RE: [ActiveDir] OT: Vista Activation and KMS
I got an answer about KMS. I hesitated about posting here but I think this just clears up the misconceptions expressed in the thread, it doesn't really disclose any new information... There are 2 issues here, and a bit of a misunderstanding. Windows Server codenamed Longhorn is still in beta. The KMS service for beta builds will not allow released products to activate. So, if you want to support both Longhorn and the released version of Vista with KMS, you will need 2 KMS hosts. However, when Longhorn is released, any KMS intended to activate Longhorn servers will also activate Vista volume clients. Secondly, the KMS client will retrieve all SRV records from DNS. It will pick one at random and attempt to connect to it. If the client does not successfully activate or renew its activation, it will pick another KMS from the list, and so on until they succeed or they have tried the entire list. If a Vista KMS client contacts a beta KMS host, the client will receive an invalid version error and will proceed to try another KMS from the list provided by DNS. I hope that helps clear things up. --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Thursday, December 07, 2006 11:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Vista Activation and KMS My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for two separate KMS infrastructures and the problems in #2 below. I put this up in the beta volume licensing group, hopefully there will be some MSFT response on this. I agree with you - the point of making it easy by allowing srv records is offset by the fact neither the VL client nor the KMS server can differentiate between Vista and LHS. Even if the solution is to update the KMS service prior to longhorn's release, and have separate srv records (one for Vista, one for longhorn, another for ?? because you know they're on a roll now and will soon have other things doing VLA) personally I'd rather have multiple records than multiple KMS servers, and hard-coding reg keys or using MAKS for all servers is not really a good solution, IMHO. Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz Sent: Tuesday, December 05, 2006 11:41 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista Activation and KMS On 12/5/06, Laura A. Robinson [EMAIL PROTECTED] wrote: Inline... From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Harvey Kamangwitz Sent: Tuesday, December 05, 2006 11:28 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Vista Activation and KMS If you have any kind of a complex environment, you'll find volume activation to be very frustrating indeed: 1. The KMS service can't support more than one key, so if you have Longhorn VL clients in your environment you have to put up a second KMS infrastructure for them. Actually, when you purchase a KMS key, you get to activate TWO KMS hosts with that key, up to ten times each. Therefore, you don't have to put up a second KMS infrastructure. From a subsequent post on this thread: Doh! Okay, now I think I get what you're referencing in item 1. There's a reason for that- LH isn't out yet. When LH is out, that won't be an issue. :-) My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for two separate KMS infrastructures and the problems in #2 below. I'm assuming that Microsoft will be using Volume Activation for other products in the future; are we to put up a separate KMS for each? 2. You
[ActiveDir] DFS-R Issue - 2nd try
First post had no takers??? All, We have some issues where folders with DFS-R implemented have what I call relapse. Here are some symptoms. We can add files and folders, no problem. We can change file names, no problem. When we rename folders, we have a problem - many times, the folder name reverts back to the old name. It will take us 3-5 tries before the rename takes. Sometimes, when we modify a file, later that day, the file reverts back to the original status (e.g. an Excel spreadsheet with added data). Not all our folders and files exhibit this issue. Has anyone come across these symptoms and/or have recommendations? Our setup has 2 sites, with a domain controller/file server in each, Win2k3 R2, with at least 100Mb connectivity between sites. The folders replicated are about 180G of data total, but the daily changes are very minimal (my guess is 100M/day max). We don't schedule the replication due to the abundant bandwidth. Actually, we do schedule one folder to replicate at night because that folder has been giving me the most issues. Since I have changed from instant replication to a scheduled replication at night, the problem seems to have been alleviated. However, all the other folders require immediate replication. Any insights are very welcome! Thank you! Steve Comeau IT Manager Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ 08854 www.scarletknights.com *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ www.scarletknights.com *** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] BTS Documentation
All, Can anyone please tell me if they have seen any BTS (Beta Training Content) documentation for Longhorn Server? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] Join a Domain
