RE: [ActiveDir] AD Lag Sites
/lurkerHi All,Forgive me a second whilst I ramble on 'cos thisIS going to be a ramble, then shoot me down in flames at the end!The problem with DR is getting the data from somewhere. Typically we go back to tape, which depending on when the last successful backup took place gives you a bit of a wide window to play with. Not good if you're going back some 24 hours/days etc...To get better coverage of times we kicked about with lag sites. Trouble is, and this has already been noted, replication and timings can scupper the intentions of lag sites and where do you stop. Is one enough, is one for every hour of the day enough?Microsoft released this white paper on fast recovery with AD using SAN's and disk imaging. http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspxNow, I'm currently playing with using Microsoft's in-built disk snapshotting to provide something similar. So on a pure DC server I've set it up to snapsnot it's disks everyhour. And then I get to chose which hour that I go back to and use as my recovered backup. After all it's the same tech that's used when you actually do a backup.No need for a lag site, just pick the hour on the timeline and restore from that DC. Ok so it means that you might need bigger disk and you can only snapshot down to 30mins. But if you're a bit creative with a few DC's then you can get much better coverage than lag sites without the need for more DC's or creative subnetting.Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag sites. I'm not going to bore with the how's and where's but it might stimulate some discussion. Oh and I realise that this is way far from perfect.Curious to know if anyone has done this or thought about it if nothing else. Paul.Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800 I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these major AD DR players should commission a study heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd
RE: [ActiveDir] AD Lag Sites
As I stated earlier, we need to differentiate between
object restores (via lag sites) and true DR (which the MS paper deals with).
Restoring a user differs to the restoration of a DC, which differs again to the
restoration of a domain and/or forest.
Objects can be restored using 3rd party tools (which back
up the database and all attributes regularly) and/or via lag
sites.
True DR needs (IMO) a separate physical location, separate
physical machines along with DR processes and technologies.
Requirements need to be gathered so that the optimal
solution can be found.
What are you trying to achieve?
neilPS I tried to curb my habit of waffling
:)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PAUL
MAYESSent: 08 March 2006 13:13To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD Lag
Sites
/lurker
Hi All,
Forgive me a second whilst I ramble on 'cos thisIS going to be a
ramble, then shoot me down in flames at the end!
The problem with DR is getting the data from somewhere. Typically we go
back to tape, which depending on when the last successful backup took place
gives you a bit of a wide window to play with. Not good if you're going back
some 24 hours/days etc...
To get better coverage of times we kicked about with lag sites. Trouble is,
and this has already been noted, replication and timings can scupper the
intentions of lag sites and where do you stop. Is one enough, is one for every
hour of the day enough?
Microsoft released this white paper on fast recovery with AD using SAN's
and disk imaging.
http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx
Now, I'm currently playing with using Microsoft's in-built disk
snapshotting to provide something similar. So on a pure DC server I've set it up
to snapsnot it's disks everyhour. And then I get to chose which hour that
I go back to and use as my recovered backup. After all it's the same tech that's
used when you actually do a backup.
No need for a lag site, just pick the hour on the timeline and restore from
that DC. Ok so it means that you might need bigger disk and you can only
snapshot down to 30mins. But if you're a bit creative with a few DC's then you
can get much better coverage than lag sites without the need for more DC's or
creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far
playing with VSS is kind of casting doubt on plans for one or multiple lag
sites. I'm not going to bore with the how's and where's but it might stimulate
some discussion.
Oh and I realise that this is way far from perfect.
Curious to know if anyone has done this or thought about it if nothing
else.
Paul.
Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800
I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these
major AD DR players should commission a study heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A
Re: [ActiveDir] AD Lag Sites
PAUL MAYES wrote: (...) No need for a lag site, just pick the hour on the timeline and restore from that DC. Ok so it means that you might need bigger disk and you can only snapshot down to 30mins. But if you're a bit creative with a few DC's then you can get much better coverage than lag sites without the need for more DC's or creative subnetting. Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag sites. I'm not going to bore with the how's and where's but it might stimulate some discussion. (...) You can't use images or snapshots as a backup\recovery solutions for DC because You are risking getting into USN roll-back problem. Search through ActivDir.org archives for USN roll-back and You will find good explanation of this problem. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lag Sites
Title: Message Hi Paul, do you use the disk snapshots to provide the ability to restore an object or the whole DC (and therefore the whole Active Directory database), or both? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PAUL MAYESSent: 08 Mar 2006 13:13To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD Lag Sites /lurker Hi All, Forgive me a second whilst I ramble on 'cos thisIS going to be a ramble, then shoot me down in flames at the end! The problem with DR is getting the data from somewhere. Typically we go back to tape, which depending on when the last successful backup took place gives you a bit of a wide window to play with. Not good if you're going back some 24 hours/days etc... To get better coverage of times we kicked about with lag sites. Trouble is, and this has already been noted, replication and timings can scupper the intentions of lag sites and where do you stop. Is one enough, is one for every hour of the day enough? Microsoft released this white paper on fast recovery with AD using SAN's and disk imaging. http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx Now, I'm currently playing with using Microsoft's in-built disk snapshotting to provide something similar. So on a pure DC server I've set it up to snapsnot it's disks everyhour. And then I get to chose which hour that I go back to and use as my recovered backup. After all it's the same tech that's used when you actually do a backup. No need for a lag site, just pick the hour on the timeline and restore from that DC. Ok so it means that you might need bigger disk and you can only snapshot down to 30mins. But if you're a bit creative with a few DC's then you can get much better coverage than lag sites without the need for more DC's or creative subnetting. Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag sites. I'm not going to bore with the how's and where's but it might stimulate some discussion. Oh and I realise that this is way far from perfect. Curious to know if anyone has done this or thought about it if nothing else. Paul. Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800 I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these major AD DR players should commission a study heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. �
RE: [ActiveDir] AD Lag Sites
The MS paper illustrates a way to achieve this without the USN issue.
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: 08 March 2006 13:30
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Lag Sites
PAUL MAYES wrote:
(...)
No need for a lag site, just pick the hour on the timeline and restore
from that DC. Ok so it means that you might need bigger disk and you
can only snapshot down to 30mins. But if you're a bit creative with a
few DC's then you can get much better coverage than lag sites without
the need for more DC's or creative subnetting.
Now I'm going to stand back and be shot down in flames. But thus far
playing with VSS is kind of casting doubt on plans for one or multiple
lag sites. I'm not going to bore with the how's and where's but it
might stimulate some discussion.
(...)
