[ActiveDir] [OT] GMAIL encoding
I dont know exactly where it is off the top of my head because I dont have access to GMAIL at work, but GMAIL does allow you (to my knowledge) to set the encoding of your messages if you wanted toperhaps you can check into that? Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, May 10, 2006 10:17 AM To: ActiveDir@mail.activedir.org Subject: RE: Re: [ActiveDir] Several IMAP Accounts-Outlook fail Ok Al this is getting downright annoying, tell google to stop encoding your messages in MIME64. I have already told MSFT to fix Outlook. I am not holding my breath though. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, May 10, 2006 9:45 AM To: ActiveDir@mail.activedir.org Subject: OT: Re: [ActiveDir] Several IMAP Accounts-Outlook fail
RE: [ActiveDir] CLUSTERING AND LOAD BALANCING
This might get you started: http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/clustering.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hitender saxena Sent: Tuesday, February 21, 2006 2:44 PM To: activedir@mail.activedir.org Subject: [ActiveDir] CLUSTERING AND LOAD BALANCING Hi, Please give a detailed study for difference between Clustering and Load Balancing. Thanks and Regards Hitender Saxena -- ___ Play 100s of games for FREE! http://games.mail.com/
RE: [ActiveDir] OT: Gauging AD experience
Currently on my desk 2 laptops (1 with external monitor connected and only one running at the moment), 3 computers, 22 POS Modems, a Google Search appliance, a Cisco Pix 525 and the head of a Coconut Monkey! Like Rich, my lab is a different story. The GSA and Pix will soon find new homes in the lab racks after Im done testing and eventually all 22 POS modems will find new homes in far corners of the country. Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Tuesday, January 24, 2006 10:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Ok I gotta ask, Joe you said monitors plural how many computers and monitors do you guys have in your desk? I cant imagine that I win I certainly dont have any 100+ VMs like I saw Joe mention but Ill start I have 6 computers, 1 laptop, and one touchscreen POS terminal, in my office and running right now. 2 of those have VMs, and so does the laptop but its tied up for 3 or 4 hours running longhorn server setup so I can try again now I know there is a wireless add on component hidden somewhere I have 4 monitors plus the laptop and touchscreen. And I have one other POS terminal and 2 other PCs on standby. This doesnt count the lab. Ill bet that, regardless of some of the looks I get when people peek in my cube (no, not office), that this is pretty standard Rich --- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 -- I love the smell of red herrings in the morning - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 23, 2006 9:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Oh great Gil thanks... now I have to clean Coca-cola off my monitors. :o) Good to see you back Todd. You working for Ringling Bros now? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, January 20, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience But at least you're not bitter... -g From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CC/DNA) [E] Sent: Friday, January 20, 2006 12:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience In my experience, when good directories go bad, it is usually due to three things. Firewalls Firewalls Did I list firewalls? Runner ups would be ADC for Exchange, Clowns posing as Administrators, Clowns posing as DNS experts, Clowns posing as Security experts, and no disaster recovery solution. Todd Myrick Brushing off the dust of my MVP status. From: joe [mailto:[EMAIL PROTECTED] Sent: Thursday, January 19, 2006 3:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience When I read Al's post I thought of you Wook, I figured, hey Wook could use a creative presentation name... ;o) I would say When Bad Things Happen To Good Directories is more on par with When Bad Things Happen To Good People, say like when your nanny gets a flat tire. When Good Directories Go Bad is more like when yourgood little daughter hits her teen years and starts going out to parties in fish net stockings and Big Red gum. :o) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Thursday, January 19, 2006 2:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience Importance: Low Sorry, I already did that one. My first DEC presentation was entitled When Bad Things Happen To Good Directories. J Wook From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 19, 2006 8:02 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Gauging AD experience when good directories go badsounds like a catchy title for a presentation, Joe. I think of directories and identity management infrastructures a little like networks: you rarely do get to design one from scratch, youre always tweaking an existing one. And I agree that tweaking the existing ones are a lot more interesting than designing from a blank slate. The analogy could be taken too far, but like networks, directories and authentications systems are always morphing due to new technologies, new tools, adding or removing applications. Lots of fun. Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com From: [EMAIL
RE: [ActiveDir] WebAdmin Tool Setup
My team used that tool briefly when we first deployed our Active Directory in 2002. As I remember we had to make a number of modifications in order for it to work, and it was a good little tool once we got it working. Eventually when we moved to .NET Framework and ASP.NET, we wrote a custom tool similar to that for our environment. r/ Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Sunday, January 15, 2006 8:10 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] WebAdmin Tool Setup Hello: I have been playing around with the WebAdmin (Build 13) tool that was posted to the list a few months ago. While I can get the basic site to work, I get some errors when trying to actual make a change (or add, delete, etc) to an object in the domain. I seem to be getting a lot of HTTP 500 errors which when I turn off the friend errors in IE, say: error '8007001f' /webadmin/Lib/Main.asp, line 1434 My Googles for that error do not turn up anything meaningful: lots of stuff about Windows Media Player and Windows 95. Any thoughts on what might be the problem? Thanks. -- nme -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.18/230 - Release Date: 1/14/2006
RE: [ActiveDir] FSMO role transfer
Hey Rich - no need to script one yourselfRobbie's cookbook recipe 3.25 and 3.26 deal nicely with FSMO roles. 3.26 contains VBScript and Perl to transfer FSMO roles. http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/src/03.25-find_fsmos.vbs.txt http://www.rallenhome.com/books/adcookbook/src/03.26-transfer_fsmo.vbs.txt r/ Lou -Original Message- I was curious to see, with all these posts, no one ponied up with a real script to help out all these folks who are 1) not scripters and 2) amazed that moving the roles could be that easy. (I would post one but I have not actually scripted this... it's not currently my job :) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] FSMO role transfer
The links might have wrapped...a casualty of the mail system - in either case go direct to rallenhome.com and follow the hyperlinks from there down to the book's source code, and then to those recipes. Hope that helps! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, December 01, 2005 1:46 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] FSMO role transfer Your links did not work -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, December 01, 2005 11:34 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] FSMO role transfer Hey Rich - no need to script one yourselfRobbie's cookbook recipe 3.25 and 3.26 deal nicely with FSMO roles. 3.26 contains VBScript and Perl to transfer FSMO roles. http://www.rallenhome.com/books/adcookbook/code.html http://www.rallenhome.com/books/adcookbook/src/03.25-find_fsmos.vbs.txt http://www.rallenhome.com/books/adcookbook/src/03.26-transfer_fsmo.vbs.txt r/ Lou -Original Message- I was curious to see, with all these posts, no one ponied up with a real script to help out all these folks who are 1) not scripters and 2) amazed that moving the roles could be that easy. (I would post one but I have not actually scripted this... it's not currently my job :) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Found: Integer to Date conversion for User Properties
Nevermind actually found something here: http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx which will do just fine for me From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 30, 2005 3:51 PM To: 'ActiveDir@mail.activedir.org' Subject: Integer to Date conversion for User Properties Hi everyone, Does anyone have a handy script/function to convert the integer stored in AD User Fields like lastLogon and pwdLastSet to a date? Thanks in advance! Regards, Lou
RE: [ActiveDir] Disable inactive accounts
A few years back I wrote a program called Purge Walker which did that. It ran as a Windows service and let you specify how old an account was before it was disabled. It determined this by using the last password set date and if the password was expired by more than xx days, the account was moved to a Purge OU for holding. We had another service that ran on just the Purge OU and deleted accounts after they had been in there for 90 days. The process had a few safety features in to keep things recoverable if needed. For example, before an account was moved to the Purge OU, the properties for that account were dumped out to a SQL table to make for easy programmatic restore (I even had a program called Lazarus that handled that) of a Purged account if the person had extreme circumstances. That whole program was 3 years ago at a previous employer...otherwise I'd post the program link here...but to answer your question, yes it is possible to successfully automate the process of disabling inactive accounts. Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ravi Dogra Sent: Friday, November 18, 2005 9:27 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Disable inactive accounts I have Win2k3 servers with latest updates. i have no worry about that. Yes offcourse i will exclude service accounts and my external users from such list. i have some such clients too. But the thing is that how can i do this? Is there anyone who has succesfully automated the process of disabling inactive accounts. can any one help with that. Thanks RD List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Recommendations for a DOD wipe of a RAID Array?