Thanks guys it was working pretty good. - Original Message From: Al Mulnick [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Tuesday, December 12, 2006 12:52:45 AM Subject: Re: [ActiveDir] Join a Domain Sounds like this is a carry over from another thread then? On 12/11/06, Akomolafe, Deji [EMAIL PROTECTED] wrote: John, now that your DNS is working on the server, you need to make sure that your clients are using ONLY this server as their DNS server. Reconfigure your clients' Primary DNS server entries in TCP/IP configuration to have the IP address of your DNS server. Remove any other IP address that you find in the DNS configuration. IF you are using DHCP, you need to change your scope configuration to now have ONLY this server as the DNS server. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: John Sent: Mon 12/11/2006 10:45 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Join a Domain There was an error in my one client machine to join a domain. Below are: An error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain server-2.blackstallions.com.sa. The error was: No records found for given DNS query. (error code 0x251D DNS_INFO_NO_RECORDS) The query was for the SRV record for _ldap._tcp.dc._msdcs.server-2.blackstallions.com.sa What does this SRV record means? There is something I need to re-configure in the server? Let me know expert. Thanks. John Everyone is raving about the all-new Yahoo! Mail beta. Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
[ActiveDir] big problem with dns and AD
I have a problem here, and it seams to be very big. In one of our domains we had 2 DC´s. one of them a GC, Now one of them is down, and in the other, the Forwards lookup zone is empty. How can recreate the forwards zone? Is my subdomain lost? How can I recover the dns configuration? I can see objects with ldp or adsiedit., But nobody can log in to the domain... please, need help Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
RE: [ActiveDir] big problem with dns and AD
What type of zone was it? Was it just a Standard Primary or AD Integrated? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 10:41 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir.org; [EMAIL PROTECTED] Subject: [ActiveDir] big problem with dns and AD I have a problem here, and it seams to be very big. In one of our domains we had 2 DC´s. one of them a GC, Now one of them is down, and in the other, the Forwards lookup zone is empty. How can recreate the forwards zone? Is my subdomain lost? How can I recover the dns configuration? I can see objects with ldp or adsiedit., But nobody can log in to the domain... please, need help Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
[ActiveDir] group policy object
I am trying to create a GPO however I can not find the group policy tab under my domain. Is there something to be fix. Thanks. John Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Re: [ActiveDir] OT: Vista Activation and KMS
If a Vista KMS client contacts a beta KMS host, the client will receive an invalid version error and will proceed to try another KMS from the list provided by DNS. This is good information, Rich; I hadn't seen this before. It means that beta and production KMS infrastructures can coexist. Thanks for posting. - Harvey On 12/12/06, Rich Milburn [EMAIL PROTECTED] wrote: I got an answer about KMS. I hesitated about posting here but I think this just clears up the misconceptions expressed in the thread, it doesn't really disclose any new information… There are 2 issues here, and a bit of a misunderstanding. Windows Server codenamed Longhorn is still in beta. The KMS service for beta builds will not allow released products to activate. So, if you want to support both Longhorn and the released version of Vista with KMS, you will need 2 KMS hosts. However, when Longhorn is released, any KMS intended to activate Longhorn servers will also activate Vista volume clients. Secondly, the KMS client will retrieve all SRV records from DNS. It will pick one at random and attempt to connect to it. If the client does not successfully activate or renew its activation, it will pick another KMS from the list, and so on until they succeed or they have tried the entire list. If a Vista KMS client contacts a beta KMS host, the client will receive an invalid version error and will proceed to try another KMS from the list provided by DNS. I hope that helps clear things up. *---** **Rich Milburn** **MCSE, Microsoft MVP - Directory Services** Sr Network Analyst, Field Platform Development Applebee's International, Inc.** **4551 W. 107th St** **Overland Park, KS 66207** **913-967-2819** **--** **I love the smell of red herrings in the morning - anonymous* *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Rich Milburn *Sent:* Thursday, December 07, 2006 11:09 AM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] OT: Vista Activation and KMS My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for two separate KMS infrastructures and the problems in #2 below. I put this up in the beta volume licensing group, hopefully there will be some MSFT response on this. I agree with you – the point of making it easy by allowing srv records is offset by the fact neither the VL client nor the KMS server can differentiate between Vista and LHS. Even if the solution is to update the KMS service prior to longhorn's release, and have separate srv records (one for Vista, one for longhorn, another for ?? because you know they're on a roll now and will soon have other things doing VLA) personally I'd rather have multiple records than multiple KMS servers, and hard-coding reg keys or using MAKS for all servers is not really a good solution, IMHO. Rich *--- **Rich Milburn **MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc.** **4551 W. 107th St** **Overland Park, KS 66207** **913-967-2819** **--** **I love the smell of red herrings in the morning - anonymous* *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Harvey Kamangwitz *Sent:* Tuesday, December 05, 2006 11:41 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] OT: Vista Activation and KMS On 12/5/06, *Laura A. Robinson* [EMAIL PROTECTED] wrote: Inline... -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Harvey Kamangwitz *Sent:* Tuesday, December 05, 2006 11:28 AM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] OT: Vista Activation and KMS If you have any kind of a complex environment, you'll find volume activation to be very frustrating indeed: 1. The KMS service can't support more than one key, so if you have Longhorn VL clients in your environment you have to put up a second KMS infrastructure for them. Actually, when you purchase a KMS key, you get to activate TWO KMS hosts with that key, up to ten times each. Therefore, you don't have to put up a second KMS infrastructure. From a subsequent post on this thread: Doh! Okay, now I think I get what you're referencing in item 1. There's a reason for that- LH isn't out yet. When LH is out, that won't be an issue. :-) My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for