You can't use images or snapshots as a backup\recovery solutions for DC
because You are risking getting into USN roll-back problem. Search
through ActivDir.org archives for USN roll-back and You will find good
explanation of this problem.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD Lag Sites
Tomasz Onyszko wrote: Sorry - I've messed up two different things :( please forget about this post. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD Lag Sites
[EMAIL PROTECTED] wrote: The MS paper illustrates a way to achieve this without the USN issue. Yes, I'm aware of this. Sorry - I'm a bit overloaded and I've read this post only with one eye before replying. It wasn't my brightest post :( - and there is no re-call option :) -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] (OT) How to find a computer on same segment but different ip subnet
Yeah that was a concern initially but we did install it. Actually I believe the issue is that (from docs I have found) WMI uses RPC which doesn't run over NetBEUI, it uses NetBIOS over TCP/IP. I did manage to use psexec, and it seems to work most of the time. I got the detection part, and parsing the results from psconfig, now I'm working on the resetting of the IP locally to the same subnet. I'll figure that out, I have another script that does it well. If anyone is interested in seeing this script when I'm done, say so and I'll post it. Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 02, 2006 2:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] (OT) How to find a computer on same segment but different ip subnet Back at you. It appears that the problem is due to your NT4 not speaking WMI. In such situations, I either rewrite the vbscript to query the registry using reg.exe and grab the info, or I script an auto-deployment of WMI to the non-WMI-compliant systems using http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=AFE41 F46-E213-4CBF-9C5B-FBF236E0E875 The psexec option is not bad either, considering that you can put all the old names in question into one input file and feed it to psexec at once. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rich Milburn Sent: Thu 3/2/2006 11:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] (OT) How to find a computer on same segment but different ip subnet Hey Deji... Old computer is alive. It is NT4. The new computer has been installed with an image of XP, and it is replacing the old computer. we'll bring the new one up, grab data and config info from the old one, power the old one down, reconfig the new one to match the old one, and we're done. Not bad to script, except for this one thing. I'm gonna try the psexec tool, that might work. ... in fact, it does work. Gotta send the results to a file I guess, but that's ok... I have that technology :) If anyone else knows how to tell WMI to use netbeui though, or why it won't, or has other ideas, feel free to share (even offline if you wish) Thanks Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 02, 2006 12:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] (OT) How to find a computer on same segment but different ip subnet I know that it all made sense to you when you wrote all that. However, I am very slow and still on my first cup of coffee. So, in slooow motion: Is the old computer dead or alive? If dead, is it dead as in just turned off, or dead as in re-imaged? why is it important that you know its IP addy? By that, I mean what's the stated end-goal here? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rich Milburn Sent: Thu 3/2/2006 9:33 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] (OT) How to find a computer on same segment but different ip subnet Sorry for the OT, but there are a lot of people here with extensive outside skills and this might be a tricky thing to do (but I don't want to post it on forumz.hackz.tw)... I have 2 computers - one with a default (from image) of 192.168.1.34 / 255.255.255.224, and one with 192.168.2.34, same netmask. So they are on different subnets, but they are on the same hub/switch. They are both running NetBEUI. I can net view \\oldcomputer and see the shares on the old computer. Of course I cannot ping the old computer. I have a vbscript to grab the IP address of the old computer, thinking it will use whatever transport it can to get
RE: [ActiveDir] AD Lag Sites
Whoa, yep perhaps I didn't ramble enough!Simply, whoops I've lost something out of the directory. I need to get that stuff back. Where can i get the stuff back from:- tape - another DC - perhaps deleted object restoration by some other 3rd party or another custom written process, maybe, depends what's been lost (if known) or how much money the boss let me spend on buying products.Now depending on the stuff that's been lost you vary the approach, or at least it seems common sense to me not to go around doing funky things if someone's deleted one user, unless it's the bloke who runs the company!Then depending on what's happened you've got the next stress of where can I get the stuff back on to?Now when I chucked in that comment I wasn't advocating that as the universal solution for all DR problems. Blimey my job would be easy if that was the case. But if you're trying to answer the problem of 'where do I get the stuff back from?' then it's probably worth considering even if it's chucked straight out. And yes it does have it's bad points, but on the face it's the same bad points as going back to a tape. (Unless there is a difference that I'm missing?).Every solution has it's bad points, just thought it might be worth kicking around with for some scenarios. When I was looking at the timeline in the fast recovery paper it gave me an idea, so I drew out a timeline based on our organisation and then I could point at the line and stress in some situations. Now using disk snapshots meant that all of a sudden you could get some more points on that timeline, maybe some richer restore capability. As the white paper suggests, it gets you away from some limitations of tape. So all that I've done is draw up a timeline, think of the scenarios and plan what to do. And whilst I was at it give disk snapshotting some air time. As I stated earlier, we need to differentiate between object restores (via lag sites) and true DR (which the MS paper deals with). Restoring a user differs to the restoration of a DC, which differs again to the restoration of a domain and/or forest.Objects can be restored using 3rd party tools (which back up the database and all attributes regularly) and/or via lag sites. True DR needs (IMO) a separate physical location, separate physical machines along with DR processes and technologies.Requirements need to be gathered so that the optimal solution can be found.What are you trying to achieve?neilPS I tried to curb my habit of waffling :)
[ActiveDir] Cleaning Up AD
AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, JblThis e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI).
RE: [ActiveDir] Cleaning Up AD
that is too generic cleanup AD infrastructure... what do you want to clean: * unused user accounts, groups, computer * metadata of DCs * everything else I cannot remember right now jorge From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 2006-03-08 15:37 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Cleaning Up AD AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, Jbl This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
[ActiveDir] Automatically generated replication links
If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
Re: [ActiveDir] Cleaning Up AD
A couple of weeks ago i 'attended' a webinar from NetPro called: 16 Steps to a Healthier and Happier Active Directory http://www.netpro.com/company/events.cfm It is a very good overview of the tasks involved in getting AD to smile. It seems like the link from NetPro's website sends you to http://searchwindowssecurity.bitpipe.com/webcasts but i don't see it archived there ... maybe Gil can chime in with a location? Slides here: http://www.netpro.com/forum/files/Sixteen_Simple_Steps.pdf good luck, john [EMAIL PROTECTED] wrote: AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, Jbl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Automatically generated replication links
Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with If you promote a new domain controller and it doesn't automatically generate the right replication links jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 2006-03-08 15:50 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
Re: [ActiveDir] Automatically generated replication links
The links will regenerate, if DNS is working properly. -Z.V. Rimmerman, Russ wrote: If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Automatically generated replication links
All our remote sites automatically pick the same DC at DHQ, but this site picked a DC that is our primary DNS server at DHQ for some reason. We've never had that DC be selected by the KCC before, and I'm not sure why it picked that one instead. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 8:56 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with "If you promote a new domain controller and it doesn't automatically generate the right replication links" jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 15:50To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Automatically generated replication links
I see the problem, this remote DC has a "replicate from" correctly but the replicate to was a different DC. I deleted the replication link to that DC and now there's nothing in the "Replicate to" blank for that DC. So it will repopulate within 15 minutes? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 8:56 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with "If you promote a new domain controller and it doesn't automatically generate the right replication links" jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 15:50To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Automatically generated replication links
yes... on the DC that needs the CO to replicate from. remember when looking on another DC, that object (including the old deleted CO) still needs to replicate to the other DCs From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 2006-03-08 16:22 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links I see the problem, this remote DC has a replicate from correctly but the replicate to was a different DC. I deleted the replication link to that DC and now there's nothing in the Replicate to blank for that DC. So it will repopulate within 15 minutes? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, March 08, 2006 8:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with If you promote a new domain controller and it doesn't automatically generate the right replication links jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 2006-03-08 15:50 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
Re: [ActiveDir] OT : Query DNS using wildcards?
I thought you said it was AD-integrated? On 3/7/06, Bart Van den Wyngaert [EMAIL PROTECTED] wrote: Hi Dèjì, This is such moment when a person says to himself (or herself ofcourse) Why didn't I think about that?!. Yes that is a solution! Hope they only are willing to accept it... Many thanks! Bart On 3/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Extracting the zones to a .txt file which a script can loop throughsearching for certain strings. Ideal solution would be to look for server* records and delete them as they are being found. But as already indicated byother people, this is not available..Why not? If it's a standard zone, you could just read the zone file, usingfilesystemobject, do a Readline, and if you see servername in the line, delete the line.Or did I misread you?Sincerely,Dèjì Akómöláfé, MCSE+M MCSA+M MCTMicrosoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?-anonFrom: [EMAIL PROTECTED] on behalf of Bart Van den WyngaertSent: Mon 3/6/2006 3:07 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT : Query DNS using wildcards? Hi Al,Thanks for your answer. It's not zone transfers I'm looking for, but youranswer nevertheless pointed me towards another road with a lot of thoughts! We are used to register DNS records manually by script. All other records are added manually. When a server is at the end of it's life, we clean all it'sregistrations. In case of a cluster, including all records for it's cluster resources.As this process is totally manually and there are some with quiet a lot of records pointing to cluster resources, we're looking for a way to query theDNS server to retrieve all records related to that server/cluster and then delete them.Additionally a lot of servers/clusters are being powered off some week already before we format them and unregister everything in our environment.This is mostly the case for migrations so that the owners are sure they haven't forgotten a little thing ;-) Currently we have to boot the server again to have a script running locally to retrieve IP's and names registeredin the DNS. If we should have a workaround, we don't need to this anymore and we just break the array, run a script that looks everything up and removes the registrations.I'm having already a small idea of a way to perform the check, although notideal. Extracting the zones to a .txt file which a script can loop through searching for certain strings. Ideal solution would be to look for server* records and delete them as they are being found. But as already indicated byother people, this is not available... At least not to our knowledge. Another possible to solution is to review the DNS infrastructure, like for example aging. But, and it's not my choice, I have nothing to see with thatpart... Although I'm trying to find out if there is nobody interested in adapting the DNS infra to make my life easier, but that rather working on the political road ;-)I could understand that it doesn't make a lot of sense, but that's the way ofworking at this moment. And I have to deal with it and try handle it the best possible way. So in short: looking for a way to retrieve all records like *string* in DNS so I can remove them all and keep the DNS tidy...Best regards,BartOn 3/5/06, Al Mulnick [EMAIL PROTECTED] wrote: It sounds like what you really want is to move those records to another server.I don't recall if this is AD integrated or not, and if so,what the scope of those records is set to.However, setting up a second server and using zone transfer to that server (for backup purposes) is one way to get all of the records in the zones into text files. You could alsouse WMI scripts/programs to cull that information or you could realize that if it is AD integrated that data exists elsewhere and that copying it off is not what you want to do.One other method, which is very much a zonetransfer is to use the nslookup ls -d zonename command which puts that information to std i/o. Using dnscmd would be able to gather that information as would a backup (either AD based (see above if that's what you need) orserver file based. If not AD-Integrated, you could just copy the zone files:) Am I missing something you need to do? Al On 3/2/06, Bart Van den Wyngaert [EMAIL PROTECTED] wrote: Well I kind of need a DNS query. We used to register our DNS records manually and also remove them. But in case the server is at the endof it's lifecycle, we shut it down for some weeks (in case of migration scenario) and then remove all it's registrations. We're looking into a way that we don't need to power on the server again, but still are able to remove all DNS registrations (serveritself, cluster resources, ...). So it would be like a DNS query... But if there is something in AD that we can use as reference... Something like an LDAP query for AD, but then on
RE: [ActiveDir] Automatically generated replication links
repadmin /showreps for that DC says last replication @ (never). So this DC isn't replicating for some reason. Not sure why yet, the subnet is defined properly and everything else looks good. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 9:27 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links yes... on the DC that needs the CO to replicate from. remember when looking on another DC, that object (including the old deleted CO) still needs to replicate to the other DCs From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 16:22To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links I see the problem, this remote DC has a "replicate from" correctly but the replicate to was a different DC. I deleted the replication link to that DC and now there's nothing in the "Replicate to" blank for that DC. So it will repopulate within 15 minutes? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 8:56 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with "If you promote a new domain controller and it doesn't automatically generate the right replication links" jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 15:50To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] Automatically generated replication links
Russ,
Perhaps you should consider disabling the KCC within one or
more sites, or forest-wide if this is a big issue.