The best part about breaking open a hard drive is those super magnets inside - got a bunch of them as fridge magnets, nothing beats 'em! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers Sent: Thursday, November 17, 2005 9:47 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommendations for a DOD wipe of a RAID Array? If you don't want the drives anymore, you could just do an Office Space* on them! *Take them out back and clobber 'em with a nice big sledgehammer. If you break the platter, nobody's going to get data off of it. -- Larry Wahlers Concordia Technologies The Lutheran Church - Missouri Synod mailto:[EMAIL PROTECTED] direct office line: (314) 996-1876 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Corporate Directory
You could modify the script below to extract phone/contact information stored. The original script is from Robbie Allens Active Directory Cookbook I modified it slightly to output to a text file rather than on screen. I use this one to print lists of delegated OU Admins. ' This _vbscript_ code prints the nested membership of a group. ' --- ' From the book Active Directory Cookbook by Robbie Allen ' Publisher: O'Reilly and Associates ' ISBN: 0-596-00466-4 ' Book web site: http://rallenhome.com/books/adcookbook/code.html ' --- ' Modified from the original by Lou Vega - 24 Oct 2003 ' Modifications made: Added GetStringBetween function ' Added ability to output to text file ' --- ' -- SCRIPT CONFIGURATION -- strGroupDN = cn=OUAdmins,dc=MYComponent,dc=MYBRANCH,dc=mil ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com OutfileName = OUAdminList- Replace(date,/,) .txt ' -- File Constants -- Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 ' -- Open the extract file -- Set Filesys = CreateObject(Scripting.FileSystemObject) Set Outfile = Filesys.OpenTextFile(OutfileName, ForWriting, True) ' -- END CONFIGURATION - strSpaces = set dicSeenGroupMember = CreateObject(Scripting.Dictionary) 'Wscript.Echo Members of strGroupDN : outfile.writeline --- outfile.WriteLine OU Admin List Generated on date outfile.writeline --- 'outfile.write Members of strGroupDN : vbcrlf DisplayMembers LDAP:// strGroupDN, strSpaces, dicSeenGroupMember msgbox(Success!!!) ' --- 'Fucntions used in this script appear below ' --- Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember) set objGroup = GetObject(strGroupADsPath) for each objMember In objGroup.Members 'Wscript.Echo strSpaces objMember.Name 'if instr(objMember.description,OU Admin) then outfile.write GetStringBetween(objMember.parent, LDAP://OU=, ,,) : Replace(objMember.name,CN=,) vbcrlf 'end if if objMember.Class = group then if dicSeenGroupMember.Exists(objMember.ADsPath) then 'Wscript.Echo strSpaces ^ already seen group member _ ' (stopping to avoid loop) outfile.write strSpaces ^ already seen group member _ (stopping to avoid loop) vbcrlf else dicSeenGroupMember.Add objMember.ADsPath, 1 DisplayMembers objMember.ADsPath, strSpaces , _ dicSeenGroupMember end if end if next End Function Function GetStringBetween ( str, str1, str2, s) ' This function gets in a string and two keywords ' and returns the string between the keywords Dim foundstr s1 = InStr(st + 1, str, str1, vbTextCompare) s2 = InStr(s1 + 1, str, str2, vbTextCompare) If s1 = 0 Or s2 = 0 Or IsNull(s1) Or IsNull(s2) Then foundstr = str Else s = s1 + Len(str1) l = s2 - s foundstr = Mid(str, s, l) End If GetStringBetween = foundstr End Function 'End Script ' --- Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert Sent: Tuesday, November 15, 2005 10:05 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Corporate Directory I would like to use the data stored in Active Directory to generate our corporate phone list. I cannot figure out a way to access that data. Maybe that is by design. Can anyone offer assistance on how that data can be accessed to add to a crystal report or a query or something? Thanks Todd Hofert IT Director Spartan Graphics, Inc. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
RE: [ActiveDir] Track User Disk Space
One quick and free way - use Windows Search to show all files created/modified during the last 2 days. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Thursday, November 10, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Track User Disk Space Someone dumped 2 GB of data on a file server since two days ago. This is unlikely and not normal in my environment. What is the best way to find out other than comparing folders by folders? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Web Servers
I ran into the same issue when trying to host a classic ASP site on the same box as a WSS site. I ended up having to exclude the classic ASP sites path from SharePoints managed paths in order for things to work. Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Thursday, November 03, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Web Servers Has anyone been able to figure out how to install multiple products to a single web server? I have noticed that if I want to have MS SUS, SharePoint Services and Microsoft eLearning Library all on the same server, they all want to install to the Default Web Site and I cant get them to work. Besides buying a separate server for each program, how can I get them all on the same webserver? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED]
RE: [ActiveDir] disabling users
Any programmer can write code that a computer can understand. Professionals write code that other programmers can understand. (From MSDN Code Camp Speaker Les Smiths presentation on Refactoring code) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, September 22, 2005 10:10 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] disabling users Any language can be done in a write once, read never format. Readabilty is a function of the person writing the code, the language can only help you accomplish what you are trying to do and are capable of. If I saw code that was tough to read, in any language, I stick the blame firmly with the person who wrote it, where it belongs. I have run into situations where I have seen thousands of lines of _vbscript_ that I simply threw away because the logic couldn't be followed due to how the script was written, generally I replaced it with hundreds of lines of clearly written perl that anyone could read. If you write perl well, it can be nearly self documenting. But that isn't enough, you still comment the code to explain intent and what the purpose of different things is. IfI had to argue for a least readable language, I would argue for cmd batch, but again, it is about the person writing the code, not the language the code is written in. I have even seen ASM that was written so cleanly and well with comments that anyone could follow it. I think the problem a lot of people have with perl is its flexibility. TIMTOWTDI. It is the core design of the language, a loop can be done in many different ways instead of 1 or 2 ways that someone may be used to seeing. For some people, giving flexibility to them is like giving them a longer and longer rope to hang themselves. As I once read in one of the books or heard from a friend or something... Perl is like playing the guitar, you can usually do something pretty quickly, but the really cool stuff will take practice. But on the positive side, it is possible to do the really cool stuff and usually in a way that makes you feel good. I just had a bit of a conversation with one of the Exchange Dev folks who was saying that with Monad, if I want to get some piece of info about a mailboxfrom an Exchange 12 server I have to return all of the info from the server and then filter out what I don't want to use. The reason given was that is the Monad way... I visualize that like trying to output whenChanged of an object and having to pull all attributes of the object to do so. There is a tremendous hit to efficiency if that is the way it is done. The big thing that scared me though was the comment... that is the Monad way... What is the way? To assume you have unlimited bandwidth and time so you can befat and inefficient? joe[1] [1] Slowly emerging from being way too submerged in work and other things... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Thursday, September 22, 2005 2:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] disabling users Honestly, I'd avoid perl like the plague. Its about the least readable language on the planet - especially if you haven't touched a script for a few months. As was already suggested, python is a pretty good cross platform option. Roger Seielstad E-mail Geek From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, September 21, 2005 3:56 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] disabling users you don't think one can get by in IT with just one lang? can't you do everything in perl that you can do in _vbscript_ and then some? I'm sure you can get by on windows with just perl. i'm in a multi platform enviorment and frankly i just don't have the time to learn both _vbscript_ and perl. i would end up just knowing both a little and badly. my brain can't keep jumping from one to the other and in scripting, if you don't use one lang for a while, you forget it. in which case i'd just end up bugging you guys on this list again for examples. i'd like to get to the point where i can do it myself and trying to learn both will never work for me. i have a hard enough time keeping as much as i can about windows and AD and exchange and some linux stuff in my head. 2 scripting langs will make my head explode. i'll never remeber them at all. i just need to learn one and devote myself to learning it well instead of being a scripting jack of all trades and master of none. as to perl books, then where can one lern COM on perl? thanks alot guys! On 9/21/05, Brian Desmond [EMAIL PROTECTED] wrote: Joe Richards might know some Win32 Perl resources. _vbscript_ isn't that hard, really. If you know the COM ADSI stuff for Perl as far as methods, names, etc, its just
RE: [ActiveDir] Firewall
I have a small network but using a Cisco Pix to protect the network. The Pix is fairly easy to manage once you get used to the PDM and console configuration isn't bad either if you prefer no GUI. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Wednesday, September 21, 2005 7:58 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Firewall For small networks with 250 nodes or less, what/how are you all protecting your servers? Windows firewall, 3rd part vendor, or just standard Windows security? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] w2k domain - sp3 to sp4
If you use delegation then read over this entry: http://msmvps.com/ulfbsimonweidner/archive/2005/05/29/49659.aspx When I upgraded to SP4 (seems so long ago) I ran into this Gotcha and was able to fix the permissions nightmare that was created with some help from Microsoft. That's about the only thing that stands out in my mind as a bad memory upgrading to W2K SP4. Regards, Lou Finally, South Carolina gets a code camp! For details, or to sign up, please visit http://www.gcnug.org/codecamp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: Wednesday, August 17, 2005 1:20 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] w2k domain - sp3 to sp4 Our AD is based on Windows 2000 sp3 machines. With the advent of the ms05-039 worms our computer security people are requiring that all Windows systems have the patch applied or lose network access. Since the patch isn't available for sp3 we want to apply sp4 (and patches). Is there anything we should watch for in doing this? tia, al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] lots of issues
Tom, I'll respond off-list with a process I used in a similar situation a few years ago...off-list since it does border on hacking but since you have physical access to these boxes it should work. Regards, Lou Finally, South Carolina gets a code camp! For details, or to sign up, please visit http://www.gcnug.org/codecamp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 3:00 PM To: activedirectory Subject: [ActiveDir] lots of issues This company is in a jam i've yet to have seen. They outsourced AD/Exchange and when they tried to get it back, the outsource firm demoted their DC's that are phyisically present at the company. some of these former DC's dhcp and dns. now no one knows the local admin password and connectivity between the root has been severed. no one wants to go the linux pw disk route because they can't reboot the server. there's no way i can get local system access to this server that i can think of. is there any other way to change or get the local admin password of what is now essentially a stand alone server? i know this is bodering on hacking so i understand if i get no response. just curious if there is a way to do this without a server reboot. thanks a lot. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Domain Report Manager
Hello all, I know the subject comes up now and again on the list of whether or not someone knows of a good, easy to use and *free* tool for performing a domain wide inventory of hardware and or software. I found this yesterday when I was looking for ideas to update my current scripts after inheriting the project of documenting someone else's domain. It's called Domain Report Manager; it's free and available here: http://www.mousetrax.com/Downloads.html#DomainReportManager The VBScript runs pretty quickly and the results have been great. I'd recommend it to those of you in a similar situation of inheriting someone else's domain! :) Regards, Lou Finally, South Carolina gets a code camp! For details, or to sign up, please visit http://www.gcnug.org/codecamp List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:
I agree with Tony that the OT prefix is a good work-around for those who wish to tap the massive brain mass on this list for things not entirely AD related. IMHO the quality of the content by all who contribute on this list far outweighs the OT posts here and there. And in all the time I've subscribed to this list, there have only been a few completely off the mark posts that somehow slip in the mix...and for those there is always the Delete key :) That's my story and I'm sticking to it! Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Wednesday, July 20, 2005 9:51 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Interesting suggestion Joe. Here's my humble opinion. I think we see a fairly high level of OT posts here because the folks on the list are helpful and they know a lot about non-AD related stuff. If we were to create a separate list (certainly feasible) my concern would be that people would continue to post OT to the activedir.org list because they know that's where the people with the knowledge are subbed. I think the OT prefix works pretty well as it is. If people don't want to read the OT posts they should be able to filter them out with rules. Anyway, I'm open to suggestions from others. While we're on the topic of separate lists, I was thinking of perhaps setting up a MIIS list. I just wonder if there would be sufficient interest? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, 21 July 2005 12:08 p.m. To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Man with all the OT's today I am wondering if there is value in an ActiveDir.Org OT list? Or maybe a Not So ActiveDir.Org list? Or Anything but ActiveDir.Org list? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i Limited List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller
Hi all, Im applying W2K3 SP1 on my domain controllers after a test in my lab. In the lab and on the first production domain controllers SP1 installed fine. I have one remaining DC where the SP1 setup hangs during the backing up registry portion of the install. The hardware is the same on this final DC as it is on the other DCs a Dell 2650. The system remains responsive; however the setup just doesnt go any further (progress bar). I have left it overnight with no successful completion. Heres what Ive tried: 1) There was a system reboot before the SP1 process was started.I usually do this anyways before installing a SP 2) Machine was backed up during normal course of backups 3) When the machine came up I noticed the removable storage service did not start. Started it and its now running 4) After the 1st install failure, rebooted and successfully applied other Windows updates to the server (some IE6 ones that I had held off on) 5) Searched Google using Windows 2003 SP1 Install fails and Windows 2003 SP1 Registry backup fails. Nothing immediately jumped to mind as relevant in those searches. 6) Searched Support.Microsoft.Com with the same query again nothing that seems to match my circumstance 7) It has stalled 4 times now at the same pointany suggestions? Thanks in advance! Regards, Lou
RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller
Yeah I forgot to mention disk space the C drive has over 4GB free and the other volume has over 80GB free. Thanks for the input! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Wednesday, July 13, 2005 9:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller The first thing I would check is disk space availability. Also, every once in a great while I find the folder System Volume Information that is huge. I believe it is due to a stuck volume shadow copy operation. A reboot clears it out. HTH, Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Wednesday, July 13, 2005 7:50 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller Hi all, Im applying W2K3 SP1 on my domain controllers after a test in my lab. In the lab and on the first production domain controllers SP1 installed fine. I have one remaining DC where the SP1 setup hangs during the backing up registry portion of the install. The hardware is the same on this final DC as it is on the other DCs a Dell 2650. The system remains responsive; however the setup just doesnt go any further (progress bar). I have left it overnight with no successful completion. Heres what Ive tried: 1) There was a system reboot before the SP1 process was started.I usually do this anyways before installing a SP 2) Machine was backed up during normal course of backups 3) When the machine came up I noticed the removable storage service did not start. Started it and its now running 4) After the 1st install failure, rebooted and successfully applied other Windows updates to the server (some IE6 ones that I had held off on) 5) Searched Google using Windows 2003 SP1 Install fails and Windows 2003 SP1 Registry backup fails. Nothing immediately jumped to mind as relevant in those searches. 6) Searched Support.Microsoft.Com with the same query again nothing that seems to match my circumstance 7) It has stalled 4 times now at the same pointany suggestions? Thanks in advance! Regards, Lou
RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller
Thanks for the tip all my 2650 DCs have the same BIOS updates, RAID, etc as this one. I did not update Open Manage prior to installing on the other systems. I will read over this info and see if it can help! r/ Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart Sent: Wednesday, July 13, 2005 10:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller Have you updated the BIOS, RAID Firmware, RAID drivers to thesame level as the other machines??? Also there is an issue with Dell Open Manage and 2003 SP1 - see user notes for supported windows operating systems under http://support.dell.com/support/edocs/software/smsom/4.4/en/Readme/Readme_ins.txt?c=usl=encs=s=gen. That states you need to update Open Manage before applying SP1. HTH, _Stuart Fuller From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Wednesday, July 13, 2005 7:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller Yeah I forgot to mention disk space the C drive has over 4GB free and the other volume has over 80GB free. Thanks for the input! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Wednesday, July 13, 2005 9:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller The first thing I would check is disk space availability. Also, every once in a great while I find the folder System Volume Information that is huge. I believe it is due to a stuck volume shadow copy operation. A reboot clears it out. HTH, Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Wednesday, July 13, 2005 7:50 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Slightly OT: Windows 2003 SP1 hangs on Domain Controller Hi all, Im applying W2K3 SP1 on my domain controllers after a test in my lab. In the lab and on the first production domain controllers SP1 installed fine. I have one remaining DC where the SP1 setup hangs during the backing up registry portion of the install. The hardware is the same on this final DC as it is on the other DCs a Dell 2650. The system remains responsive; however the setup just doesnt go any further (progress bar). I have left it overnight with no successful completion. Heres what Ive tried: 1) There was a system reboot before the SP1 process was started.I usually do this anyways before installing a SP 2) Machine was backed up during normal course of backups 3) When the machine came up I noticed the removable storage service did not start. Started it and its now running 4) After the 1st install failure, rebooted and successfully applied other Windows updates to the server (some IE6 ones that I had held off on) 5) Searched Google using Windows 2003 SP1 Install fails and Windows 2003 SP1 Registry backup fails. Nothing immediately jumped to mind as relevant in those searches. 6) Searched Support.Microsoft.Com with the same query again nothing that seems to match my circumstance 7) It has stalled 4 times now at the same pointany suggestions? Thanks in advance! Regards, Lou
RE: [ActiveDir] Way OT: FTP not working for certain files...