Re: [ActiveDir] OT: Vista Activation and KMS
Oops. I forgot a few words: ...can coexist *using autodiscovery.* ** -H On 12/12/06, Harvey Kamangwitz [EMAIL PROTECTED] wrote: If a Vista KMS client contacts a beta KMS host, the client will receive an invalid version error and will proceed to try another KMS from the list provided by DNS. This is good information, Rich; I hadn't seen this before. It means that beta and production KMS infrastructures can coexist. Thanks for posting. - Harvey On 12/12/06, Rich Milburn [EMAIL PROTECTED] wrote: I got an answer about KMS. I hesitated about posting here but I think this just clears up the misconceptions expressed in the thread, it doesn't really disclose any new information… There are 2 issues here, and a bit of a misunderstanding. Windows Server codenamed Longhorn is still in beta. The KMS service for beta builds will not allow released products to activate. So, if you want to support both Longhorn and the released version of Vista with KMS, you will need 2 KMS hosts. However, when Longhorn is released, any KMS intended to activate Longhorn servers will also activate Vista volume clients. Secondly, the KMS client will retrieve all SRV records from DNS. It will pick one at random and attempt to connect to it. If the client does not successfully activate or renew its activation, it will pick another KMS from the list, and so on until they succeed or they have tried the entire list. If a Vista KMS client contacts a beta KMS host, the client will receive an invalid version error and will proceed to try another KMS from the list provided by DNS. I hope that helps clear things up. *--- ** **Rich Milburn** **MCSE, Microsoft MVP - Directory Services** Sr Network Analyst, Field Platform Development Applebee's International, Inc.** **4551 W. 107th St** **Overland Park, KS 66207** **913-967-2819 ** **-- ** **I love the smell of red herrings in the morning - anonymous* *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Rich Milburn *Sent:* Thursday, December 07, 2006 11:09 AM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] OT: Vista Activation and KMS My hope was that KMS could support more than one key. I was astonished when I discovered it didn't. If you were Vista, KMS would supply you with a Vista key. Longhorn, a Longhorn key. Since KMS only supports one key, it triggers the need for two separate KMS infrastructures and the problems in #2 below. I put this up in the beta volume licensing group, hopefully there will be some MSFT response on this. I agree with you – the point of making it easy by allowing srv records is offset by the fact neither the VL client nor the KMS server can differentiate between Vista and LHS. Even if the solution is to update the KMS service prior to longhorn's release, and have separate srv records (one for Vista, one for longhorn, another for ?? because you know they're on a roll now and will soon have other things doing VLA) personally I'd rather have multiple records than multiple KMS servers, and hard-coding reg keys or using MAKS for all servers is not really a good solution, IMHO. Rich *--- **Rich Milburn **MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc.** **4551 W. 107th St** **Overland Park, KS 66207 ** **913-967-2819** **-- ** **I love the smell of red herrings in the morning - anonymous * *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Harvey Kamangwitz *Sent: *Tuesday, December 05, 2006 11:41 PM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] OT: Vista Activation and KMS On 12/5/06, *Laura A. Robinson* [EMAIL PROTECTED] wrote: Inline... -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Harvey Kamangwitz *Sent:* Tuesday, December 05, 2006 11:28 AM *To:* ActiveDir@mail.activedir.org *Subject:* Re: [ActiveDir] OT: Vista Activation and KMS If you have any kind of a complex environment, you'll find volume activation to be very frustrating indeed: 1. The KMS service can't support more than one key, so if you have Longhorn VL clients in your environment you have to put up a second KMS infrastructure for them. Actually, when you purchase a KMS key, you get to activate TWO KMS hosts with that key, up to ten times each. Therefore, you don't have to put up a second KMS infrastructure. From a subsequent post on this thread: Doh! Okay, now I think I get what you're referencing in item 1. There's a reason for that- LH isn't out yet. When LH is out, that won't be an issue. :-) My hope was that
[ActiveDir] big problem with dns and AD
Return Receipt Your [ActiveDir] big problem with dns and AD document: wasSteve Szwejbka/National/Hewitt Associates received by: at:12/12/2006 10:20:58 AM The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] group policy object
If you have GPMC installed, then the GP tab is removed from ADUC and you'll need to manage GP from the GPMC. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Sent: Tuesday, December 12, 2006 8:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] group policy object I am trying to create a GPO however I can not find the group policy tab under my domain. Is there something to be fix. Thanks. John _ Everyone is raving about the http://us.rd.yahoo.com/evt=42297/*http:/advision.webevents.yahoo.com/mailbe ta all-new Yahoo! Mail beta.