Otherwise, I'd treat all DCs as equals and let the KCC 'do
its thing' :)
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
RussSent: 08 March 2006 15:18To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically
generated replication links
All our remote sites automatically pick the same DC at DHQ,
but this site picked a DC that is our primary DNS server at DHQ for some
reason. We've never had that DC be selected by the KCC before, and I'm not
sure why it picked that one instead.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge deSent: Wednesday, March 08, 2006 8:56 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically
generated replication links
Hi Russ,
The KCC runs 5 mins after the DC boots
and after that each 15 min..
The KCC creates CO as it sees fit (and
that depends on the site and replication topology, partitions to replicate and
replicas hosting partitions).
If you remove the CO manually, it will
recreate them during the next KCC cycle. The creation of auto COs also depends
on what manual COs have been created. Manual created COs will never be touched
by the KCC
So, why do you think it is wrong or what
do you mean with "If you
promote a new domain controller and it doesn't automatically generate the right
replication links"
jorge
From: [EMAIL PROTECTED] on
behalf of Rimmerman, RussSent: Wed 2006-03-08 15:50To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Automatically
generated replication links
If you promote a new
domain controller and it doesn't automatically generate the right replication
links, is it safe or recommended to delete the link it generated and manually
create the replication link? Or if you delete it will it try to
automatically generate it again?
~~This
e-mail is confidential, may contain proprietary informationof the
Cooper Cameron Corporation and its operating Divisionsand may be
confidential or privileged.This e-mail should be read, copied,
disseminated and/or used onlyby the addressee. If you have received
this message in error pleasedelete it, together with any attachments,
from your
system.~~
~~This
e-mail is confidential, may contain proprietary informationof the
Cooper Cameron Corporation and its operating Divisionsand may be
confidential or privileged.This e-mail should be read, copied,
disseminated and/or used onlyby the addressee. If you have received
this message in error pleasedelete it, together with any attachments,
from your
system.~~PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
[ActiveDir] Technet Magazine Active Directory Component Jigsaw
http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here J Subscriptions are free. Todd
RE: [ActiveDir] Automatically generated replication links
You might want to look
into using Active Directory Load Balancing tool (adlb.exe); Ive never
used the tool but it might help you control replication and the connection
objects. Personally, I would trust the KCC and let it do its jobJ
Thanks... ... ... ...
Sergio J. Olivarez -
Contractor
GD-NS
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
8:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
Russ,
Perhaps you should consider disabling the
KCC within one or more sites, or forest-wide if this is a big issue.
Otherwise, I'd treat all DCs as equals and
let the KCC 'do its thing' :)
neil
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: 08 March 2006 15:18
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
All our remote sites automatically pick
the same DC at DHQ, but this site picked a DC that is our primary DNS server at
DHQ for some reason. We've never had that DC be selected by the KCC
before, and I'm not sure why it picked that one instead.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, March 08, 2006
8:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
Hi Russ,
The KCC runs 5 mins after the DC boots and after that each
15 min..
The KCC creates CO as it sees fit (and that depends on the
site and replication topology, partitions to replicate and replicas hosting
partitions).
If you remove the CO manually, it will recreate them
during the next KCC cycle. The creation of auto COs also depends on what manual
COs have been created. Manual created COs will never be touched by the KCC
So, why do you think it is wrong or what do you mean with
If you promote a new domain controller and it doesn't
automatically generate the right replication links
jorge
From:
[EMAIL PROTECTED] on behalf of Rimmerman, Russ
Sent: Wed 2006-03-08 15:50
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Automatically
generated replication links
If you promote a new domain controller and it doesn't
automatically generate the right replication links, is it safe or recommended
to delete the link it generated and manually create the replication link?
Or if you delete it will it try to automatically generate it again?
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
"Subscriptions are free" -to those
in the U.S. only :(
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: 08 March 2006 16:00To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine
"Active Directory Component Jigsaw"
http://www.microsoft.com/technet/technetmag/
Someone in my office
just gave me a copy of this free magazine, and it came with the really neat
insert called the Active Directory Component Jigsaw. It is a wall
hanging that outlines all the AD process graphically. I will try to scan
it and post it on my Blog, but I just wanted to make you all aware of it.
I plan to hang it on my cubical wall on the outside that says What I do here
J
Subscriptions are free.
ToddPLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http://mvp.support.microsoft.com/profile=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]Sent: Wednesday, March 08, 2006 5:00 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here J Subscriptions are free. Todd
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
I am working on the Editors to post the
graphic. At least you can access the articles via the web.
Todd
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
11:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
Subscriptions are free
-to those in the U.S. only :(
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]
Sent: 08 March 2006 16:00
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
http://www.microsoft.com/technet/technetmag/
Someone in my office just gave me a copy
of this free magazine, and it came with the really neat insert called the
Active Directory Component Jigsaw. It is a wall hanging
that outlines all the AD process graphically. I will try to scan it and
post it on my Blog, but I just wanted to make you all aware of it. I plan
to hang it on my cubical wall on the outside that says What I do
here J
Subscriptions are free.
Todd
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member
of the Nomura group of companies.
RE: [ActiveDir] Automatically generated replication links
You might try establishing a Preferred
Bridgehead server at the hub and spoke sites (Probably 2 is good), that should
allow you to control who is chosen for replication COs. Also you
might also consider DNS record weights if you would like to lower the priority of
the DCs running DDNS for other things like authentication.
Todd Myrick
From: Olivarez, Sergio
J Mr ANOSC/FCBS [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
11:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
You might want to look
into using Active Directory Load Balancing tool (adlb.exe); Ive never
used the tool but it might help you control replication and the connection
objects. Personally, I would trust the KCC and let it do its jobJ
Thanks... ... ... ...
Sergio J. Olivarez -
Contractor
GD-NS
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
8:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Automatically
generated replication links
Russ,
Perhaps you should consider disabling the
KCC within one or more sites, or forest-wide if this is a big issue.
Otherwise, I'd treat all DCs as equals and
let the KCC 'do its thing' :)
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rimmerman, Russ
Sent: 08 March 2006 15:18
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
All our remote sites automatically pick
the same DC at DHQ, but this site picked a DC that is our primary DNS server at
DHQ for some reason. We've never had that DC be selected by the KCC
before, and I'm not sure why it picked that one instead.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de
Sent: Wednesday, March 08, 2006
8:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Automatically generated replication links
Hi Russ,
The KCC runs 5 mins after the DC boots and after that each
15 min..
The KCC creates CO as it sees fit (and that depends on the
site and replication topology, partitions to replicate and replicas hosting
partitions).
If you remove the CO manually, it will recreate them during
the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC
So, why do you think it is wrong or what do you mean with
If you promote a new domain controller and it doesn't
automatically generate the right replication links
jorge
From:
[EMAIL PROTECTED] on behalf of Rimmerman, Russ
Sent: Wed 2006-03-08 15:50
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Automatically
generated replication links
If you promote a new domain controller and it doesn't
automatically generate the right replication links, is it safe or recommended
to delete the link it generated and manually create the replication link?
Or if you delete it will it try to automatically generate it again?