Just a quick update - problem has been solved. Turns out it was a weird issue the DSL router firmware. Updated firmware and all works like a champ. So if anyone out there uses D-Link routers at home and experiences a similar situation...give D-Link a shout and see if you need a firmware update! Many thanks to all who wrote in with suggestions for resolution! Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Wednesday, June 01, 2005 3:26 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Way OT: FTP not working for certain files... What is the Web Server/FTP Server? And what clients have been successful? I would look into permissions due to the fact that you are unable to copy the said files to a USB drive. On 6/1/05 10:40 AM, Lou Vega [EMAIL PROTECTED] wrote: I thought it might be that too. The web server is a non-Windows one. I also attempted to take the existing files and copy them to a USB thumb drive which was FAT versus NTFS and the same files still did not copy. The file perms on the web server are set apparently correct since when I take them on a different computer they upload fine. All virus/malware scans come up negative. I've run McAfee, Symantec and AVG all with the latest definitions and engines. Microsoft Spyware reports nothing, nor does any other spyware/malware program I've run (many at this point). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop Sent: Wednesday, June 01, 2005 1:18 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Way OT: FTP not working for certain files... I think that you have to check the NTFS permissions on the current website files Regards Peter List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VB.NET AD object picker?
Robbie Allen's Active Directory Cookbook is full of great examples in VB. Check out the link to the code here: http://www.rallenhome.com/books/adcookbook/code.html I fully recommend purchasing it as well. This book as seen a lot of use while sitting on my desk! (Be sure to write your name on it using a big fat permanent marker so if it grows legs and walks you can find the culprit!) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Thursday, June 02, 2005 10:00 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] VB.NET AD object picker? Does anyone have vb.net code they would like to share? I am looking for an Active Directory object picker written in vb.net. I can find allot of C++ examples but I am more comfortable with visual basic. Thanks Yves List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Way OT: FTP not working for certain files...
Hi list - I know this is woefully OT, but I'm really looking for a solution and haven't been able to find one. Here's the situation - I have a group of 3 Windows XP Pro computers which will not FTP current website files using any of several FTP programs to include WS_FTP, SmartFTP, CuteFTP and BlazeFTP as well as the built-in Windows FTP folders. If I create a brand new file, it will upload just fine using any of those programs. If I take the current existing files and put them on another computer they upload fine using the same network connection (which ruled out an obscure Linksys router issue). Has anyone run into a similar situation in the past? I had thought it to be a Windows XP Home issue at first (so Google suggested) so I bought 3 upgrade copies of Windows XP Pro and upgraded each of them over the weekend to no avail. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Way OT: FTP not working for certain files...
I thought it might be that too. The web server is a non-Windows one. I also attempted to take the existing files and copy them to a USB thumb drive which was FAT versus NTFS and the same files still did not copy. The file perms on the web server are set apparently correct since when I take them on a different computer they upload fine. All virus/malware scans come up negative. I've run McAfee, Symantec and AVG all with the latest definitions and engines. Microsoft Spyware reports nothing, nor does any other spyware/malware program I've run (many at this point). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop Sent: Wednesday, June 01, 2005 1:18 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Way OT: FTP not working for certain files... I think that you have to check the NTFS permissions on the current website files Regards Peter List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Way OT: FTP not working for certain files...
I'll check GP - though nothing specific has been configured on those boxes...they are out of the box installs. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Importing AD into a test lab ...
One way I had done it in the past was using the LDIFDE to export users, ou's, etc. and then editing the output files to work with the new domain, (i.e., replace domain1 with domain2) and also manually removing default entries (such as Administrator accounts, etc.) Also - take care when exporting in the first place...not all fields are going to import nicely. For my purposes I just needed essentially a boatload of users migrated to the test domain and all groups, and OU's. So I only exported the following attributes on users: (Command used = ldifde -f exportUsers.ldf -d dc=MyDomain,dc=COM -r (objectClass=user) -l cn,objectclass,ou,samAccountName ) Groups and OU's had similar limitations. If I can dig up the original BAT files I used to create those LDIFDE dumps, I'll send them to you if you're interested. Hope that helps! Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McDougal, Philip H Sent: Wednesday, April 27, 2005 10:24 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Importing AD into a test lab ... Hello, I have a question concerning getting my existing AD into a test lab. I saw some help in the archives but I'd like a fresh look on the topic. I am considering 2 options, that I know of: 1. Use LDIFDE to export and import the Schema, OUs, Users and GPs into the test lab. I built a box with W2003 Standard and DCPROMO'd it up with different machine name but same Domain name. This avenue sounded pretty good but I keep getting failure errors when I try to import the ldf files saying that An attemp was made to add an object to the directory with a name that is already in use or Directory Object not found. my other choice was 2. http://support.microsoft.com/default.aspx?scid=kb;en-us;263532 But since this is a test lab, my library is not available and neither is my backup server. Plus, it's a DC and I don't want to introduce it to my existing domain. I guess I could DCPROMO it back out and then bring it into the existing domain as a standalone and then do a directed recover to it, but this seems like a huge amount of time and effort for something that should be pretty easy. Especillay for DR purposes. How many of us will recover AD to a system that has identical hardware? but I digress ;-) Any advice or ideas would bre greatly appreciated. Thanks in advance. Phil. Philip H. McDougal Application Support Engineer Jenner Block LLP One IBM Plaza Chicago, IL 60611-7603 Tel (312) 222-9350 Fax (312) 840-8879 [EMAIL PROTECTED] www.jenner.com CONFIDENTIALITY WARNING: This email may contain privileged or confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you believe that you have received this email in error, please notify the sender immediately and delete it from your system. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Anyone installed Windows 2003 (Server) SP1 yet?
If you dig through the very recent archive from this list youll find a lengthy discussion concerning many things about W2K3 SP1. As for me, Ive applied to my development domain (a DC, a Web Server and a SQL server) and have had no noticeable problems in the time Ive had it applied (since the first release date). Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B Sent: Wednesday, April 06, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Anyone installed Windows 2003 (Server) SP1 yet? Service Pack 1 for Windows 2003 server came out on the 1st of this month... it's a behemoth download at ~325MB and supposedly has a lot of improvements and new features. Has anyone had the fortitude to install it on production servers yet? If so, how's it working out?