[ActiveDir] Remote Exchange Access and Timing
All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro
Re: [ActiveDir] group policy object
John, The native way to create a GPO is to right click on an OU and select properites and then select the Group Policy Tab, the easiest way to create and manage GPO's is to use the GPMC which you can download from www.microsoft.com Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: John [EMAIL PROTECTED] Date: Tue, 12 Dec 2006 08:15:43 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] group policy object I am trying to create a GPO however I can not find the group policy tab under my domain. Is there something to be fix. Thanks. John Everyone is raving about the all-new Yahoo! Mail beta.: http://us.rd.yahoo.com/evt=42297/*http://advision.webevents.yahoo.com/mailbeta
[ActiveDir] big problem with dns and AD
Return Receipt Your [ActiveDir] big problem with dns and AD document: wasJason Centenni/CDS/CG/CAPITAL received by: at:12/12/2006 11:02:18 AM CST List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Remote Exchange Access and Timing
What element are you remotely accessing? I take it you mean a client at a remote site? Which version of Exchange? I'm taking it that you mean an outlook client accessing an Exch2003 svr, if so then an outlook over SSL connection will be fine, especially if you cache locally... I've got clients out on lines 500ms + Cheers, Rob Robert Rutherford QuoStar Solutions Limited T:+44 (0) 8456 440 331 F:+44 (0) 8456 440 332 M:+44 (0) 7974 249 494 E:[EMAIL PROTECTED] W:www.quostar.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 12 December 2006 17:27 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Remote Exchange Access and Timing All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro
RE: [ActiveDir] Remote Exchange Access and Timing
I tell my customers 200 ms or better. In cached mode, Outlook 2003 and Outlook 2007 work just fine with that latency (depending, of course, on how much data you are moving, but “in general”). If you are “live” and no cached, you really want 80 ms or better, but I don’t recommend it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 12:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Remote Exchange Access and Timing All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro
[ActiveDir] Moving an AD 2003 Domain Controller to a new server
Are there any potential issues when moving a backup Domain Controller off of one server and onto a new server (both Windows 2003 at the same location)? I was going to build and promote the new server, transfer the FSMO roles from the old to the new DC and then demote the old server both in the same day. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [ActiveDir] OT: Quota Software
We use a 3rd party app SpaceGuard SRM from www.tools4ever.com on our file servers to implement directory level (rather than user level) disk quotas, monitor usage, send email to users when they get close or hit the quota, etc. I can monitor and manage quotas from a single client workstation and have setup automatic quotas for Home Directories. Spaceguard works fine for our single site. We did not try the built in Windows quota at the time we switched to AD 4 years ago because the quota was by user. It may have gotten better in win2k3. Michael J. Miller Computing Services College of Veterinary Medicine, UIUC _ Mark Parris wrote: All, I have been tasked with implementing disk quota's for corporate users the some of the data is centralised and some is stored on regional file servers, but no user has data spead over more than one server or location. Whilst I understand the concepts I have never implemented quota software so can anyone recommend a quota management software that works? The software must be configurable to a user or a group and not at the volume level. A nice to have would be storage billing. Any gotchas? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Possibility of writing to ntSecurityDescriptor with LDAP and Unix
I know this may sounds crazy, but I need to write to the ntSecurityDescriptor attribute on a computer account from Unix via LDAP. Any clues? Essentially, what I am trying to do is query the ntsecuritydescriptor attribute of an object already in AD to see the value and would like to moving forward to set the same value to a specific object moving forward. Why ldap from Unix? Well, I am dealing with Unix Admins who hate Windows and want to do everything Unix. Any tips or tricks would be greatly appreciated. Thank you!