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2)
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 08 March 2006 16:10 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Subscriptions are free - to those in the U.S. only :( You know, I'm not convinced that microsoft really get the whole international thing and the interweb. -- Robert Moir Microsoft MVP for Windows Servers Security List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleaning Up AD
The link on our page is screwed up, and so is the TechTarget search engine. I'll post a working link as soon as I find it. -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Wednesday, March 08, 2006 7:58 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cleaning Up AD A couple of weeks ago i 'attended' a webinar from NetPro called: 16 Steps to a Healthier and Happier Active Directory http://www.netpro.com/company/events.cfm It is a very good overview of the tasks involved in getting AD to smile. It seems like the link from NetPro's website sends you to http://searchwindowssecurity.bitpipe.com/webcasts but i don't see it archived there ... maybe Gil can chime in with a location? Slides here: http://www.netpro.com/forum/files/Sixteen_Simple_Steps.pdf good luck, john [EMAIL PROTECTED] wrote: AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, Jbl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Automatically generated replication links
It's odd, the replicate FROM is different than the replicate TO on these two DCs. Every other DC we've deployed to date is the same DC for both from and two (always the same DC for all) and these two decided to pick something different. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 9:27 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links yes... on the DC that needs the CO to replicate from. remember when looking on another DC, that object (including the old deleted CO) still needs to replicate to the other DCs From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 16:22To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links I see the problem, this remote DC has a "replicate from" correctly but the replicate to was a different DC. I deleted the replication link to that DC and now there's nothing in the "Replicate to" blank for that DC. So it will repopulate within 15 minutes? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 8:56 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with "If you promote a new domain controller and it doesn't automatically generate the right replication links" jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, RussSent: Wed 2006-03-08 15:50To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] AD Lag Sites
Title: Message Hi Paul, do you use the disk snapshots to provide the ability to restore an object or the whole DC (and therefore the whole Active Directory database), or both? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PAUL MAYESSent: 08 Mar 2006 13:13To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] AD Lag Sites /lurker Hi All, Forgive me a second whilst I ramble on 'cos thisIS going to be a ramble, then shoot me down in flames at the end! The problem with DR is getting the data from somewhere. Typically we go back to tape, which depending on when the last successful backup took place gives you a bit of a wide window to play with. Not good if you're going back some 24 hours/days etc... To get better coverage of times we kicked about with lag sites. Trouble is, and this has already been noted, replication and timings can scupper the intentions of lag sites and where do you stop. Is one enough, is one for every hour of the day enough? Microsoft released this white paper on fast recovery with AD using SAN's and disk imaging. http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx Now, I'm currently playing with using Microsoft's in-built disk snapshotting to provide something similar. So on a pure DC server I've set it up to snapsnot it's disks everyhour. And then I get to chose which hour that I go back to and use as my recovered backup. After all it's the same tech that's used when you actually do a backup. No need for a lag site, just pick the hour on the timeline and restore from that DC. Ok so it means that you might need bigger disk and you can only snapshot down to 30mins. But if you're a bit creative with a few DC's then you can get much better coverage than lag sites without the need for more DC's or creative subnetting. Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag sites. I'm not going to bore with the how's and where's but it might stimulate some discussion. Oh and I realise that this is way far from perfect. Curious to know if anyone has done this or thought about it if nothing else. Paul. Myrick, Todd \(NIH/CC/DNA\) [E]Mon, 06 Mar 2006 15:35:36 -0800 I also said, I have to spend my time and money wisely. I am well aware of why people use lag-sites. They always like to throw the money issue around... but I wonder what the TCO is really. Maybe these major AD DR players should commission a study heck maybe MSFT should for both AD and Exchange Mailboxes. I think you would do better to encourage new Admins to make sure they do a MFT backup of a domain controllers system state each night, then stand-up more sites and servers. Then based on need select the restore method and evaluate the results. I agree knowing how all the inner workings does help as well, but operations people are usually not engineers, so it is best to give them tools that have some workflow, and makes the operation smooth and less error prone. Thanks again, Todd This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. �
RE: [ActiveDir] Cleaning Up AD
16 Steps to a Healthier and Happier Active Directory is archived here: http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.j speventid=17740sessionid=1partnerref=swsc_sitepost_02_14_06key=F2F27 A63A35B4F457FECDA9201B08DBAeventuserid=5675189 And the slides are at http://www.netpro.com/forum/files/Sixteen_Simple_Steps.pdf -gil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Singler Sent: Wednesday, March 08, 2006 7:58 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cleaning Up AD A couple of weeks ago i 'attended' a webinar from NetPro called: 16 Steps to a Healthier and Happier Active Directory http://www.netpro.com/company/events.cfm It is a very good overview of the tasks involved in getting AD to smile. It seems like the link from NetPro's website sends you to http://searchwindowssecurity.bitpipe.com/webcasts but i don't see it archived there ... maybe Gil can chime in with a location? Slides here: http://www.netpro.com/forum/files/Sixteen_Simple_Steps.pdf good luck, john [EMAIL PROTECTED] wrote: AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, Jbl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-WeidnerSent: Wednesday, March 08, 2006 11:15 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http://mvp.support.microsoft.com/profile=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]Sent: Wednesday, March 08, 2006 5:00 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here J Subscriptions are free. Todd
RE: [ActiveDir] Automatically generated replication links
Russ, you are making a big deal out of nothing. Stop worrying yourself sick. IF KCC built a CO for this DC, KCC thinks that's the most optimal CO possible at that point. It is not mandatory that the CO should be reciprocal. If you are not please with what KCC did, then delete its work and create your own. KCC will not mess with creating another one if the DC is replicating optimally. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 3/8/2006 7:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links It's odd, the replicate FROM is different than the replicate TO on these two DCs. Every other DC we've deployed to date is the same DC for both from and two (always the same DC for all) and these two decided to pick something different. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, March 08, 2006 9:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links yes... on the DC that needs the CO to replicate from. remember when looking on another DC, that object (including the old deleted CO) still needs to replicate to the other DCs From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 2006-03-08 16:22 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links I see the problem, this remote DC has a replicate from correctly but the replicate to was a different DC. I deleted the replication link to that DC and now there's nothing in the Replicate to blank for that DC. So it will repopulate within 15 minutes? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, March 08, 2006 8:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automatically generated replication links Hi Russ, The KCC runs 5 mins after the DC boots and after that each 15 min.. The KCC creates CO as it sees fit (and that depends on the site and replication topology, partitions to replicate and replicas hosting partitions). If you remove the CO manually, it will recreate them during the next KCC cycle. The creation of auto COs also depends on what manual COs have been created. Manual created COs will never be touched by the KCC So, why do you think it is wrong or what do you mean with If you promote a new domain controller and it doesn't automatically generate the right replication links jorge From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Wed 2006-03-08 15:50 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automatically generated replication links If you promote a new domain controller and it doesn't automatically generate the right replication links, is it safe or recommended to delete the link it generated and manually create the replication link? Or if you delete it will it try to automatically generate it again? ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cleaning Up AD
What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? It depends. If I am in a hurry, I just put it in my trunk and go to the nearest drive-through car wash. If I have time on my hand, I drive it to the friendly neighborhood Laundromat. Either way, it comes back clean. OK, a smiley should go here. The point is Clean AD is as vague as vague could be. What do you want to clean today? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 3/8/2006 6:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Cleaning Up AD AD Gurus, Before I embarked on a Google search, I thought I might get some opinions from this list. What resources (utils, whitepapers etc) have people been using to clean up an AD infrastructure? I can go into more detail if anyone is interested...basically all of our DC's have tons of warnings and errors in the event logs. Thanks, Jbl This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Lag Sites
What MS paper? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 08 Mar 2006 13:46 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD Lag Sites The MS paper illustrates a way to achieve this without the USN issue. neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: 08 March 2006 13:30 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD Lag Sites PAUL MAYES wrote: (...) No need for a lag site, just pick the hour on the timeline and restore from that DC. Ok so it means that you might need bigger disk and you can only snapshot down to 30mins. But if you're a bit creative with a few DC's then you can get much better coverage than lag sites without the need for more DC's or creative subnetting. Now I'm going to stand back and be shot down in flames. But thus far playing with VSS is kind of casting doubt on plans for one or multiple lag sites. I'm not going to bore with the how's and where's but it might stimulate some discussion. (...) You can't use images or snapshots as a backup\recovery solutions for DC because You are risking getting into USN roll-back problem. Search through ActivDir.org archives for USN roll-back and You will find good explanation of this problem. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Vista GPO article
http://www.windowsdevcenter.com/pub/a/windows/2006/03/07/group-policy-in -windows-vista.html Pretty good article, Todd Myrick List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
I received the same foldout and have already made a scan
into JPG format of it. Contact me off list if you are
interested.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: Wednesday, March 08, 2006 11:19
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Technet Magazine "Active Directory Component Jigsaw"
I am working on the
Editors to post the graphic. At least you can access the articles via the
web.