RE: [ActiveDir] SLOWWWWWW Logons
If it's not a problem where you work (not sure about security policy, etc.) download the latest version of Ethereal (http://www.ethereal.com/news/item_20050311_01.html) and take a look at what's *really* going on. The newer version of Ethereal has some nifty new features that make analyzing the captured traffic much easier. Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 06, 2005 4:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SLOWW Logons Deleting the profile does this does it not? How would that explain the same problem on another computer? Roaming profiles are NOT being used Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Wednesday, April 06, 2005 4:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SLOWW Logons Have you tried deleting their account from the Document and settings folder then having them log back on? Back up their desktops first of course :) Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 06, 2005 12:38 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SLOWW Logons I have two users amongst 50 in a remote site that no matter what PC they login to it takes forever, but if someone else logs into that PC, they log on quickly with no problems. I have already run netdiag and everything passed, I have deleted the local profile on the computer, disjoined and rejoined the domain, changed the network card, provided a different IP address, verified I can access \\domainname\sysvol\domainname and rebooted the PC as well as all the domain controllers and the routers inbetween the sites. No ports are being blocked by anything, no changes to policies have been done, no new servers have been made domain controllers and none have been demoted. There are two Global Catalogs in that AD Site, replications is working and I have not thrown the PC out the window yet. What else could be happening here? Justin A. Salandra MCSE Windows 2000 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
FWIW - I just installed it on a test server (domain controller for a play network) and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldnt release details on this bug until they had a chance to fix it, I wont go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, Ill say this.Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesnt even generate any event log entriesall Security Policy refreshes are listed with no problems in the event log. Its not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and Ive been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a play network) and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I was only able to get Microsofts attention last year because I had originally contacted Russ Cooper and of course he has good contacts with the security team there. Ill have to dig through my mail archive to find out who it was that took the case from the security team. Deji, if you want I will provide you details off-list so you can know exactly what Im talking about. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM OK, this is news to me. Do you want it chased, or are you in a position to get a direct MS opinion on it yourself? Since ~Eric has chimed in, I think we should hand it off to him J Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 10:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldnt release details on this bug until they had a chance to fix it, I wont go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, Ill say this.Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesnt even generate any event log entriesall Security Policy refreshes are listed with no problems in the event log. Its not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and Ive been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a play network) and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADUC Export
Title: Message If youre interested I have similar code which can be dropped into a simple VB.NET form and run that way. I was doing this type of operation routinely enough that I just put the whole thing in a VB.NET app so I could pull it up on the screen for the management whenever they wanted it. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Hibbert Sent: Tuesday, February 01, 2005 3:20 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADUC Export Here is a simple recursive VB script that can accomplish this strDomain = DC=ds,dc=nplab,dc=secure Enter your DN here strOutput = enumerateOUs(strDomain) Set FSO = CreateObject(Scripting.FileSystemObject) Set file = fso.CreateTextFile(Result.txt, true) file.writeLine(strOutput) file.Close Function enumerateOUs(strDN) Set container = GetObject(LDAP:// + strDN) strOutput = strOutput Current OU vbTab strDN vbcrlf container.Filter = Array(User) For each obj in container If obj.class=user Then strOutput = strOutput vbTab vbTab vbTab obj.DistinguishedName vbcrlf End If next container.Filter = Array(OrganizationalUnit) For each Obj in Container enumerateOUs(obj.distinguishedName) Next End Function Regards Brad From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, James Sent: Tuesday, February 01, 2005 7:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADUC Export In ADUC 2003, an Export List command is available that will export the contents of the immediate OU you're viewing. Is there a way to export the full tree for an entire domain? I'd like to pull a list of all OU's, their position in the tree, and their contents. Is this possible, or just a pipe dream? -James R. Rogers
RE: [ActiveDir] OT:scsi controller errors
EventID.NET my friend http://www.eventid.net/display.asp?eventid=9eventno=2059source=adpu160mph ase=1 They almost always have the answer to my event log questions! :) Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Friday, January 14, 2005 2:32 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:scsi controller errors I'm running an active/passive Exchange2k cluster on win2kadv sp 4. lately i've been getting alot of event id 9 in the system log- Event Type: Error Event Source: cpqcissm Event Category: None Event ID: 9 Date: 1/14/2005 Time: 9:12:04 AM User: N/A Computer: CLUSNODE2A Description: The device, \Device\Scsi\cpqcissm1, did not respond within the timeout period. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT:scsi controller errors
Since this is an active/passive cluster...are these events being registered on both nodes simultaneously or one node at a time, i.e., the passive node? -Original Message- Subject: RE: [ActiveDir] OT:scsi controller errors I checked eventid.net before posting(always do). those comments refer to tape drives and other devices sharing the scsi bus OR hardware issues. the storage box is on its own bus and i checked cables,termination,flashed rom,etc. thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Migrating to Win2k3
When I attended a seminar after W2K3 first came out, the guy giving the seminar joked that the domain rename thing was there just so Microsoft could say it can be done. After he showed us the procedure for doing a domain rename and then walked us through a *simple* one with all the DC's in the same building, the class pretty much decided...Nice, but no thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ASB Sent: Thursday, January 13, 2005 8:31 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Migrating to Win2k3 Have you seen the actual requirements for a domain rename? He's going to be far more successful migrating as planned. -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Reset security on user object
I too have seen this issue crop up due to a user object belonging to an administrative group. There is a Microsoft KB article about it which may help shed some light if this is the case for you. http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott Sent: Wednesday, January 12, 2005 11:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Reset security on user object If that user was ever part of an administrative group, AdminSDHolder would have disabled inheritance on that object to ensure that it only received the security settings it was providing. If you remove that user from an administrative group, we've seen that the inheritance checkbox is not automatically re-enabled. I'd check that first, just to make sure the user object is inheriting policies from the OU. That's been our issue every time this has come up. Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Benway Sent: Wednesday, January 12, 2005 9:43 AM To: 'ActiveDir@mail.activedir.org' Subject: [ActiveDir] Reset security on user object 'somehow' inheritance on some user objects has been removed. How can I set all user objects to enable inheritance. Also how can I setup auditing for when attributes of a user object change? Thanks,jb List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Slightly OT: Pix config for AD Replication
Im working on setting up a site-to-site VPN using Cisco Pix 525s. I need to test Active Directory replication over the VPN as we will have domain controllers on each of the two sites connected via VPN. Ive been reading various articles on either setting the Pixs up for wide open communication between the DCs or for manually allowing each port needed for AD/DNS replication. Has anyone got suggestions as to the best way to proceed? Thanks in advance group!
RE: [ActiveDir] Slightly OT: Pix config for AD Replication
Actually we are restricting which IP's can use the tunnel, there are only a few hosts on each site using the tunnel to pass data back and forth. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Tuesday, January 11, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Slightly OT: Pix config for AD Replication From a security standpoint only allowing communication via specific ports is always a better option, but in the case of Active Directory you need to open so many ports to enable full communication between the DCs that it's really pointless to lock it down by port. I would recommend setting up the VPN and making sure to restrict what IPs are able to use the tunnel. Phil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Command Line Utility
Dir C:/s AllFiles.txt This will optionally dump the list to the AllFiles.txt file versus dumping it to screen Also remove/change the C: as needed (drive letter) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, December 22, 2004 3:31 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Command Line Utility Everyone, Do any of you know of a command line utility that would display all file names in a folder and all subfolders of the root folder? TIA Justin
RE: [ActiveDir] wireless AP scanner
Title: Account name as Common Name If you have the hardware and/or funds then a great solution would consist of an iPAQ with a GPS card and Mini-Stumbler (from the folks who make Netstumbler). I have an iPAQ with MiniStumbler and it picks up things nicely around the office (they arent supposed to have wireless setup here!) and around my home (where myself and several neighbors apparently have wireless networks set up). I dont have the GPS card, but one of these days*sigh* J r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyson Leslie Sent: Monday, December 13, 2004 1:07 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] wireless AP scanner It depends on how your network is built. If you have a fully switched network, you can look for ports with multiple MAC addresses. You can also look for MAC addresses that may belong to AP vendors or wireless nics, but that's a tad cumbersome, and quite unreliable. The best way though, is to grab your laptop and go for a walk... TL From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Sunday, December 12, 2004 5:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] wireless AP scanner It looks as though you have to walk around looking for APs with this. Are there scanners that actually scan the network and detect wireless devices with some sort of pre-determined footprinting that has been done? From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Fri 12/10/2004 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] wireless AP scanner NetStumbler http://www.netstumbler.com/downloads/ -gil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Thursday, December 09, 2004 11:16 PM To: [EMAIL PROTECTED] Subject: OT: wireless AP scanner Does anyone know of any free wireless access point scanners. Is it even possible to detect a wireless access point on the network without wardriving?
RE: [ActiveDir] Slightly OT: File Copy of Death
Could you just use Windows' built-in NTBackup to back up those files, etc. to another server and then do a restore to your target server? This way you get the verify option with NTBackup as well...unless I totally missed the boat here! :) r/ Lou -Original Message- I need to copy off about 150GB of data, around 2 million files, from one server to another, and preferably not sit and babysit the process from start to finish since it'll be running over the Christmas holiday. Is ROBOCOPY still my best friend for this? Or is there a JoeWare special or something else I'm not aware of that people like a lot better these days? What are folks using to do a verify-after-copy, to be sure that what you copied is actually what you -think- you copied? Laura List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: IIS Log Analysing Tool
http://www.analog.cx/download.html Analog is quick, easy to use and free as wellparses large logs really quick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rutherford Sent: Thursday, November 18, 2004 7:07 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: IIS Log Analysing Tool Hi Guys/Gals, Sorry this is OT but Im sure someone in here has experienced something on their travels. Im looking for a free (if poss) IIS reporting tool, basically to report on hits, pages, times of day, etc. Its just a favour for a small customer, so doesnt need to be flash but some pretty graphs would help. Thanks, Rob
RE: [ActiveDir] Windows 2003 Issues
EventID.NET is a great resource for digging up odd event log entry info. http://www.eventid.net/display.asp?eventid=1001eventno=1628source=Applicat ion%20Errorphase=1 That link should get you started with your Fault Bucket error. I don't work for EventID.NET but I've been a satisfied customer for about 2 years :) r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Friday, November 12, 2004 1:04 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows 2003 Issues Group, I realize that this is not specifically an Active Directory question. However, there is a lot of brain-mass in this group that may be able to assist me in resolving some issues on a server. Listed below are the only errors in the application log. Could someone point me in the direction of how to fix these issues and maybe more information on startask.exe? Thanks, Steve Event Type: Error Event Source: Application Error Event Category: None Event ID: 1001 Date: 11/12/2004 Time: 9:50:02 AM User: N/A Computer: SMS Description: Fault bucket 134869278. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: : 42 75 63 6b 65 74 3a 20 Bucket: 0008: 31 33 34 38 36 39 32 37 13486927 0010: 38 0d 0a 8.. ___ Event Type: Information Event Source: Application Error Event Category: (100) Event ID: 1004 Date: 11/12/2004 Time: 9:49:54 AM User: N/A Computer: SMS Description: Reporting queued error: faulting application startask.exe, version 0.0.0.0, faulting module startask.exe, version 0.0.0.0, fault address 0x0001f028. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: : 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 73 74 61 ure sta 0018: 72 74 61 73 6b 2e 65 78 rtask.ex 0020: 65 20 30 2e 30 2e 30 2e e 0.0.0. 0028: 30 20 69 6e 20 73 74 61 0 in sta 0030: 72 74 61 73 6b 2e 65 78 rtask.ex 0038: 65 20 30 2e 30 2e 30 2e e 0.0.0. 0040: 30 20 61 74 20 6f 66 66 0 at off 0048: 73 65 74 20 30 30 30 31 set 0001 0050: 66 30 32 38 f028 Event Type: Warning Event Source: WinMgmt Event Category: None Event ID: 63 Date: 11/12/2004 Time: 9:50:10 AM User: NT AUTHORITY\SYSTEM Computer: SMS Description: A provider, PolicyAgentInstanceProvider, has been registered in the WMI namespace, root\ccm\Policy\S_1_5_21_2121758721_1018506718_1501187911_9527, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] No properties window in any MMC snap-in?