RE: [ActiveDir] Remote Exchange Access and Timing
Exchange 2003 using a soft client. Seems that the Web based Outlook works fine. The client software is very slow when updating In/Outbox and eventually looses connectivity. Not sure about the SSL side of things. Will check. Bear with me, here. So some of my terminology may be a bit off. I am a routing tech not an Exchange admin so I tend to look at things at the lower layers of the stack by nature. Though I hadn't considered problems with the SSL. No problems are being reported from within the European continent. What I am seeing are a couple of major outages between Chicago and Brussels, Belgium. Leading me to initially think that the session was timing out or a Name Server had lost peering/neighbor once traffic hit Europe. I did try a ping and traceroute on a different T-1 peer and found the difference to be a difference by a factor of 500% less latency. However, if your saying you have folks with a 500ms ping with no problems then there is definitely more than meets the eye. Will check the local caching as well. To be absolutely sure. Hopefully, thats obtuse enough, lol. I feel slightly out of my element, here. ; ) Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Robert Rutherford [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/12/2006 12:26 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Remote Exchange Access and Timing What element are you remotely accessing? I take it you mean a client at a remote site? Which version of Exchange? I’m taking it that you mean an outlook client accessing an Exch2003 svr, if so then an outlook over SSL connection will be fine, especially if you cache locally… I’ve got clients out on lines 500ms + Cheers, Rob Robert Rutherford QuoStar Solutions Limited T:+44 (0) 8456 440 331 F:+44 (0) 8456 440 332 M:+44 (0) 7974 249 494 E:[EMAIL PROTECTED] W:www.quostar.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 12 December 2006 17:27 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Remote Exchange Access and Timing All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] Remote Exchange Access and Timing
That definitely gives me something to zero in on. Now to find this caching mechanism. At one time I thought (maybe Exchange 5.5) the magic number was somewhere around 50ms. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Michael B. Smith [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/12/2006 12:31 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Remote Exchange Access and Timing I tell my customers 200 ms or better. In cached mode, Outlook 2003 and Outlook 2007 work just fine with that latency (depending, of course, on how much data you are moving, but “in general”). If you are “live” and no cached, you really want 80 ms or better, but I don’t recommend it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 12:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Remote Exchange Access and Timing All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] Remote Exchange Access and Timing
Exchange 2003 and above with Outlook 2003 and above put a heck of a lot more data in each buffer and they compress it. Thus, due to a more efficient use of bandwidth, the latency can increase and still have reasonable performance. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 3:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Remote Exchange Access and Timing That definitely gives me something to zero in on. Now to find this caching mechanism. At one time I thought (maybe Exchange 5.5) the magic number was somewhere around 50ms. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Michael B. Smith [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/12/2006 12:31 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject RE: [ActiveDir] Remote Exchange Access and Timing I tell my customers 200 ms or better. In cached mode, Outlook 2003 and Outlook 2007 work just fine with that latency (depending, of course, on how much data you are moving, but “in general”). If you are “live” and no cached, you really want 80 ms or better, but I don’t recommend it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 12:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Remote Exchange Access and Timing All; This may be slightly off topic. Does anyone remember how fast Exchange needs the line speed to be for remote access? I am working with a client that is having time out issues with a 248ms (average) packet time. With some static routing I might be able to get this number down to say 125ms but my fear is that will likewise be too slow. From a networking (routing) side of things I can see some peering loss in Europe so there is no really easy answer save building special static routes or PPP connections, etc. Thanks! Brent Eads Employee Technology Solutions, Inc. Office: (312) 762-9224 Fax: (312) 762-9275 The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document. Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect. Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material. Message scanned by TrendMicro Message scanned by TrendMicro Message scanned by TrendMicro
RE: [ActiveDir] DFS-R Issue - 2nd try
Steve, I'll weigh in - I'm no DFSR legend, but I like to think I am learning more about it every day, and things like this only help me learn more... You say you have no replication of your DFS topology, except for one folder - what is the replication topology (you know, full mesh, etc)? What is the timeframe for your replication? Let's start there... themolk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Comeau Sent: Tuesday, 12 December 2006 11:54 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DFS-R Issue - 2nd try First post had no takers??? All, We have some issues where folders with DFS-R implemented have what I call relapse. Here are some symptoms. We can add files and folders, no problem. We can change file names, no problem. When we rename folders, we have a problem - many times, the folder name reverts back to the old name. It will take us 3-5 tries before the rename takes. Sometimes, when we modify a file, later that day, the file reverts back to the original status (e.g. an Excel spreadsheet with added data). Not all our folders and files exhibit this issue. Has anyone come across these symptoms and/or have recommendations? Our setup has 2 sites, with a domain controller/file server in each, Win2k3 R2, with at least 100Mb connectivity between sites. The folders replicated are about 180G of data total, but the daily changes are very minimal (my guess is 100M/day max). We don't schedule the replication due to the abundant bandwidth. Actually, we do schedule one folder to replicate at night because that folder has been giving me the most issues. Since I have changed from instant replication to a scheduled replication at night, the problem seems to have been alleviated. However, all the other folders require immediate replication. Any insights are very welcome! Thank you! Steve Comeau IT Manager Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ 08854 www.scarletknights.com *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA, 83 Rockafeller Road, Piscataway, NJ www.scarletknights.com *** List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive:
RE: [ActiveDir] Moving an AD 2003 Domain Controller to a new server
Dear whoever you are, It's going to depend on the size and scope of your domain - how many DC's, how often replication is set to occur, link speed, etc, etc. What you say sounds plausible, but what of these other environmental factors? themolk. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tech QnA Sent: Wednesday, 13 December 2006 4:50 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Moving an AD 2003 Domain Controller to a new server Are there any potential issues when moving a backup Domain Controller off of one server and onto a new server (both Windows 2003 at the same location)? I was going to build and promote the new server, transfer the FSMO roles from the old to the new DC and then demote the old server both in the same day. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately.