Todd
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 08, 2006 11:10
AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Technet Magazine
"Active Directory Component Jigsaw"
"Subscriptions are
free" -to those in the U.S. only :(
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: 08 March
2006 16:00To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine
"Active Directory Component Jigsaw"
http://www.microsoft.com/technet/technetmag/
Someone in my office
just gave me a copy of this free magazine, and it came with the really neat
insert called the Active Directory Component Jigsaw. It is a wall
hanging that outlines all the AD process graphically. I will try to scan
it and post it on my Blog, but I just wanted to make you all aware of it.
I plan to hang it on my cubical wall on the outside that says What I do here
J
Subscriptions are
free.
Todd
PLEASE READ: The information
contained in this email is confidential and
intended for the named recipient(s)
only. If you are not an intended
recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further
action in reliance on it. Email is
not a secure method of communication and
Nomura International plc ('NIplc')
will not, to the extent permitted by law,
accept responsibility or liability
for (a) the accuracy or completeness of,
or (b) the presence of any virus,
worm or similar malicious or disabling
code in, this message or any
attachment(s) to it. If verification of this
email is sought then please request
a hard copy. Unless otherwise stated
this email: (1) is not, and should
not be treated or relied upon as,
investment research; (2) contains
views or opinions that are solely those of
the author and do not necessarily
represent those of NIplc; (3) is intended
for informational purposes only and
is not a recommendation, solicitation or
offer to buy or sell securities or
related financial instruments. NIplc
does not provide investment services
to private customers. Authorised and
regulated by the Financial Services
Authority. Registered in England
no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 St Martin's-le-Grand,
London, EC1A
4NP. A member of the Nomura group of
companies.
This E-mail, including any attachments, may contain confidential information and is intended solely for use by the individual to whom it is addressed. If you received this E-mail in error, please notify the sender, do not disclose its contents to others, and delete it from your system. Any other use of this E-mail and/or attachments is prohibited. This message is not meant to constitute an electronic signature or intent to contract electronically.
RE: [ActiveDir] Vista GPO article
More detail information from Microsoft: Managing Group Policy ADMX Files Step by Step Guide.doc http://www.microsoft.com/downloads/info.aspx?na=46p=3SrcDisplayLang=enSrcCategoryId=SrcFamilyId=311f4be8-9983-4ab0-9685-f1bfec1e7d62u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2fb%2fa%2f3ba6d659-6e39-4cd7-b3a2-9c96482f5353%2fManaging+Group+Policy+ADMX+Files+Step+by+Step+Guide.docoRef=http%3a%2f%2fwww.microsoft.com%2fdownloads%2fresults.aspx%3ffreetext%3d%26productID%3d%26categoryId%3d%26period%3d30%26sortCriteria%3ddate%26nr%3d20%26DisplayLang%3den%26type%3da -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Thursday, March 09, 2006 1:45 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Vista GPO article http://www.windowsdevcenter.com/pub/a/windows/2006/03/07/group-policy-in -windows-vista.html Pretty good article, Todd Myrick List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Bulk Import
Whats the fast way for me to create 200 user accounts in specific OUs and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.
RE: [ActiveDir] Bulk Import
Delegate it to HR. Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changed on first log on. After they are created, in the same OU...mass select them in ADUC and right click them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Wednesday, March 08, 2006 2:02 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Bulk Import Whats the fast way for me to create 200 user accounts in specific OUs and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __This message and any attachments are solely for the intendedrecipient and may contain confidential or privileged information.If you are not the intended recipient, any disclosure, copying, useor distribution of the information included in the message and anyattachments is prohibited. If you have received this communicationin error, please notify us by reply e-mail and immediately andpermanently delete this message and any attachments. Thank You.
RE: [ActiveDir] Bulk Import
Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox then mass send them an email. The script the move if that is faster/easier than a manual drag and drop. So your spreadsheet of users is: firstname lastname password targetOU convert that to comma text for your script and use the first three for the creation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kennedy, JimSent: Wednesday, March 08, 2006 2:16 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Bulk Import Delegate it to HR. Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changed on first log on. After they are created, in the same OU...mass select them in ADUC and right click them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, DevonSent: Wednesday, March 08, 2006 2:02 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Bulk Import Whats the fast way for me to create 200 user accounts in specific OUs and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __This message and any attachments are solely for the intendedrecipient and may contain confidential or privileged information.If you are not the intended recipient, any disclosure, copying, useor distribution of the information included in the message and anyattachments is prohibited. If you have received this communicationin error, please notify us by reply e-mail and immediately andpermanently delete this message and any attachments. Thank You.
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
Please send a copy my way.
Thanks,
Todd
From: Nathan Kline
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
1:30 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
I received the same foldout and have
already made a scan into JPG format of it. Contact me off list if you are
interested.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]
Sent: Wednesday, March 08, 2006
11:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
I am working on the Editors to post the
graphic. At least you can access the articles via the web.
Todd
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006
11:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
Subscriptions are free
-to those in the U.S. only :(
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]
Sent: 08 March 2006 16:00
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Technet
Magazine Active Directory Component Jigsaw
http://www.microsoft.com/technet/technetmag/
Someone in my office just gave me a copy
of this free magazine, and it came with the really neat insert called the
Active Directory Component Jigsaw. It is a wall hanging
that outlines all the AD process graphically. I will try to scan it and
post it on my Blog, but I just wanted to make you all aware of it. I plan
to hang it on my cubical wall on the outside that says What I do
here J
Subscriptions are free.
Todd
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member
of the Nomura group of companies.
This E-mail, including any attachments, may contain confidential information and is intended solely for use by the individual to whom it is addressed. If you received this E-mail in error, please notify the sender, do not disclose its contents to others, and delete it from your system. Any other use of this E-mail and/or attachments is prohibited. This message is not meant to constitute an electronic signature or intent to contract electronically.
Re: [ActiveDir] Bulk Import
I suppose it really depends on your input data. What have you got to work with and what is the decision criteria for the OU differences? Creating the objects in a particular OU and mailbox enabling them would not be terribly difficult depending on the information you have and want to put in there. Jim's way would work, but I think I prefer to put them where they belong at creation vs. later. For that reason either one of Joe's tools (admod for example) or script would be my preference. Script would be mine but that's just because I'm funny like that. Joe's tools are faster though both at runtime and to get working if you don't have scripts laying around. Al On 3/8/06, Kennedy, Jim [EMAIL PROTECTED] wrote: Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox then mass send them an email. The script the move if that is faster/easier than a manual drag and drop. So your spreadsheet of users is: firstname lastname password targetOU convert that to comma text for your script and use the first three for the creation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Kennedy, JimSent: Wednesday, March 08, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk Import Delegate it to HR. Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changed on first log on. After they are created, in the same OU...mass select them in ADUC and right click them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Harding, DevonSent: Wednesday, March 08, 2006 2:02 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Bulk Import What's the fast way for me to create 200 user accounts in specific OU's and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __This message and any attachments are solely for the intendedrecipient and may contain confidential or privileged information.If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and anyattachments is prohibited. If you have received this communicationin error, please notify us by reply e-mail and immediately andpermanently delete this message and any attachments. Thank You.
RE: [ActiveDir] Bulk Import
I was going to user csvde, but read that it did not support password creation. Is this supported under ADMod? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, March 08, 2006 4:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Bulk Import I suppose it really depends on your input data. What have you got to work with and what is the decision criteria for the OU differences? Creating the objects in a particular OU and mailbox enabling them would not be terribly difficult depending on the information you have and want to put in there. Jim's way would work, but I think I prefer to put them where they belong at creation vs. later. For that reason either one of Joe's tools (admod for example) or script would be my preference. Script would be mine but that's just because I'm funny like that. Joe's tools are faster though both at runtime and to get working if you don't have scripts laying around. Al On 3/8/06, Kennedy, Jim [EMAIL PROTECTED] wrote: Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox then mass send them an email. The script the move if that is faster/easier than a manual drag and drop. So your spreadsheet of users is: firstname lastname password targetOU convert that to comma text for your script and use the first three for the creation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Kennedy, Jim Sent: Wednesday, March 08, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk Import Delegate it to HR. Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changed on first log on. After they are created, in the same OU...mass select them in ADUC and right click them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Harding, Devon Sent: Wednesday, March 08, 2006 2:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk Import What's the fast way for me to create 200 user accounts in specific OU's and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.