I saw a similar issue with the IIS MMC (IIS 6 on W2K3) where property pages did not show up. I ended up re-registering the MMC and that fixed it. You may try re-installing the support tools from the OS Install CD. r/ Lou -Original Message- The strangest thing has been happening to one of my DC's. Every time I try to go into the properties of any object, be it ADUC or DNS, the window never appears. Yet when I try to close the either, it tells me that I have to close all of the property windows before closing the application. Has anyone seen this before? Mark Orlando Systems Administrator I.T. Department Linden Public Schools List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Event ID 5504
For all things Event ID related, I've usually found good answers here at eventid.net Try this solution: http://www.eventid.net/display.asp?eventid=5504eventno=642source=DNSphase =1 r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Your Name Sent: Tuesday, November 09, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Event ID 5504 Hi - (Seems like we've covered this recently, but I could find nothing in the archives) I have a W2k SP4 DNS server that keeps coughing up these errors in the DNS Event log: The DNS server encountered an invalid domain name in a packet from 206.13.29.12. The packet is rejected. That particular address is my primary forwarder, but there are others. The errors are every few minutes. Flushing the cache and restarting the service seemed to help for about 15 minutes. Also, Secure Cache Against Pollution is checked. Any ideas what might be causing these? Thanks. -- nme List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] .Net Sid conversion Function
Title: .Net Sid conversion Function There is an example here written in C#: http://www.codeproject.com/csharp/getusersid.asp (for the sid-to-string function youll need to scroll down) r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Monday, November 08, 2004 10:32 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] .Net Sid conversion Function Is anyone aware of a .Net function to convert the binary form of a sid to the string form and vice versa? I have found the c++ functions but I am trying to work specifically within the .Net framework.
[ActiveDir] AD Replication over VPN
Hello Collective List Wisdom ;) Ive just been tasked with setting up our AD to replicate over a Cisco Pix VPN. Ive assembled some links now to various Microsoft articles and Cisco articles regarding most facets of what will be involved. What Im looking for are any Gotchas from the real world versus the perfect one the writers of said articles tend to live in. Essentially setup is proposed as follows: Here 2 DCs (Windows 2003 Server) and 2 Cisco 525s (high availability) Remote Site 1 DC (Windows 2003 Server and 1 Cisco 525 VPN link between here and remote site for AD Replication, etc. As I said earlier, Im mostly looking for notes from the field covering things they DONT tell you in most articles. Im back to my light reading. r/ Lou
RE: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome
Try under: Default Domain Policy -Computer Configuration -Windows Settings -Security Settings -Local Policies -Security Options -Message Title for users attempting to logon r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen Sent: Friday, November 05, 2004 10:52 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome Hello, Running windows 2k ad and I was wondering if there is a way via group policy to Enable a Warning Message During Windows Logon Welcome. I know there is a reg hack for it, but I won't want to touch 300 desktops. Thanks. Christine List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How to Enable a Warning Message During Windows Lo gon Welcome
I'm not aware of a length limit...I know we use a fairly verbose message for our system to the tune of 1185 characters in the logon message. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen Sent: Friday, November 05, 2004 12:16 PM To: 'Tomasz Onyszko '; '[EMAIL PROTECTED] ' Subject: RE: [ActiveDir] How to Enable a Warning Message During Windows Lo gon Welcome anyone have any idea if there is a character limit for the text? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] How to Enable a Warning Message During Windows Logon Welcome
Good point! And thanks - that was better than getting whacked with joe's big stick ;) *hides* -Original Message- You should never modify the Default Domain Policy, instead create a new one. Jared Manhat Systems Administrator Accutest Laboratories List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Notification containing new password
In order to meet your requirement of being able to login as the user with their profile, why not just login to the DC as admin, reset the password on that user account so you can login and then when the user gets back have them change it? You have a small enough shop where this would seem feasibleand you wouldnt have the additional headache of trying to manage all their passwords. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Crape Sent: Wednesday, November 03, 2004 1:22 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Notification containing new password Hi Group, I have already delved into the archives and I couldn't find quite what I was looking for. It is very possible that I looked over it, and if I did I apologize in advance. Now, to my question: We are a fairly small shop here (about 40 users) and the traditional way of doing a password change was to collect new passwords from everyone and then I change them in AD as well as in a couple of other places (i.e. like synchronizing them with our non-Exchange mail server). We did this so that in case somebody was away on vacation and we needed to log on to their computer (with their profile) we could do it. It saves the hassle of say, logging in with a domain account and then manually opening up a PST file or something like that. I would like to have the user's change their own passwords, but I would also like to be able to know their new passwords. We have had numerous issues in the past with people telling us their wrong passwords, so I would like to get it straight from AD if possible. Right now the only solution I can see is cracking all of the passwords, but that isn't the most feasible way. Does anyone know of a solution? Maybe something like an email generated by some sort of script with the new password? Sorry if this email dragged on for a bit. Any help is appreciated. Thanks.
RE: [ActiveDir] OT: Training
Depending on how comfortable you are with Windows 2000 already, you may look into the Microsoft Class 2665B: Introducing Microsoft Windows Server 2003 to Windows 2000 Server IT Professionals. I took that class about a year ago (it's a 2 day seminar) and it proved pretty helpful in getting an overview of the changes W2k3 brings to the table. Granted, one will not be an expert on W2K3 after attending this but for my purposes it was enough to get me going. The class was pretty inexpensive and only 2 days...and the instructor I had was great. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Friday, October 29, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Training Hi, Can anyone recommend a good training class designed to cater for those looking to increase their skill set specifically for upgrading a Windows 2000 network to Windows Server 2003? Thanks in advance. Firefox - Make the switch today and rediscover the web List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADPREP question
The ADPREP /forestprep is only supposed to generate a small amount of replication traffic. If you attempt to run the domainprep portion of it before replication is complete you'll receive notification that it's not complete yet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, October 29, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADPREP question Once I run the ADPREP /forestprep do I have to run the /domainprep in every domain right away or can I wait a few days? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADPREP question
Looking back I can see I misread your question - According to Microsoft, once you run ADPREP on the forest and domain you can wait an infinite amount of time before upgrading the domain controllers, etc. to Windows 2003. I didn't see a specific mention regarding what you've asked about running them a few days apart. Sorry :| (this link has some more info http://tinyurl.com/693rt ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, October 29, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADPREP question Once I run the ADPREP /forestprep do I have to run the /domainprep in every domain right away or can I wait a few days? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization
Howdy folks, short attention span summary I start out with a 16GB OS partition cleanly formatted and install Windows 2003 Server. At the end of installation, I have just about 500MB disk space free. Has anyone seen this before? /short attention span summary This has been a bit of an annoyance for a few days now. I have a Dell 1655MC Blade server which I'm installing Windows 2003 Server on. I boot from the CD and perform a clean install - wiping out previous partitions, formatting, etc. Now the disk space numbers are correct for my partitions during the setup (16GB OS partition and 60GB applications partition) but after I complete the install of Windows 2003, it shows an available disk space report of just 500MB left on that 16GB drive with JUST the OS installed. I've begun a search on Google (Windows 2003 Installation Low Disk Space and variants) but maybe I'm not searching with the proper query. Has anyone else seen this? Regards, Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization
Yes - in Disk Management the boot partition shows up as the correct 16GB size. Even more puzzling is looking at the volume through the Defragmenter tool...it shows nearly ALL white space, i.e., unused space on the drive. -Original Message- [ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization If you go into Disk Management, can you see the boot partition at the correct size - 16GB? Is there a disk quota on that drive? BR Rob List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization
Sorry - Forgot to answer 2nd question - No disk quota is set up on that drive. -Original Message- Is there a disk quota on that drive? BR Rob List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization
Tony - No huge page file. I checked that too (Curiouser and curiouser!) ASB - Thanks for the link, I'll try some of those tools and see what I discover. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high disk space utlization
Rebooting from a CD and running recovery console...I ran the CHKDSK and it reports 322,932 KB free. Moving up to the root of the C: volume and doing a simple DIR shows 330,682,368 bytes free - both these numbers are in line with the roughly 314MB shown free in Windows. But my bad luck continues - once I exited the recovery console and booted in to the Server OS, I'm back down again...266MB free (which is still better than I started with...but there goes my theory about rebooting enough to reclaim my space! ;) -Original Message- Just humor me and boot up with a boot disk, outside of windows and check the space again. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utilization
Here's the process that lead to this strange happening: 1) Took an existing Dell 1655MC Blade Server with a 16GB partition and 52GB partition that had previously been a Windows 2000 server. 2) Booted up that system with the Windows 2003 Install CD 3) Wiped out partitions and re-created them. Quick and easy way to get rid of all the other stuff that had been on that test server. 4) Elected to install on the 16GB C: partition...including a format with NTFS. 5) Went through the entire Windows 2003 install process (not the express setup, custom setup) 6) Once Install was complete, the low disk space warning popped up when I logged into the system. 7) Figured it must be temp files from install or something so re-booted. 8) Re-logged in, still had low disk space warning, but went to apply patches via Windows Update. 9) Rebooted after all 26 patches were installed. 10) Puzzled by the low disk space...turned to the collective wisdom of Google first and when that failed to turn up anything I turned to the collective wisdom of this group :) To my knowledge there are no other tools on the system - Hardware checks using the Dell utility partition declare my disks to be fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, October 27, 2004 12:48 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utilization What was the goof? Heck, what was the process that got you there in the first place? Sounds like you may have a strange tool or a hardware issue. Details would be helpful. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utlization
Actually that is along the lines of my next step - hitting up Dell to see if there are BIOS updates for this series of servers. I didn't think initially that BIOS issues would be the culprit here since I have 3 other identical servers (hardware wise) running Windows 2003 that did not have this issue. Who knows though...stranger things have happened! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, October 27, 2004 1:05 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utlization Here's a few things to check that may be of interest here: 1) Check your disk controller bios. Verify it's properly setup. 2) check your disk spindle bios. Verify it's properly setup. 3) check your block sizes. Make sure you have the proper disk block sizes. I've seen some screwiness when you use the wrong block sizes and as a theory, that could be involved in your problem. 4) If I didn't mention it before, check all the bios' disk, array controller, server, etc. 5) If this is not a clean CD install (you have other apps on there) you may want to check this with an out of the box version. If it is clean, check the bios for the disk, array controller, server etc. I think that should be helpful. Al List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utilization
Initially Windows controlled it and had it set at 200MB. I then manually set it to 200MB and rebooted no change. Windows is once again managing it and reports only a 49MB page file now. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Lee Sent: Wednesday, October 27, 2004 1:45 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utilization How much space is being allocated to the page file?