[ActiveDir] Strange DNS problem. How to troubleshoot
Hi, I am having a problem with the DNS. I have a few users that connects to computers at NASA. Every none and them our DNS server here stop resolving certain machines in the domains machine.subdomain.nasa.gov I have run nslookups asking for those machines to different DNS servers, my DNS don't resolve but others DNS are resolving fine, I have also use the online tool dnsstuff.com and and that one resolves too. Last time I solved the problem restarting the dns server service in the servers, other time I cleared the cache and updated the server data files and that was enough Any tips of how should I start troubleshooting this? Also, a separate question, I saw once that windows DNS server keep all the conf in a file, like Linux/UNIX, where is that file located? Thanks in advance Rezuma
RE: [ActiveDir] Possibility of writing to ntSecurityDescriptor with LDAP and Unix
Its certainly doable... there are two gotchas though. One, you need to use the 1.2.840.113556.1.4.801 (#defined as LDAP_SERVER_SD_FLAGS_OID in ntldap.h) control on the search and modify operations. This lets you set and retrieve portions of the nTSecurityDescriptor attribute. The paramter in an integer bit mask that describes what parts of the sd to return. See http://msdn2.microsoft.com/en-gb/library/aa366987.aspx. When you update the SD, be sure you set the flags only for the parts you are updating. If you don't you'll get an error on the update. The other thing you have to worry about is that the nTSecurityDescriptor attribute is a binary blob (ASN sequence of bytes). The blob is a self-relative security descriptor structure as defined in winnt.h (typedef'd as SECURITY_DESCRIPTOR_RELATIVE). You'll probably have to create the structure definition yourself based on what's in winnt.h. I don't know if the Samba headers have a usable definition or not. -gil Gil Kirkpatrick CTO, NetPro From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Santiago, Felderi (F.) Sent: Tuesday, December 12, 2006 12:50 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Possibility of writing to ntSecurityDescriptor with LDAP and Unix I know this may sounds crazy, but I need to write to the ntSecurityDescriptor attribute on a computer account from Unix via LDAP. Any clues? Essentially, what I am trying to do is query the ntsecuritydescriptor attribute of an object already in AD to see the value and would like to moving forward to set the same value to a specific object moving forward. Why ldap from Unix? Well, I am dealing with Unix Admins who hate Windows and want to do everything Unix. Any tips or tricks would be greatly appreciated. Thank you!
RE: [ActiveDir] OT: Quota Software
Windows Server 2003 R2 not only improved on the quota management built into the product, allowing granularity down to the user, but also added reporting and file screening. You can find more information on these new features at the following links: http://www.microsoft.com/technet/technetmag/issues/2006/05/GetControl/default.aspx http://download.microsoft.com/download/7/4/7/7472bf9b-3023-48b7-87be-d2cedc38f15a/WS03R2_Storage_Management.doc Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Miller Sent: Tuesday, December 12, 2006 1:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Quota Software We use a 3rd party app SpaceGuard SRM from www.tools4ever.com on our file servers to implement directory level (rather than user level) disk quotas, monitor usage, send email to users when they get close or hit the quota, etc. I can monitor and manage quotas from a single client workstation and have setup automatic quotas for Home Directories. Spaceguard works fine for our single site. We did not try the built in Windows quota at the time we switched to AD 4 years ago because the quota was by user. It may have gotten better in win2k3. Michael J. Miller Computing Services College of Veterinary Medicine, UIUC _ Mark Parris wrote: All, I have been tasked with implementing disk quota's for corporate users the some of the data is centralised and some is stored on regional file servers, but no user has data spead over more than one server or location. Whilst I understand the concepts I have never implemented quota software so can anyone recommend a quota management software that works? The software must be configurable to a user or a group and not at the volume level. A nice to have would be storage billing. Any gotchas? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
[ActiveDir] Way OT: Laptop Battery Life
Hi – When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can’t tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006
RE: [ActiveDir] Way OT: Laptop Battery Life
I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell - it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly - I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting your IT department up for new ones. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, December 12, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Way OT: Laptop Battery Life Hi - When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can't tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006
RE: [ActiveDir] Way OT: Laptop Battery Life
Even removing the CD/DVD ROM drive during flight helps. I had the media bay battery that Brian mentions below and it made a huge difference. Subsequently, I have moved to an IBM X60 and with the standard battery in maximize battery life mode I usual get 9 hours. Also, don't forget to turn your screen brightness down as much as possible - it makes a huge difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, December 12, 2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell - it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly - I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting your IT department up for new ones. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, December 12, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Way OT: Laptop Battery Life Hi - When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can't tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006