Re: [ActiveDir] AD Lag Sites
Wyatt, David wrote: What MS paper? http://www.microsoft.com/downloads/details.aspx?FamilyID=64DB845D-F7A3-4209-8ED2-E261A117FC6Bdisplaylang=en At the end of this document You will find information how to do this. As Jorge pointed today on our chat on IM this document is not addressing potential SYSVOL issue after such restore so BurFlags should come into play: http://support.microsoft.com/kb/290762 -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Bulk Import
What is your input? Where are you getting the input from, and what format is it in? Al mentioned some script laying around. I may have one stuck in one of my couches here :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Harding, Devon Sent: Wed 3/8/2006 1:37 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk Import I was going to user csvde, but read that it did not support password creation. Is this supported under ADMod? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, March 08, 2006 4:22 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Bulk Import I suppose it really depends on your input data. What have you got to work with and what is the decision criteria for the OU differences? Creating the objects in a particular OU and mailbox enabling them would not be terribly difficult depending on the information you have and want to put in there. Jim's way would work, but I think I prefer to put them where they belong at creation vs. later. For that reason either one of Joe's tools (admod for example) or script would be my preference. Script would be mine but that's just because I'm funny like that. Joe's tools are faster though both at runtime and to get working if you don't have scripts laying around. Al On 3/8/06, Kennedy, Jim [EMAIL PROTECTED] wrote: Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox then mass send them an email. The script the move if that is faster/easier than a manual drag and drop. So your spreadsheet of users is: firstname lastname password targetOU convert that to comma text for your script and use the first three for the creation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Kennedy, Jim Sent: Wednesday, March 08, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk Import Delegate it to HR. Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changed on first log on. After they are created, in the same OU...mass select them in ADUC and right click them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] On Behalf Of Harding, Devon Sent: Wednesday, March 08, 2006 2:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk Import What's the fast way for me to create 200 user accounts in specific OU's and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
:) Due to the large amount of requests, I've uploaded
this toweb space. :) This link should take you to the
image.
http://home.wmis.net/~nkline/adjig.html
Nathan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Nathan KlineSent: Wednesday, March 08, 2006 1:30
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Technet Magazine "Active Directory Component Jigsaw"
I received the same foldout and have already made a scan into JPG format
of it. Contact me off list if you are interested.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: Wednesday, March 08, 2006 11:19
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Technet Magazine "Active Directory Component Jigsaw"
I am working on the
Editors to post the graphic. At least you can access the articles via the
web.
Todd
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 08, 2006 11:10
AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Technet Magazine
"Active Directory Component Jigsaw"
"Subscriptions are
free" -to those in the U.S. only :(
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Myrick, Todd
(NIH/CC/DNA) [E]Sent: 08 March
2006 16:00To:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine
"Active Directory Component Jigsaw"
http://www.microsoft.com/technet/technetmag/
Someone in my office
just gave me a copy of this free magazine, and it came with the really neat
insert called the Active Directory Component Jigsaw. It is a wall
hanging that outlines all the AD process graphically. I will try to scan
it and post it on my Blog, but I just wanted to make you all aware of it.
I plan to hang it on my cubical wall on the outside that says What I do here
J
Subscriptions are
free.
Todd
PLEASE READ: The information
contained in this email is confidential and
intended for the named recipient(s)
only. If you are not an intended
recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further
action in reliance on it. Email is
not a secure method of communication and
Nomura International plc ('NIplc')
will not, to the extent permitted by law,
accept responsibility or liability
for (a) the accuracy or completeness of,
or (b) the presence of any virus,
worm or similar malicious or disabling
code in, this message or any
attachment(s) to it. If verification of this
email is sought then please request
a hard copy. Unless otherwise stated
this email: (1) is not, and should
not be treated or relied upon as,
investment research; (2) contains
views or opinions that are solely those of
the author and do not necessarily
represent those of NIplc; (3) is intended
for informational purposes only and
is not a recommendation, solicitation or
offer to buy or sell securities or
related financial instruments. NIplc
does not provide investment services
to private customers. Authorised and
regulated by the Financial Services
Authority. Registered in England
no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 St Martin's-le-Grand,
London, EC1A
4NP. A member of the Nomura group of
companies.
This E-mail, including
any attachments, may contain confidential information and is intended solely for
use by the individual to whom it is addressed. If you received this E-mail
in error, please notify the sender, do not disclose its contents to others, and
delete it from your system. Any other use of this E-mail and/or
attachments is prohibited. This message is not meant to constitute an
electronic signature or intent to contract
electronically.
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Ni! Ni! Ni! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Wednesday, March 08, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
One that looks nice. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Wednesday, March 08, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
And not too expensive. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Wednesday, March 08, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
It is a good shrubbery. I like the laurels particularly, but there is one small problem. Ekky ekky ekky ekky-z' Bang, zoom Boing, z'nourrrwringmm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: 08 March 2006 22:05 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ADMT v3 implementation questions
I got ADMT running in a test environment, but now have a few problems. Problem #1 When I use the wizard to migrate a computer from the source domain to the target, I then have the same machine account in both domains. Making it impossible for the target domain to access the shares of the workstation in the source domain. I have experienced this problem, and found it documented here: http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02 When you attempt to access a child domain controller from the parent domain, you receive: Logon Failure: The target account name is incorrect. This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain. To resolve the problem, rename one of the computers. NOTE: If the computer no longer exists, delete it's machine account. If I delete the the newly migrated computer from the target domain, I can then access the shares on the workstation in the source domain. Anyone have an idea of how I can get around this limitation? I don't think it is possible to remove the workstation from the source domain yet, as it hasn't had the agent dispatched to it to change its domain ownership. Problem #2 Even though I have already added the opposite Domain Admins group to the local Administrator group of each machine, I don't appear to have admin rights across the trust between domains. One example is that the target domain cannot access the Admin$ share of the workstation in the source domain. If I go to the source domain workstation and add the administrator of the target domain to the local Administrator group of the workstation, I can then access the Admin$ share and dispatch the ADMT agent to the workstation. Since this is not practical in a widespread migration, I need to figure out how to get administrative privileges across the trust between domains. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
With two SBS servers you get the two-level effect with a little path running down the middle. Easier than cutting down the mightiest tree in the forest with A HERRING! Wook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, March 08, 2006 2:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And not too expensive. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Wednesday, March 08, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SBS 2003 Domain/Forest Rename
Then, when you have found the shrubbery, you must cut down the mightiest tree in the forest... Wiithh A HERRING! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: 08 March 2006 22:24 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename It is a good shrubbery. I like the laurels particularly, but there is one small problem. Ekky ekky ekky ekky-z' Bang, zoom Boing, z'nourrrwringmm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: 08 March 2006 22:05 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] SBS 2003 Domain/Forest Rename
Awww... that's nice to hear :-) Psssttt.You guys realize you don't have to butter me up to answer SBS questions.I've said before that I'm a terrible lurker and if there's an SBS box in trouble I'm pouncing and seeing if I can help. Gil Kirkpatrick wrote: One that looks nice. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Wednesday, March 08, 2006 3:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename Importance: Low Dare I suggest a shrubbery? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename And remember we are a single DC/Forest... so we're more like a tree than a forest. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley Sent: Wednesday, March 01, 2006 7:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SBS 2003 Domain/Forest Rename If you consider flattening the box and reinstalling reasonable. :-) Remember it's got Exchange on a DC which means a rename is not supported along with an integrated Sharepoint. In MVPdom where we don't care about such things and sometimes we do it just to see if you can, you have to rip out a lot of stuff and even then there is 'weirdness' left over in the event logs. Thus it's really not for production machines that you care about at all. We recommend that the domain is not named in a manner that you care about renaming it later. Remember you can always CEICW (run the wizard) and redo the Exchange name with no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alborzfard, Alex Sent: Wednesday, March 01, 2006 7:21 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SBS 2003 Domain/Forest Rename This question is for Susan - SBS Goddess - but feel free to respond if you know the answer. Can a SBS 2003 domain/forest be renamed? If so, what's the best/recommended practice in doing it? TIA Alex Alborzfard List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Mittwoch, 8. März 2006 17:53To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-WeidnerSent: Wednesday, March 08, 2006 11:15 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile:http://mvp.support.microsoft.com/profile=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E]Sent: Wednesday, March 08, 2006 5:00 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Technet Magazine "Active Directory Component Jigsaw" http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here J Subscriptions are free. Todd
RE: [ActiveDir] ADMT v3 implementation questions