RE: [ActiveDir] OT: Windows 2003 Clean Install results in high di sk space utlization
I thank all who wrote back with suggestions to help me...in an effort to regain my sanity I'm slicking this system and starting fresh. The CHKDSK/R did not find anything wrong - still low disk space. I had unchecked hiding hidden and system files...no weird large files were found. Time for me to see if this is a repeatable problem... -Original Message- One more thing you might look at make sure you can see all the hidden and system files on the box, do a select all and then right click on properties and see what total size and size on disk being used by the files is. Then compare it against what is being reported as used space by windows. I once had an alternate data stream get into a box and that had similar symptoms. Robert List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows 2000 Domain ADPREP considerations
Does anyone have a good short attention span answer to which hotifxes I might need on a Windows 2000 SP4 Domain Controller prior to running ADPrep? I remember this KB article from earlier, but this seems to refer to SP3 and earlier unless Im reading wrong (could be my mind has decided to take an early weekend!) http://support.microsoft.com/?kbid=331161 In my own twisted sense of logic it would seem that with SP4 I dont need additional hotfixes specific to running ADPrep, but wanted to run this by the collective wisdom of the group for good measure. Thanks in advance. Lou
RE: [ActiveDir] Windows 2000 Domain ADPREP considerations
Sweet thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Friday, October 22, 2004 2:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2000 Domain ADPREP considerations no additional hotfixes required for either SP3 or SP4: Service Pack Description Hotfixes required Service Pack 3 Resolves the potential data deletion problems and the two performance related issues. N/A Service Pack 2 Resolves the potential data deletion problems but still requires the two performance related hotfixes. QFE300642 QFE307219 Service Pack 1 Are vulnerable to the data deletion and performance related problem following the execution of ADPREP. QFE303077 QFE300642 QFE307219 /Guido
RE: [ActiveDir] groups vs attributes
Title: groups vs attributes I may be missing something in the reading, but why not just query AD based on the username and determine if that user object is a member of the group in question instead of returning a list of all users for a given group? Another possibility (one you may well have thought of already but didnt mention) is that you can filter your search [searcher.Filter = ((objectCategory=user)(sAMAccountName= Trim(userName) ))] r/ Lou
RE: [ActiveDir] [OT] Windows 2003 Print Server Question
If you happen to have/use MS Office 2003, the MS Office Document Image Writer virtual printer driver that should accomplish this for you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain Sent: Friday, October 15, 2004 1:57 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] [OT] Windows 2003 Print Server Question Hi Guys/Gals: Sorry for the OT topic but I have nowhere else to turn. I have been asked to create a print queue that users print to that prints to a file and overwrites the same file over and over. This is to test a program and save paper. Any ideas? Thanks! Kind Regards, Jennifer Fountain RB Distribution 3400 E Walnut Street Colmar, PA 18915 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Smart Card Binding to AD User Account
OK - I have a basic setup in the lab, but is there any way to auto-map a certificate to an AD account? The way of the lab has me manually setting up the relationshipsnot a practical solution when you have more than 1000 accounts to map in such a way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Boza Sent: Tuesday, October 12, 2004 1:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Smart Card Binding to AD User Account Setting it up and having it work for users is actually pretty simple - have a go in the lab and you'll see that. Your hardware vendor may have some practical recommendations that you should consider as well. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Smart Card Binding to AD User Account
That would rock - if I had a common client PC configuration...I'm dealing with a large user base that has a variety of Microsoft OS's installed (Windows XP, W2K Pro, etc.). Thanks for the pointer though, I think I can leverage that for another smaller project down the line. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- Subject: RE: [ActiveDir] Smart Card Binding to AD User Account Something like this? http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/certenrl.mspx #EIAA -Original Message- Subject: RE: [ActiveDir] Smart Card Binding to AD User Account OK - I have a basic setup in the lab, but is there any way to auto-map a certificate to an AD account? The way of the lab has me manually setting up the relationshipsnot a practical solution when you have more than 1000 accounts to map in such a way. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Smart Card Binding to AD User Account
Now THAT looks promising...back to the lab! -Original Message- You also might want http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncapi/ html/certenrollment.asp for more custom functions. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Smart Card Binding to AD User Account
Does anyone out there have good resources documenting how to setup/bind Smart Card certificates to an AD user account? The end goal is to set up a web server so that a user has the option of logging into a secure web site using their smart card (binding those credentials to their existing AD account). I have a working solution based solely on a user database (non-AD), but figure there must be a way to do this with AD as well. So far I've found: http://tinyurl.com/4me5l on Microsoft which is a starting point since I'm using a 3rd party certificate. Any help is greatly appreciated! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Smart Card Binding to AD User Account
Nothing in practice yet as I'm still researching my options and haven't implemented this in a test domain yet. Mostly looking for from the field stories based on other's experience with this. I hope to stand up my test domain this afternoon and begin working within the scope of the article. r/ Lou -Original Message- Outside of what you read and the whitepaper at the end of the article, which parts are giving you the most trouble at the moment? Al List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] HOSTS file modification via GP?
Though not specifically mentioned in his original posting, one reason for possibly wanting to push a HOSTS file across to all clients in an AD domain would be to update it with a known list of hostile URLs much like described at: http://www.mvps.org/winhelp2002/hosts.htm . This way you are proactively working to stop some of those nasty beasties from entering your network. Just a thought. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Boza Sent: Tuesday, October 12, 2004 3:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] HOSTS file modification via GP? Wouldn't you rather just point them to the right DNS server? If not, you can script around this sort of thing easily enough via a copy or even an append sort of function. Then call the script from a GPO. Probably you'd want to copy the updated HOSTS file from a central location, overwriting the existing file. I don't think a GPO will deal with a HOSTS file directly. But really - wouldn't you rather use DNS? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Tuesday, October 12, 2004 2:48 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] HOSTS file modification via GP? Is it possible to modify each clients HOSTS file via Group Policy? If so, how is this done? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.
RE: [ActiveDir] Minimum Password Age
Title: [ActiveDir] Minimum Password Age We had a similar problem in a previous organization I worked at. What I proposed was to set the maximum (24) passwords remembered to make it rather prohibitive for a user to cycle through to their original password. Then to keep complaints down about having to come up with a new password all the time (passwords expired every 90 days), I developed a random pronounceable password generator for the organizations intranet (producing passwords like ^Jexupak99, @Satobiz77, etc.) so that the passwords met the organization requirements (Special chars, upper/lowercase, numeric, etc.) without being some gibberish password that they would end up writing down. We tried it for a bit and eventually backed off the 24 remembered passwords without telling the usersI think it was still set at 10 when I left. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Riddle Sent: Monday, October 04, 2004 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Minimum Password Age Dean's explinationis why we implimented the minimum password age. We use tohave the number of passwords remembered set at 3, so users would just change their password 4 times in a row (the 4th time setting it to what it was originally) so they could keep using the same password. One person figured this out and spread it around the plant. *sigh* From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, October 04, 2004 10:11 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Minimum Password Age Minimum password age is most often used to prevent users from deliberately cycling their passwords in order to allow their recently expired password to be re-instated. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, October 04, 2004 12:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Minimum Password Age In addition to that, any particular reason you would set the minimum password age to 15 days?? Wouldn't you want your users to be able to change passwords whenever they wanted and at least every 90 days? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Boza Sent: Monday, October 04, 2004 11:33 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Minimum Password Age Nope, it shouldn't work like that. I just tested it in fact with your settings and the result I get is what I expected - they are prompted with a message that they are required to change their password at first login. The password change then works fine. What error are they getting? Any events on the DCs? From: [EMAIL PROTECTED] on behalf of Travis Riddle Sent: Mon 10/4/2004 10:54 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Minimum Password Age Our password policy is set up as follows: Minimum 8 characters Remember 6 passwords Maximium Password Age 90 days Minimum Password Age 15 days Require Complex passwords Windows 2003 3 Sites GC at each site So we just created approximatly 50 new users and assigned them a semi-generic passowrd that they need to change upon login. The problem is they cannot change their password upon login because it hasn't been 15 days since the password was created (I assume). Is this by design? If so how do you get around it? How am I suppose to create new users in the future if this is the case (besides creating them 15 days in advance) My first guess at a solution to this problem is to change the minimum password age to 0, allowing users to change their password immediately. I tried this and forced a refresh on the machine policy with no luck. Does anyone have any ideas of what to do? I now have 50 users that were suppose to be able to be working today not able to log in unless we change their password to NOT change upon login (so they all have the same easy to use password). Am I missing something simple? Any idea's are appreciated. Thanks, Travis List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADSI DC W2K3 [?? Probable Spam]
I havent run into this type of problem in either W2K or W2K3 DCsthough I havent used the WinNT provider in a long time. Any chance you can post the complete snippet of code and the error being returned? I know one thing to keep in mind with W2K3 you many need to use ADS_SECURE_AUTHENTICATION when bindingI had to update some of my code that way. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 13, 2004 1:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADSI DC W2K3 [?? Probable Spam] Sensitivity: Private Any, only that the developer´s use that in many case. Thanks anyway From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Monday, September 13, 2004 1:45 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADSI DC W2K3 Sensitivity: Private No, but I don't use the Winnt provider either. Any particular reason to use the winnt provider vs. the LDAP provider? Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 13, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADSI DC W2K3 Sensitivity: Private Hi List, I have problem wiht ADSI script inside an *.asp when it validate over a Windows 2003 Server STD DC, if the consult is to a Windows 2000 Server DC, it´s OK. Any have similar problem ? The domain is Windows 2000 Native. For instance set Ad = GetObject(WinNT://DomainName/UserName) response.write ad.fullname Thanks. AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de REPSOL YPF S.A. y/o subsidiarias y/o afiliadas. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, disseminastribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from REPSOL YPF S.A. and/or subsidiaries and/or affiliates. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de REPSOL YPF S.A. y/o subsidiarias y/o afiliadas. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, disseminastribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from REPSOL YPF S.A. and/or subsidiaries and/or affiliates. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
RE: [ActiveDir] Logon types
Perhaps the confusion lies with the fact that even after the drop down is grayed-out when you user [EMAIL PROTECTED] to login, it still says either Workstation or the domain depending on what was selected prior to typing in the [EMAIL PROTECTED] login info. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Friday, September 10, 2004 12:18 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Logon types You can't do that. If you type in user@ the domain dropdown box is grayed out and does not apply. The login process uses the information after the @ sign for where to authenticate you, so as long as you are typing in a valid UPN you will get authenticated to the domain just like you do if you type in username, password and choose a domain from the dropdown list, Phil List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] New Windows Update
While building a test-lab machine yesterday I noticed the V5 windows update site. It changed on me while applying patches from the site... Haven't noticed any problems with it - then again I haven't put SP2 on this lab box yet. Creamer, Mark writes: Anyone noticed Windows Update changes yet? It prompts to install new software for improvements, which seems to go fine. But then when searching for available updates, it tells me the dreaded We're Sorry a system error has occurred or some such. XP machine, Sp1 + patches through last weekend. Anyone having similar issues? Or is this because of the SP2 block registry hack I have on my XP machines? If so, it's not a very user-friendly way of explaining the issue :-) Mark Creamer List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LSASS.EXE!