Re: [ActiveDir] Possibility of writing to ntSecurityDescriptor with LDAP and Unix
On Tue, 12 Dec 2006 14:49:46 -0500 Santiago, Felderi (F.) [EMAIL PROTECTED] wrote: I know this may sounds crazy, but I need to write to the ntSecurityDescriptor attribute on a computer account from Unix via LDAP. Any clues? Essentially, what I am trying to do is query the ntsecuritydescriptor attribute of an object already in AD to see the value and would like to moving forward to set the same value to a specific object moving forward. Why ldap from Unix? Well, I am dealing with Unix Admins who hate Windows and want to do everything Unix. Any tips or tricks would be greatly appreciated. Doubt it. Basically you need two things: an LDAP client that supports the LDAP_SERVER_SD_FLAGS_OID control and a library that understands how to decode and manipulate the binary array of ACEs that makes up a security descriptor. The first part is easy. The second part is very difficult unless you're confortable hacking in C or Java. As LDAP clients on UNIX go the best ones are: 1) OpenLDAP's C library which give you low level access to build controls and therefore will definitely allow you to set LDAP_SERVER_SD_FLAGS_OID flags. 2) Java's JNDI which should also have low level access but I'm not sure. 3) The Perl binding for OpenLDAP is pretty good but again I'm not sure you can do an arbitrary LDAPControl. As security descriptor libraries go there are only two that I'm aware of: 1) Samba has a C api and a Python binding but it could be difficult trying to decipher how to use it as it most likely is not designed specifically for generic use such as this. 2) JCIFS has code to get security descriptors and resolve names of SIDs but it only has code to decode security descriptors not encode them. But the only reason that I mention JCIFS is because if *I* had to do this, I think JNDI/JCIFS would be the path of least resistance and you would end up with a pretty nice and flexible solution. Or, if they ok with using a web interface you could write a ASP to do the work and protect it with Kerberos SSO which Firefox can do. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
RE: [ActiveDir] Way OT: Laptop Battery Life
I find not using mine gives me almost unlimited hours use. themolk. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jackson Shaw Sent: Wednesday, 13 December 2006 1:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life Even removing the CD/DVD ROM drive during flight helps. I had the media bay battery that Brian mentions below and it made a huge difference. Subsequently, I have moved to an IBM X60 and with the standard battery in maximize battery life mode I usual get 9 hours. Also, don't forget to turn your screen brightness down as much as possible - it makes a huge difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, December 12, 2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell - it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly - I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting your IT department up for new ones. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, December 12, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Way OT: Laptop Battery Life Hi - When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can't tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006 This email (including any attachments) contains confidential information and is intended only for the named addressee. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system and destroy any copies. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Email transmission cannot be guaranteed to be secure or error-free and emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. The sender does not give any warranties nor accepts any liability in relation to any of these matters. If you have any doubt about the authenticity of an email purportedly sent by us, please contact us immediately.
RE: [ActiveDir] Way OT: Laptop Battery Life
Lithium batteries are resilient to the charge/discharge issues associated with earlier batteries. Generally, you want to replace batteries after about 18 months, because that's when depreciation sets in. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Brian Desmond Sent: Tue 12/12/2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell - it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly - I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting your IT department up for new ones. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, December 12, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Way OT: Laptop Battery Life Hi - When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can't tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006
RE: [ActiveDir] Way OT: Laptop Battery Life
Whatever they give me must not be Lithium then. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji Sent: Tuesday, December 12, 2006 11:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life Lithium batteries are resilient to the charge/discharge issues associated with earlier batteries. Generally, you want to replace batteries after about 18 months, because that's when depreciation sets in. Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) /|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com x-excid://3277/uri:http:/www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Brian Desmond Sent: Tue 12/12/2006 7:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Way OT: Laptop Battery Life I have this model too. Kill the Wifi and Bluetooth for starters. Wifi is Fn+F2 I think. Next, get a media bay battery from Dell - it can give you several (up to 4) more hours in my experience. I go through batteries pretty quickly - I think I killed the media bay battery (or at met its half life) in about 6 months. A combination of desk work and being mobile does this because of the uneven discharge/charge cycles. You can either be real meticulous about taking care of the batteries or start hitting your IT department up for new ones. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, December 12, 2006 10:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Way OT: Laptop Battery Life Hi - When I travel with my standard issue Dell D600 (1.5GB RAM), I get maybe two hours out of a fully charged battery while doing standard Word, Excel, Outlook stuff. Throw in Visio or (ugh) Quickbooks and cut that time in half. Sometimes, I try to disable services that I know I will not need on the plane (does antivirus really need to autoprotect on the plane?), but I can't tell you that this actually gives me any more battery. Any recommendations for battery-life extending tricks, tools, services to disable, etc? Greatly appreciated as I head across the country for the late December boogie. Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.16/582 - Release Date: 12/11/2006