For #1, you are apparently not migrating with SIDHistory. If you have a problem with SIDHistory and don't want to use it, then you will have to wait until you have migrated everything and repermissioned the resources before you can access resources. For #2, try http://www.akomolafe.com/TechStuff/Scripts/tabid/63/Default.aspx Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Joe Lagreca Sent: Wed 3/8/2006 2:35 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADMT v3 implementation questions I got ADMT running in a test environment, but now have a few problems. Problem #1 When I use the wizard to migrate a computer from the source domain to the target, I then have the same machine account in both domains. Making it impossible for the target domain to access the shares of the workstation in the source domain. I have experienced this problem, and found it documented here: http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02 When you attempt to access a child domain controller from the parent domain, you receive: Logon Failure: The target account name is incorrect. This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain. To resolve the problem, rename one of the computers. NOTE: If the computer no longer exists, delete it's machine account. If I delete the the newly migrated computer from the target domain, I can then access the shares on the workstation in the source domain. Anyone have an idea of how I can get around this limitation? I don't think it is possible to remove the workstation from the source domain yet, as it hasn't had the agent dispatched to it to change its domain ownership. Problem #2 Even though I have already added the opposite Domain Admins group to the local Administrator group of each machine, I don't appear to have admin rights across the trust between domains. One example is that the target domain cannot access the Admin$ share of the workstation in the source domain. If I go to the source domain workstation and add the administrator of the target domain to the local Administrator group of the workstation, I can then access the Admin$ share and dispatch the ADMT agent to the workstation. Since this is not practical in a widespread migration, I need to figure out how to get administrative privileges across the trust between domains. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Name Server records
I have an AD 2003 domain and an AD integrated DNS zone. If I look a the properties of that DNS zone and go to the Name Servers tab, I see a few servers that are not our domain controllers/DNS servers. Those servers look like DNS servers in other domains that we have a trust with. I guess I am curious as to how these servers end up as NS records for that zone?. The zone is AD integrated and is set to Dynamic updates, secure Only. I could and will delete those records but I am thinking those records will come back. The name servers in question do NOT show up with * on the IP address, which could be the result of a query. Ideas? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
I'm definately not responsible for purchasing of IT products at my company, oh well guess I'm not influential enough to justify a free subscription of the magazine. Sigh. -B On Wed, 8 Mar 2006, Grillenmeier, Guido wrote: wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 8. M?rz 2006 17:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, March 08, 2006 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org/ Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Wednesday, March 08, 2006 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Technet Magazine Active Directory Component Jigsaw http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here :-) Subscriptions are free. Todd List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name Server records
what is the replication scope of the zone? if it is: DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY? jorge From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny Sent: Thu 2006-03-09 00:17 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Name Server records I have an AD 2003 domain and an AD integrated DNS zone. If I look a the properties of that DNS zone and go to the Name Servers tab, I see a few servers that are not our domain controllers/DNS servers. Those servers look like DNS servers in other domains that we have a trust with. I guess I am curious as to how these servers end up as NS records for that zone?. The zone is AD integrated and is set to Dynamic updates, secure Only. I could and will delete those records but I am thinking those records will come back. The name servers in question do NOT show up with * on the IP address, which could be the result of a query. Ideas? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
RE: [ActiveDir] Name Server records
Title: [ActiveDir] Name Server records It is a DC/DNS and it replicates to the forest which is actually just one domain. That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 4:28To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Name Server records what is the replication scope of the zone? if it is: DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY? jorge From: [EMAIL PROTECTED] on behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:17To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Name Server records I have an AD 2003 domain and an AD integrated DNS zone. If I look a theproperties of that DNS zone and go to the "Name Servers" tab, I see afew servers that are not our domain controllers/DNS servers. Thoseservers look like DNS servers in other domains that we have a trustwith.I guess I am curious as to how these servers end up as NS records forthat zone?. The zone is AD integrated and is set to "Dynamic updates","secure Only".I could and will delete those records but I am thinking those recordswill come back. The name servers in question do NOT show up with "*" onthe IP address, which could be the result of a query.Ideas?ThanksJohnny FigueroaEnterprise Network Consultant/IntegratorNetwork Services Banner Health Voice (602)495-4195 Fax (602) 495-4406WARNING: This message, and any attachments, are intended only for theuse of the individual or entity to which it is addressed and may containinformation that is privileged, confidential and exempt from disclosureunder applicable law. If the reader of this message is not the intendedrecipient or employee/agent responsible for delivering the message tothe intended recipient, you are hereby notified that any dissemination,distribution or copying of the communication is strictly prohibited. Ifyou receive this communication in error, please notify us immediatelyList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name Server records
Are there secondary DNS zones for your domain set up in the other domains that have the trust? Someone may have set it up so they could resolve names in your domain from the trusted domain... ** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Wednesday, March 08, 2006 3:39 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Name Server records It is a DC/DNS and it replicates to the forest which is actually just one domain. That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, March 08, 2006 4:28 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Name Server records what is the replication scope of the zone? if it is: DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY? jorge From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny Sent: Thu 2006-03-09 00:17 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Name Server records I have an AD 2003 domain and an AD integrated DNS zone. If I look a the properties of that DNS zone and go to the Name Servers tab, I see a few servers that are not our domain controllers/DNS servers. Those servers look like DNS servers in other domains that we have a trust with. I guess I am curious as to how these servers end up as NS records for that zone?. The zone is AD integrated and is set to Dynamic updates, secure Only. I could and will delete those records but I am thinking those records will come back. The name servers in question do NOT show up with * on the IP address, which could be the result of a query. Ideas? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name Server records
Title: [ActiveDir] Name Server records One guess is you're using zone transfers with the option "Allow only servers on name servers tab" (or whatever it's called) and the person who set this up added the DNS server in question. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, JohnnySent: Wednesday, March 08, 2006 5:39 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Name Server records It is a DC/DNS and it replicates to the forest which is actually just one domain. That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Wednesday, March 08, 2006 4:28To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Name Server records what is the replication scope of the zone? if it is: DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY? jorge From: [EMAIL PROTECTED] on behalf of Figueroa, JohnnySent: Thu 2006-03-09 00:17To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Name Server records I have an AD 2003 domain and an AD integrated DNS zone. If I look a theproperties of that DNS zone and go to the "Name Servers" tab, I see afew servers that are not our domain controllers/DNS servers. Thoseservers look like DNS servers in other domains that we have a trustwith.I guess I am curious as to how these servers end up as NS records forthat zone?. The zone is AD integrated and is set to "Dynamic updates","secure Only".I could and will delete those records but I am thinking those recordswill come back. The name servers in question do NOT show up with "*" onthe IP address, which could be the result of a query.Ideas?ThanksJohnny FigueroaEnterprise Network Consultant/IntegratorNetwork Services Banner Health Voice (602)495-4195 Fax (602) 495-4406WARNING: This message, and any attachments, are intended only for theuse of the individual or entity to which it is addressed and may containinformation that is privileged, confidential and exempt from disclosureunder applicable law. If the reader of this message is not the intendedrecipient or employee/agent responsible for delivering the message tothe intended recipient, you are hereby notified that any dissemination,distribution or copying of the communication is strictly prohibited. Ifyou receive this communication in error, please notify us immediatelyList info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
They didn't say *what* company. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, March 08, 2006 3:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw I'm definately not responsible for purchasing of IT products at my company, oh well guess I'm not influential enough to justify a free subscription of the magazine. Sigh. -B On Wed, 8 Mar 2006, Grillenmeier, Guido wrote: wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 8. März 2006 17:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, March 08, 2006 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org/ Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C81 1D From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Wednesday, March 08, 2006 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Technet Magazine Active Directory Component Jigsaw http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here :-) Subscriptions are free. Todd List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
Scans would be a Good Thingtm... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, March 08, 2006 4:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw They didn't say *what* company. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!(tm) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, March 08, 2006 3:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw I'm definately not responsible for purchasing of IT products at my company, oh well guess I'm not influential enough to justify a free subscription of the magazine. Sigh. -B On Wed, 8 Mar 2006, Grillenmeier, Guido wrote: wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 8. März 2006 17:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, March 08, 2006 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org/ Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C81 1D From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Wednesday, March 08, 2006 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Technet Magazine Active Directory Component Jigsaw http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here :-) Subscriptions are free. Todd List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