Are you using Windows 2003 Server or Windows 2000 Server? Also do you have event log info that you could post which corresponds to these shutdown events? r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Tuesday, July 27, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] LSASS.EXE! Ok I have been having this problem for quite a while and I have been ignoring it because I thought it was just a freak error. My main directory server has been saying lsass.exe application error then I click OK then it says its going restart in 60 seconds. I have checked for all the viruses, sasser, blaster and all of the above. All the updates have always been up to date, sophos anti virus always runs on it. I have no idea what to do next, I am starting to get scared since it is my main directory server. -- Jacob Stabl Network Engineer Plain Local Schools http://eagle.stark.k12.oh.us Work: 330.492.3500 x.383 Cell: 330.495.7243 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Brian Desmond's Posts
Title: Brian Desmond's Posts I used to have problems with some of the PKI signed mail tooI forget what I did to fix it, but my short term fix had been to simply forward the message in question to a web based e-mail freebie like Hotmail or Yahoo and read it there unhindered.eventually I stumbled onto a setting or something that allows me to view them normally in my mail clientbut just what setting, etc. escapes me at the moment -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rutherford, Robert Sent: Thursday, July 15, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Brian Desmond's Posts Am I the only person who can't open Brian Desmond's mails due to PKI issues I guess? This e-mail and the information it contains are confidential and may be privileged. If you have received this e-mail in error please notify the sender immediately and delete the material from any computer. Unless you are the intended recipient, you should not copy this e-mail for any purpose, or disclose its contents to any other person. The MCPS-PRS Alliance is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. Whilst the MCPS-PRS Alliance monitors all communications for potential viruses, we accept no responsibility for any loss or damage caused by this e-mail and the information it contains. It is the recipient's responsibility to scan this e-mail and any attachments for viruses. Any e-mails sent to and from the MCPS-PRS Alliance servers may be monitored for quality control and other purposes. The MCPS-PRS Alliance Limited is a limited company registered in England under company number 03444246 whose registered office is at c/o 29-33 Berners Street, London, W1T 3AB.
RE: [ActiveDir] SP4
In my W2K domain the only SP4 problems were related to nested security groups and delegated permission's that were erased when I applied it on the DC's. See http://support.microsoft.com/default.aspx?scid=kb;en-us;817433 for more info on that. To fix the problem I re-applied the delegated permissions. I didn't encounter any problems on any of my other W2K servers after applying SP4. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, July 14, 2004 1:13 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SP4 So I guess it is safe to say that SP4 should be safe to deploy since not to many people have posted problems with the SP here on the list and I have not seen too many things written about problems arising from it.? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] bad logons
FWIW - Lovegate has been modified again: http://www.computerworld.com/securitytopics/security/virus/story/0,10801,942 90,00.html?nas=SEC-94290 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 06, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] bad logons seems to mostly be w32.spybot.worm and [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] User Icons
I remember asking the same question myself a while back this article should shed some light on it for you: http://www.winnetmag.com/Article/ArticleID/21073/21073.html r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Monday, June 21, 2004 1:55 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] User Icons I am looking at group memberships in various groups in my AD structure and notice some user icons are dim or gray looking. What does this mean? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 image001.jpg
RE: [ActiveDir] Software Restriction Policy
While it doesn't directly address a solution to your GPO problem - this may be an alternative... http://www.aspenterprisemanager.com/ Regards, Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Sent: Friday, June 18, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Software Restriction Policy I have a GPO to prevent all types of MMC's to be opened by anyone other than an administrator. This works well except that we have a Enterprise Manager installed on workstations to communicate with live SQL Servers. MSSQL uses a MMC to open Enterprise Manager. How can I allow the technical support department to open EM on their workstations without removing the snap-in policy or prohibiting each snap-in individually within the policy? It seems like I would have to install EM on the DC in order for it to recognize the EM MMC Snap-in so that I could exclusively allow it. I would think that there is another way. I have removed the GPO policy for the snap-in's since I don't believe that a non-privileged user will be able to do anything except view information. Am I right in saying that the software has to be installed on the DC in order to recognized the MMC filename? If so, is there no other alternative? Thank you. Edwin List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Phone list
What development platform are they working with? Classic ASP, .NET, something else? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Thursday, June 10, 2004 10:54 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] AD Phone list I talked our web developers into moving the phone list from sql to AD. They are asking me for any resources I have to get them started. For example the user and contact schema. They are also looking for any good sites to get them started pulling from AD. Thanks,jb List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
This part: ' set events = getobject(winmgmts:\\.).ExecNotificationQuery(select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe') Should all be on one line - no carriage returns until after the 'notepad.exe') The wrapping in the e-mail client goofs it all up :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I get unterminated string constant at the end of the first line of your script. I'm a perl guy, not vbs, so I don't quite know where I'm supposed to terminate(quote) the line. Thanks, sorry to be a pest. -Original Message- From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Friday, June 04, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Here is a (cheap hack) way: copy the text below to a script: ' set events = getobject(winmgmts:\\.).ExecNotificationQuery(select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe') Do set NTevent = events.nextevent If Err 0 then msgbox it was not = to 0 else msgbox Notepad was closed exit do end if Loop ' Now start the script monitor.vbs Now start notepad. Wait for some random time.. close notepad.exe You should get a popup - change this to whatever action you deem necessary. For your situation you change notepad.exe to your app. Note that you can do this to a remote machine as well... substitute the machine name like so: (winmgmts:\\mymachine) This is a polling process so there is some minor overhead. -steve - Original Message - From: Mulnick, Al [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 07, 2004 1:53 PM Subject: RE: [ActiveDir] Very OT Haven't tried it, but this looks like it might be a way http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ win32_perfrawdata_perfproc_thread.asp?frame=true You'd want to monitor thread state on a regular interval. Another option might be to use the scheduler or re-write the code to alert if it encounters an error. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Monday, June 07, 2004 4:35 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
If you want Tom - e-mail me off list and I'll do what I can to help you customize this script. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I would actually want to monitor 3 programs and be emailed(cdo) rather than msgboxed if one or all dissapeared from the task manager process list. I can't change the program to write to the registry as i didn't write it and i would be stepping on some toes. more importantly, my knowldge of VB is pretty limited, anyhoo. I would rather just rig this script to do the above mentioned things. thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:15 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Hi, I presume you actually want to know that it is still operational, rather than whether it still exists as a task. The standard way I do this is to put a heartbeat in the program to write status info to the registry every (say) minute including the current time. You then monitor the registry key whenever you want to know what is happening. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/adm_summary.shtml - Original Message - From: Kern, Tom [EMAIL PROTECTED] To: ActiveDir (E-mail) [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:35 AM Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Scripts
http://rallenhome.com/books/adcookbook/code.html - Robbie Allens code from his Active Directory Cookbook (lots of scripts) Not a script, but I think this will accomplish what youve asked: http://www.joeware.net/win32/index.html - Joes MemberOf utility. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christine Easton Sent: Friday, June 04, 2004 12:43 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Scripts Can anyone point me to a script for Active Directory that will give me what groups I have and the users in them? Thanks -Christine
RE: [ActiveDir] OT, How to change wording on screen when computer is locked
Last I knew it was a registry hack (if Im thinking of the same thing you are) I had that set up on the workstations in my lab, but I cant locate the documentation for which registry key it wasstill searching. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT, How to change wording on screen when computer is locked What I am looking to do is change the wording on the screen when a computer is locked where it says This computer is in use and has been locked. I have it when the user log's in but I want to change it when it's locked as well but I can not find out where to do this for the life of me. Any help would be great or links or anything. Ryan McDonald Systems Administrator
RE: [ActiveDir] OT, How to change wording on screen when computer is locked
This is what I ended up using to customize the caption on the dialog box not sure if its the same as what youre looking for. In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon either change the data value for Welcome or add a new string value called Welcome (data type REG_SZ) and put the text you want to display in that keys Value Data section. Of course all the normal warnings when messing with the registry do apply have fun, but play responsibly J Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT, How to change wording on screen when computer is locked What I am looking to do is change the wording on the screen when a computer is locked where it says This computer is in use and has been locked. I have it when the user log's in but I want to change it when it's locked as well but I can not find out where to do this for the life of me. Any help would be great or links or anything. Ryan McDonald Systems Administrator
RE: [ActiveDir] hidding users
Not sure about an attribute, but shouldn't you be able to set the security permissions on the user(s) in question with a DENY ALL for whichever group or user you are trying to keep out? At the very least the object will show up but will show up as UNKNOWN and the person with the DENY ALL access to it will be unable to view/modify anything further with it. Of course this may not be the best approach - I'm sure that will come out as the others on this list chime in :) r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, May 20, 2004 2:00 PM To: ActiveDir (E-mail) Subject: [ActiveDir] hidding users is there an attribute i can set in adsiedit,ldp,etc to hide a user from appearing in the usual admin gui utlilties like aduc? also when you look in group memebership, to not have s(he) appear there as well? thanls List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Research Question
Title: Message Where do I sign up??? :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, May 17, 2004 11:56 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Research Question Drinks served at 4:00 by professional wait staff... ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Saturday, May 15, 2004 2:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question Stability Growth Benefits... -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 May 2004 9:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question 1. Pay 2. Benefits 3. Flexibility From: DL.ActiveDirectory [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question Paydays? Thank you, Mitch Lawrence -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zach Huseby Sent: Thursday, May 13, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question the 2nd and the 18th of each month. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Thursday, May 13, 2004 10:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Research Question Hello, I am doing research for a college project, and I would appreciate any feedback I can get on the following question: As an IT professional, what factors in your employment make a difference to you? Why? I really appreciate the time you take to give me some insight into your world. Thank you, Mitch Noob college student - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: [EMAIL PROTECTED] . Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -
RE: [ActiveDir] AD Replication
Title: Message Thanks for that e-mail sig, I havent laughed at a sig in a while J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Thursday, May 13, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD Replication How long have these things been around? Normally,AD will retain references to a deleted DSA for 0.5 X tombstone-expiry. If you really want to clean them up, then you'd need to useone of the expert switches in repadmin to tell the KCC to remove all of the connection objects and let it rebuild the connections. ADSS isn't going to expose the deleted DSA connections, so it's won't really help. Wook Once my Valentine, Her name escapes me like a Restore mode password.