[ActiveDir] FRS and DNS problem
Hi, I moved all FSMO roles from my old server to my new server. But now I seem to have a FRS issue. When I run netdiag /test:dns I get the following: Domain membership test . . . . . . : Failed [WARNING] The system volume has not been completely replicated to the local machine. This machine is not working properly as a DC. I also get Event ID: 13562 As a result I am unable to remove the old server via dcpromo, as it reports it cannot locate a domain controller. Any help would be great. Cheers, Craig
Re: [ActiveDir] FRS and DNS problem
http://www.eventid.net/display.asp?eventid=13562eventno=662source=NtFrsphase=1 Reviewed that? You've checked that it truly holds the FSMO roles? (ntdsutil) http://support.microsoft.com/kb/255504 http://support.microsoft.com/kb/234790 Craig A. Bumpstead wrote: Hi, I moved all FSMO roles from my old server to my new server. But now I seem to have a FRS issue. When I run netdiag /test:dns I get the following: Domain membership test . . . . . . : Failed [WARNING] The system volume has not been completely replicated to the local machine. This machine is not working properly as a DC. I also get Event ID: 13562 As a result I am unable to remove the old server via dcpromo, as it reports it cannot locate a domain controller. Any help would be great. Cheers, Craig List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] OT: Quota Software
Steve, Many thanks, will investigate later today. Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 -Original Message- From: Steve Linehan [EMAIL PROTECTED] Date: Tue, 12 Dec 2006 18:42:53 To:ActiveDir@mail.activedir.org ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Quota Software Windows Server 2003 R2 not only improved on the quota management built into the product, allowing granularity down to the user, but also added reporting and file screening. You can find more information on these new features at the following links: http://www.microsoft.com/technet/technetmag/issues/2006/05/GetControl/default.aspx http://download.microsoft.com/download/7/4/7/7472bf9b-3023-48b7-87be-d2cedc38f15a/WS03R2_Storage_Management.doc Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Miller Sent: Tuesday, December 12, 2006 1:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Quota Software We use a 3rd party app SpaceGuard SRM from www.tools4ever.com on our file servers to implement directory level (rather than user level) disk quotas, monitor usage, send email to users when they get close or hit the quota, etc. I can monitor and manage quotas from a single client workstation and have setup automatic quotas for Home Directories. Spaceguard works fine for our single site. We did not try the built in Windows quota at the time we switched to AD 4 years ago because the quota was by user. It may have gotten better in win2k3. Michael J. Miller Computing Services College of Veterinary Medicine, UIUC _ Mark Parris wrote: All, I have been tasked with implementing disk quota's for corporate users the some of the data is centralised and some is stored on regional file servers, but no user has data spead over more than one server or location. Whilst I understand the concepts I have never implemented quota software so can anyone recommend a quota management software that works? The software must be configurable to a user or a group and not at the volume level. A nice to have would be storage billing. Any gotchas? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
Re: [ActiveDir] OT: Quota Software
FSRM is even in SBS 2003 R2 ;-) Steve Linehan wrote: Windows Server 2003 R2 not only improved on the quota management built into the product, allowing granularity down to the user, but also added reporting and file screening. You can find more information on these new features at the following links: http://www.microsoft.com/technet/technetmag/issues/2006/05/GetControl/default.aspx http://download.microsoft.com/download/7/4/7/7472bf9b-3023-48b7-87be-d2cedc38f15a/WS03R2_Storage_Management.doc Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Miller Sent: Tuesday, December 12, 2006 1:33 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Quota Software We use a 3rd party app SpaceGuard SRM from www.tools4ever.com on our file servers to implement directory level (rather than user level) disk quotas, monitor usage, send email to users when they get close or hit the quota, etc. I can monitor and manage quotas from a single client workstation and have setup automatic quotas for Home Directories. Spaceguard works fine for our single site. We did not try the built in Windows quota at the time we switched to AD 4 years ago because the quota was by user. It may have gotten better in win2k3. Michael J. Miller Computing Services College of Veterinary Medicine, UIUC _ Mark Parris wrote: All, I have been tasked with implementing disk quota's for corporate users the some of the data is centralised and some is stored on regional file servers, but no user has data spead over more than one server or location. Whilst I understand the concepts I have never implemented quota software so can anyone recommend a quota management software that works? The software must be configurable to a user or a group and not at the volume level. A nice to have would be storage billing. Any gotchas? Regards, Mark Parris Base IT Ltd Active Directory Consultancy Tel +44(0)7801 690596 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
