and the names now resolve. So, it seems the Member Server is talking to the DMZ DC which is querying the internal DC to resolve the name.

What we cannot do, is log onto the Member Server in the DMZ and add an account from the internal domain. The reasoning we are given is that the IPSec policy and trust is between DCs only, and not the Member Server. If the DMZ Domain Admin logs onto the DMZ DC, then makes a Computer Management connection to the Member Server, then groups from the internal domain can be added to the Member Server.

Can anyone explain to me why this is so? I don't understand why resolving names is different to adding a user, it seems to me the same authentication path is followed.

Thanks in advance

Sakti



**This message is intended for the addressee named and may containprivileged information or confidential information or both. If youare not the intended recipient please delete it and notify the sender.**

[ActiveDir] What to do with FSMO's

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Brian Puhl's Weblog : What to do with FSMO roles...:
http://blogs.technet.com/bpuhl/archive/2005/12/07/415761.aspx

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] logon scripts

[Darren Mar-Elia]

Yes, your best bet is probably to set that GP logon script 
to run synchronously, which gives you a better chance of being able to read out 
of HKCU after its loaded.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tom 
KernSent: Wednesday, December 07, 2005 5:35 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] logon 
scripts

The 2nd script reads a value from HKCU\Software and writes it to 
file

I need to read a value from it but I can only access it when the current 
user is logged on.

I don't know how else to gain access to that key since i don't know the 
user's sid, so i put it into a user logon script via GPO so i can read it when 
the user logs on and that key is loaded.

should i run scripts sycncronously to get this key or is there a way to 
read it without the user logged on?
thanks
On12/7/05, Jeff 
Salisbury [EMAIL PROTECTED] 
wrote: 

  We had 
  this happen by accident for a short time. The old logon script specied in the 
  user account properties was running as well as the desired logon script, which 
  we tie to AD Sites. Both were running, and if I remember right the drive 
  mappings in the legacy script were winning - which would mean that it was 
  running after the script that was triggered by group policy. I don't think 
  there is any harm provided there aren't conflicting drive mappings or other 
  settings where script timing would need to be verified and accounted for. 
  
  Jeff
  


From: [EMAIL PROTECTED] [mailto: 
[EMAIL PROTECTED]] On Behalf Of Tom 
KernSent: Wednesday, December 07, 2005 12:58 PMTo: 
activedirectorySubject: [ActiveDir] logon 
scripts

What happends if you have 2 differentlogon scripts for 
users-
one in the legacy location and one in a domain GPO?

how do they execute?
does one start sooner?
are there any issues with doing things this way for a short time 
period?

Both scripts do completley different things.

Thanks
  ConfidentialThis e-mail and any files transmitted 
  with it are the propertyof Belkin Corporation and/or its affiliates, are 
  confidential,and are intended solely for the use of the individual or 
  entity to whom this e-mail is addressed. If you are not oneof 
  the named recipients or otherwise have reason to believethat you have 
  received this e-mail in error, please notify thesender and delete this 
  message immediately from your computer. Any other use, retention, 
  dissemination, forwarding, printingor copying of this e-mail is strictly 
  prohibited.