RE: [ActiveDir] OT: Research Question
Title: OT: Research Question 1) Pay is definitely nice. 2) I like the challenges involved with my job. (You want a 700 OU AD structure with decentralized web based administration when?) 3) Lots of cool toys in the lab (blades, SANs, Coops, and a dual AMD 64bit processor test boxen with green neon lights and a see-through case!) 4) I get to wear a hat (currently my MCSD one, but last week was my NASA one) 5) A lot of what I do is seen as PFM (and *sometimes* its better left unexplained!) Some things that stink 1) the lab has no windows Ive thought about a small web enabled video camera installed outside the building so I can surf to see what its like outside from my desktop or the server racks. 2) The refrigerator does not automatically restock itself with Mt. Dew when it runs low. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Thursday, May 13, 2004 2:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question 1. Pay 2. Benefits 3. Flexibility From: DL.ActiveDirectory [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question Paydays? Thank you, Mitch Lawrence -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zach Huseby Sent: Thursday, May 13, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question the 2nd and the 18th of each month. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Thursday, May 13, 2004 10:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Research Question Hello, I am doing research for a college project, and I would appreciate any feedback I can get on the following question: As an IT professional, what factors in your employment make a difference to you? Why? I really appreciate the time you take to give me some insight into your world. Thank you, Mitch Noob college student
RE: [ActiveDir] OT: Research Question
Title: OT: Research Question programmers *and* it professionals so.us programmers are not it professionals? ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Thursday, May 13, 2004 4:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question No, its quite alright. One of the assignments I had this week was ask programmers and it professionals what factors in business are most important to them and why. So I went and asked all the ones I knew. Im using all the answers to formulate the results for class. Mitch -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Posted At: Thursday, May 13, 2004 2:34 PM Posted To: ~AD Discussion~ Conversation: [ActiveDir] OT: Research Question Subject: RE: [ActiveDir] OT: Research Question Maybe I've misunderstood the question. You're asking for an answer to the question? From: DL.ActiveDirectory [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question Yes, but having live data from people I 'know' (so to speak) makes this a much more personal assignment, and one that I am more likely to get a good grade on since I have a kindred feeling for the research data. I am using ALL the answers I get, as each one adds a little more to the over all picture. Plus, this isn't the only list this got posted on. ;) Mitch -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Posted At: Thursday, May 13, 2004 12:44 PM Posted To: ~AD Discussion~ Conversation: [ActiveDir] OT: Research Question Subject: RE: [ActiveDir] OT: Research Question lol. Mitch, you probably want to insert favorite search engine for surveys. Places like Monster.com, Yahoo.com, Dice.com, etc all keep that kind of information as well for marketing purposes. They may share. I'm sure the bureau of labor and statistics would keep such information as well. Not to mention psychological websites, those related to workplace issues (OSHA?) and industry magazines that also conduct such salary and well-being surveys. Happy hunting. Al From: Zach Huseby [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 12:59 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Research Question the 2nd and the 18th of each month. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Thursday, May 13, 2004 10:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Research Question Hello, I am doing research for a college project, and I would appreciate any feedback I can get on the following question: As an IT professional, what factors in your employment make a difference to you? Why? I really appreciate the time you take to give me some insight into your world. Thank you, Mitch Noob college student
RE: [ActiveDir] Cookbook sample scripts
strDomain = mydomain.com ' e.g. emea.rallencorp.com needs to be mydomain.com (minus the ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Payne Sent: Tuesday, May 11, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Cookbook sample scripts I just bought the Active Directory Cookbook and started looking at some of the sample scripts posted on the author's website. When I attempt to use this one it tells me the server is not operational, line 14 character 1. Can anyone take a look at this and let me know if you see something I have done wrong? Thanks a bunch. ' This VBScript code prints the FSMO role owners for the specified domain. ' --- ' From the book Active Directory Cookbook by Robbie Allen ' Publisher: O'Reilly and Associates ' ISBN: 0-596-00466-4 ' Book web site: http://rallenhome.com/books/adcookbook/code.html ' --- ' -- SCRIPT CONFIGURATION -- strDomain = mydomain.com ' e.g. emea.rallencorp.com ' -- END CONFIGURATION - set objRootDSE = GetObject(LDAP://; strDomain /RootDSE) strDomainDN = objRootDSE.Get(defaultNamingContext) strSchemaDN = objRootDSE.Get(schemaNamingContext) strConfigDN = objRootDSE.Get(configurationNamingContext) ' PDC Emulator set objPDCFsmo = GetObject(LDAP://; strDomainDN) Wscript.Echo PDC Emulator: objPDCFsmo.fsmoroleowner ' RID Master set objRIDFsmo = GetObject(LDAP://cn=RID Manager$,cn=system, strDomainDN) Wscript.Echo RID Master: objRIDFsmo.fsmoroleowner ' Schema Master set objSchemaFsmo = GetObject(LDAP://; strSchemaDN) Wscript.Echo Schema Master: objSchemaFsmo.fsmoroleowner ' Infrastructure Master set objInfraFsmo = GetObject(LDAP://cn=Infrastructure,; strDomainDN) Wscript.Echo Infrastructure Master: objInfraFsmo.fsmoroleowner ' Domain Naming Master set objDNFsmo = GetObject(LDAP://cn=Partitions,; strConfigDN) Wscript.Echo Domain Naming Master: objDNFsmo.fsmoroleowner List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cookbook sample scripts
You can try the slightly modified one I use - it writes the roles out to a text file versus displaying them on the screen ' This VBScript code prints the FSMO role owners for the specified domain. ' --- ' From the book Active Directory Cookbook by Robbie Allen ' Publisher: O'Reilly and Associates ' ISBN: 0-596-00466-4 ' Book web site: http://rallenhome.com/books/adcookbook/code.html ' --- ' MODIFIED by Lou Vega - added output to file versus screen ' -- SCRIPT CONFIGURATION -- strDomain = mydomain.com ' e.g. emea.rallencorp.com OutfileName = AD FSMO Roles - Replace(date,/,) .txt ' -- File Constants -- Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 ' -- Open the extract file -- Set Filesys = CreateObject(Scripting.FileSystemObject) Set Outfile = Filesys.OpenTextFile(OutfileName, ForWriting, True) ' -- END CONFIGURATION - set objRootDSE = GetObject(LDAP://; strDomain /RootDSE) strDomainDN = objRootDSE.Get(defaultNamingContext) strSchemaDN = objRootDSE.Get(schemaNamingContext) strConfigDN = objRootDSE.Get(configurationNamingContext) ' PDC Emulator set objPDCFsmo = GetObject(LDAP://; strDomainDN) outfile.writeline PDC Emulator: objPDCFsmo.fsmoroleowner ' RID Master set objRIDFsmo = GetObject(LDAP://cn=RID Manager$,cn=system, strDomainDN) outfile.writeline RID Master: objRIDFsmo.fsmoroleowner ' Schema Master set objSchemaFsmo = GetObject(LDAP://; strSchemaDN) outfile.writeline Schema Master: objSchemaFsmo.fsmoroleowner ' Infrastructure Master set objInfraFsmo = GetObject(LDAP://cn=Infrastructure,; strDomainDN) outfile.writeline Infrastructure Master: objInfraFsmo.fsmoroleowner ' Domain Naming Master set objDNFsmo = GetObject(LDAP://cn=Partitions,; strConfigDN) outfile.writeline Domain Naming Master: objDNFsmo.fsmoroleowner msgbox(All done Chief! vbcrlf Errors: err.number) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Payne Sent: Tuesday, May 11, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Cookbook sample scripts I just bought the Active Directory Cookbook and started looking at some of the sample scripts posted on the author's website. When I attempt to use this one it tells me the server is not operational, line 14 character 1. Can anyone take a look at this and let me know if you see something I have done wrong? Thanks a bunch. ' This VBScript code prints the FSMO role owners for the specified domain. ' --- ' From the book Active Directory Cookbook by Robbie Allen ' Publisher: O'Reilly and Associates ' ISBN: 0-596-00466-4 ' Book web site: http://rallenhome.com/books/adcookbook/code.html ' --- ' -- SCRIPT CONFIGURATION -- strDomain = mydomain.com ' e.g. emea.rallencorp.com ' -- END CONFIGURATION - set objRootDSE = GetObject(LDAP://; strDomain /RootDSE) strDomainDN = objRootDSE.Get(defaultNamingContext) strSchemaDN = objRootDSE.Get(schemaNamingContext) strConfigDN = objRootDSE.Get(configurationNamingContext) ' PDC Emulator set objPDCFsmo = GetObject(LDAP://; strDomainDN) Wscript.Echo PDC Emulator: objPDCFsmo.fsmoroleowner ' RID Master set objRIDFsmo = GetObject(LDAP://cn=RID Manager$,cn=system, strDomainDN) Wscript.Echo RID Master: objRIDFsmo.fsmoroleowner ' Schema Master set objSchemaFsmo = GetObject(LDAP://; strSchemaDN) Wscript.Echo Schema Master: objSchemaFsmo.fsmoroleowner ' Infrastructure Master set objInfraFsmo = GetObject(LDAP://cn=Infrastructure,; strDomainDN) Wscript.Echo Infrastructure Master: objInfraFsmo.fsmoroleowner ' Domain Naming Master set objDNFsmo = GetObject(LDAP://cn=Partitions,; strConfigDN) Wscript.Echo Domain Naming Master: objDNFsmo.fsmoroleowner List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] help...
(English follows my humble attempt at Spanish) Si le entiendo correctamente, qué usted desea hacer es posible. Este acoplamiento debe proporcionar la información que usted está buscando:: http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=""> If I understand you correctly, what you want to do is possible. This link should provide the information youre looking for: http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=""> r/ Lou Vega -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nolant Paredes Perez Sent: Tuesday, May 04, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] help... Hello I am new in the List. I have a main server with windows server 2000, but this in Spanish and it is not I possible update for that the windows 2003 that I have are in English. Did I want to know if it is possible of me to put the server 2003 as secondary server of the domain so that he/she takes the database of the users that the is but important that want to save, and then to promote it as primary servant?, or if some soft that I allow to survive the database of the users with the countersign existed and then to care her. Ing.Norlant Paredes Pérez Profesor Universidad de Oriente Santiago de Cuba - Cuba [EMAIL PROTECTED] [EMAIL PROTECTED]
RE: [ActiveDir] Anyone experienced this? Volume dissapears after DCPromo?
Wow thanks Joe. In fact the disks on this test system were IDE (and over 137GB). Interestingly enough even though this is supposed to affect the system as a whole (both drives are identical), it only affected the D: volume I had set as the storage for the NTDS logsonce I had used NTDSUtil to reassign the path for my logs, everything came back up again, but I decided that install was unreliable for testing and blew it away to install Windows 2003 Enterprise which seems to be working quite nicely large drives and all (though this time not in a DC capacity). Either way, thanks for the article I certainly learned something new today! r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, May 02, 2004 9:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Anyone experienced this? Volume dissapears after DCPromo? You don't specify whether your disks or IDE or not but I will assume yes so you may want to take a peek at http://support.microsoft.com/default.aspx?scid=kb;EN-US;305098 Basically it could be a possible LBA issue. I have seen this on XP personally and luckily one of my good friends had already encountered it and given me a heads up. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Wednesday, April 07, 2004 11:18 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Anyone experienced this? Volume dissapears after DCPromo? Im curious if anyone else out there has experienced this. I have a Windows 2000 Advanced Server updated with SP4 and all the latest patches, etc. I ran DCPromo to add it to an existing domain. Prior to the DCPromo I had two volumes C and D each at 189 GB (its a server Im building for testing) Both volumes were formatted NTFS though there werent but a few BKF files of this server on the D volume. Immediately after my DCPromo I rebooted and got the following error message: lsass.exe - System Error : Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0xc2e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information. Fortunately for me a Google search turned up the following KB article (http://support.microsoft.com/default.aspx?scid=kb;EN-US;258007 ) and I was able to go into DS Restore mode, and using NDSUTIL SET PATH change the path of my NTDS Log files.(so my emergency of a failed DCPromo is solved! Whooo hoo!!!) heres the kicker the reason for the error and the failure was because now the D volume is unrecognized Windows reports it as Unformatted do you want to format now? and when you try it fails. Is there a limit to the size of a volume that AD recognizes? The original cause of the error is because when I was running the DCPromo and it asked where I wanted to put the DB and Log files, I picked C:\winnt\ntds for the DB and D:\winnt\ntds for the Log files then for some reason D became unrecognized after the Promo was finished. Anyone else seen this? r/ Lou
RE: [ActiveDir] HELP I just deleted an OU
You might try the restore subtree using NDTSUtil http://support.microsoft.com/default.aspx?scid=kb;en-us;241594#3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron Sent: Monday, May 03, 2004 1:05 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] HELP I just deleted an OU How can I get the OU with all objectes restored immediately