...suddenly I get this image of a patent/trademark/business license, etc being filed for H. Bunnies LLC. Ed Crowley [MVP] wrote: They didn't say *what* company. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!™ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, March 08, 2006 3:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw I'm definately not responsible for purchasing of IT products at my company, oh well guess I'm not influential enough to justify a free subscription of the magazine. Sigh. -B On Wed, 8 Mar 2006, Grillenmeier, Guido wrote: wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 8. März 2006 17:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, March 08, 2006 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org/ Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C81 1D From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Wednesday, March 08, 2006 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Technet Magazine Active Directory Component Jigsaw http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here :-) Subscriptions are free. Todd List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw
Come on Brett, I know you have at some point purchased some soda or sugary substance that you consumed while at work. IT runs on that stuff, if Mountain Dew, Coca-Cola, Snickers, MMs, and Twizzlers ceased to exist IT would crumble away as most of the folks fell over asleep. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Wednesday, March 08, 2006 6:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw I'm definately not responsible for purchasing of IT products at my company, oh well guess I'm not influential enough to justify a free subscription of the magazine. Sigh. -B On Wed, 8 Mar 2006, Grillenmeier, Guido wrote: wow, what a hurdle ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Mittwoch, 8. März 2006 17:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw As an addition, the only way that it's free is if you answer the questions stating that you are responsible for the purchasing of IT products in your company. Bonnie From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, March 08, 2006 11:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Technet Magazine Active Directory Component Jigsaw Hi Todd, this would rock if you are able to scan it (or somebody has contacts to the team to request a printable-file)? Subscriptions are only free for US Residents (shipping costs), and the web-version does not include the picture. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book Windows XP - Die Expertentipps: http://tinyurl.com/44zcz http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org http://www.windowsserverfaq.org/ Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C81 1D From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Wednesday, March 08, 2006 5:00 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Technet Magazine Active Directory Component Jigsaw http://www.microsoft.com/technet/technetmag/ Someone in my office just gave me a copy of this free magazine, and it came with the really neat insert called the Active Directory Component Jigsaw. It is a wall hanging that outlines all the AD process graphically. I will try to scan it and post it on my Blog, but I just wanted to make you all aware of it. I plan to hang it on my cubical wall on the outside that says What I do here :-) Subscriptions are free. Todd List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Bulk Import
If not, ldifde will let you create passwords if you want to go that route but mailboxes would be harder to deal with it. ADMOD will not mailbox enable the objects. For that you'd want to pipe it to exchmbx. I'd tell everyone what the input is and ask Deji to look through his couches (couches? As in more than one?) for a useful script. Or you *could* use something like shameless Microsoft plug (as if they need it here) MSN Search or Google to find such scripts pre-written that you could modify. Couple of options anyway. People that use CSVDE tend to then use a script to set the passwords on those objects that get created. LDIFDE would be more flexible for what you're trying to do, but I've never tried to do it with that tool. My preference would be script instead. I'd call Deji and ask him to search his couches (is it really two? I feel like I'm hung up on that for some reason :) On 3/8/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: What is your input? Where are you getting the input from, and what format isit in? Al mentioned some script laying around. I may have one stuck in one of my couches here :)Sincerely,Dèjì Akómöláfé, MCSE+M MCSA+M MCTMicrosoft MVP - Directory Serviceswww.readymaids.com - we know IT www.akomolafe.comDo you now realize that Today is the Tomorrow you were worried aboutYesterday?-anonFrom: [EMAIL PROTECTED] on behalf of Harding, DevonSent: Wed 3/8/2006 1:37 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Bulk ImportI was going to user csvde, but read that it did not support password creation.Is this supported under ADMod?From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Wednesday, March 08, 2006 4:22 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Bulk Import I suppose it really depends on your input data.What have you got to workwith and what is the decision criteria for the OU differences?Creating the objects in a particular OU and mailbox enabling them would not be terribly difficult depending on the information you have and want to putin there. Jim's way would work, but I think I prefer to put them where theybelong at creation vs. later.For that reason either one of Joe's tools (admod for example) or script would be my preference.Script would be minebut that's just because I'm funny like that. Joe's tools are faster thoughboth at runtime and to get working if you don't have scripts laying around. AlOn 3/8/06, Kennedy, Jim [EMAIL PROTECTED] wrote:Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox thenmass send them an email.The script the move if that is faster/easier than a manual drag and drop. Soyour spreadsheet of users is: firstnamelastname passwordtargetOUconvert that to comma text for your script and use the first three for thecreation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] ] On Behalf Of Kennedy, Jim Sent: Wednesday, March 08, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk ImportDelegate it to HR.Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changedon first log on.After they are created, in the same OU...mass select them in ADUC and rightclick them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] ] On Behalf Of Harding, Devon Sent: Wednesday, March 08, 2006 2:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk Import What's the fast way for me to create 200 user accounts in specific OU's and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Bulk Import
If you mention google after MSN Search you have to turn off the shamless plug. ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al MulnickSent: Thursday, March 09, 2006 3:26 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Bulk Import If not, ldifde will let you create passwords if you want to go that route but mailboxes would be harder to deal with it. ADMOD will not mailbox enable the objects. For that you'd want to pipe it to exchmbx. I'd tell everyone what the input is and ask Deji to look through his couches (couches? As in more than one?) for a useful script. Or you *could* use something like shameless Microsoft plug (as if they need it here) MSN Search or Google to find such scripts pre-written that you could modify. Couple of options anyway. People that use CSVDE tend to then use a script to set the passwords on those objects that get created. LDIFDE would be more flexible for what you're trying to do, but I've never tried to do it with that tool. My preference would be script instead. I'd call Deji and ask him to search his couches (is it really two? I feel like I'm hung up on that for some reason :) On 3/8/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: What is your input? Where are you getting the input from, and what format isit in? Al mentioned some script laying around. I may have one stuck in one of my couches here :)Sincerely,Dèjì Akómöláfé, MCSE+M MCSA+M MCTMicrosoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried aboutYesterday?-anonFrom: [EMAIL PROTECTED] on behalf of Harding, DevonSent: Wed 3/8/2006 1:37 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Bulk ImportI was going to user csvde, but read that it did not support password creation.Is this supported under ADMod?From: [EMAIL PROTECTED][mailto: [EMAIL PROTECTED]] On Behalf Of Al MulnickSent: Wednesday, March 08, 2006 4:22 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Bulk Import I suppose it really depends on your input data.What have you got to workwith and what is the decision criteria for the OU differences?Creating the objects in a particular OU and mailbox enabling them would not be terribly difficult depending on the information you have and want to putin there. Jim's way would work, but I think I prefer to put them where theybelong at creation vs. later.For that reason either one of Joe's tools (admod for example) or script would be my preference.Script would be minebut that's just because I'm funny like that. Joe's tools are faster thoughboth at runtime and to get working if you don't have scripts laying around. AlOn 3/8/06, Kennedy, Jim [EMAIL PROTECTED] wrote:Ok, I skipped a step, sounds like you need these 200 to go to separate OU's. Mass create them in one OU, mass right click them and create the mailbox thenmass send them an email.The script the move if that is faster/easier than a manual drag and drop. Soyour spreadsheet of users is: firstnamelastname passwordtargetOUconvert that to comma text for your script and use the first three for thecreation and then the first two and last for the move. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED] ] On Behalf Of Kennedy, Jim Sent: Wednesday, March 08, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Bulk ImportDelegate it to HR.Short of that get HR or someone to give you a list of the names and script it, provide a default password of their SS number perhaps...must be changedon first log on.After they are created, in the same OU...mass select them in ADUC and rightclick them and send them a test email to create the mailbox. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED] ] On Behalf Of Harding, Devon Sent: Wednesday, March 08, 2006 2:02 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Bulk Import What's the fast way for me to create 200 user accounts in specific OU's and create Exchange mailboxes? Devon Harding Windows Systems Engineer Southern Wine Spirits - BSG 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and
RE: [ActiveDir] Name Server records
although those DCs are not yours, but they are in the same domain (I first thought they belonged to another domain) and these also host DNS services, then yes those DC/DNS servers will host the same zones and will thus register the NS records for the zones they host jorge From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny Sent: Thu 2006-03-09 00:39 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Name Server records It is a DC/DNS and it replicates to the forest which is actually just one domain. That's just it, I don't see how or why anybody would go in there and add them. There are only a few people that have the access to do that and adding those records just does not make sense. Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, March 08, 2006 4:28 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Name Server records what is the replication scope of the zone? if it is: DC within domain OR DC/DNS servers within domain then someone must have added them manually. Before removing them try finding out who added them and more important WHY? jorge From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny Sent: Thu 2006-03-09 00:17 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Name Server records I have an AD 2003 domain and an AD integrated DNS zone. If I look a the properties of that DNS zone and go to the Name Servers tab, I see a few servers that are not our domain controllers/DNS servers. Those servers look like DNS servers in other domains that we have a trust with. I guess I am curious as to how these servers end up as NS records for that zone?. The zone is AD integrated and is set to Dynamic updates, secure Only. I could and will delete those records but I am thinking those records will come back. The name servers in question do NOT show up with * on the IP address, which could be the result of a query. Ideas? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
