[ActiveDir] Roll up MCSE on Windows 2000 to MCSE on Windows 2003
Return Receipt Your [ActiveDir] Roll up MCSE on Windows 2000 to MCSE on Windows document 2003 : was Robert Rutherford/UK/DEK received by: at: 17/02/2004 15:46:33 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DCPromo
Im sure a Dcpromo will always hook back to the PDCE... that should be normal. I'm not really sure what you want to find out please elaborate. Rob Guy Teverovsky [EMAIL PROTECTED] u.co.il To Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc ail.activedir.org Subject [ActiveDir] DCPromo 13/02/2004 15:29 Please respond to [EMAIL PROTECTED] tivedir.org Yesterday, while dcpromoing a machine (which was already domain member), I have noticed that while the LDAP session was initiated against PDCE in site A, the computer account move to Domain Controllers OU was performed on a DC in site B. Although after the replication everything was nice and dandy, but any insight on at which DC the changes should take place during the dcpromo process is more than welcome. Thanks, Guy - - - Smith Wesson - the original point and click interface List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing DHCP Servers
MS have a tool called DHCPexim... http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/dhcpexim-o.asp I'm not sure if it works under 2003 but I've used it a few times under 2000 with no problems. Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/02/2004 14:35 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Changing DHCP Servers Yes, if you have the same ip address for new DHCP Server + i guess the clients shuld renew their ip address again -Original Message- From: Jerry Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 4:52 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing DHCP Servers Everyone I have added a w2k3 DC into our network and am gradually giving it more responsibility, so far so good. The next thing I want to do is make it our DHCP server (currently being held by win2k server that is going to be formatted and made into w2k3). I have created an identical scope on the new box but have not activated it. Is it just a matter of deactivating the old and activating the new, or is it more involved than that? Thank You Jerry Scicom Data Services Minnetonka,Mn - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: [EMAIL PROTECTED] . Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus ! transmitted by this email. - This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] dc ip address change
Return Receipt Your RE: [ActiveDir] dc ip address change document : was Robert Rutherford/UK/DEK received by: at: 29/01/2004 09:18:01 EST This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Unix Service for WIndows 3.5
Return Receipt Your [ActiveDir] Unix Service for WIndows 3.5 document : was Robert Rutherford/UK/DEK received by: at: 29/01/2004 10:24:36 EST This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] dc ip address change
Return Receipt Your RE: [ActiveDir] dc ip address change document : was Robert Rutherford/UK/DEK received by: at: 26/01/2004 09:43:49 EST This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Change Licensing for servers
start-settings-control panel- licensing ... If I remember you can change it in there. Rob Pennell, Ronald B. [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 16/01/2004 14:05 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Change Licensing for servers Does anyone know of a quick way to switch the license mode from Per Server to Per Seat without having to rebuild the PS? Running W2k server, sp3 Ron Pennell List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] Don't want users to view Directory Info
Return Receipt Your RE: [ActiveDir] Don't want users to view Directory Info document : was Robert Rutherford/UK/DEK received by: at: 09/01/2004 08:22:44 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Number of user objects in an OU
Computers and Users are represented as objects within AD... I can't remember the exact number of objects which you can get upto but AD supports way over 10 million (someone will telll u the exact number, if not then it will be on the web). I have heard things in the past about some large corp's testing upto a billion objects with success. BR, Rob Sam Khoury [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/01/2004 05:08 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Number of user objects in an OU Hello All, I am new to this group but already can see that the calibre of the people present will be a great help... I am curious to learn the number of user objects that Active Directory can handle in a single OU, it surely must have a limit, any other limitations to the number of PC's that can join a domain etc would be great as well. Much appreciated, -- Sam Khoury Microsoft Support Officer ITS Networks Computing Services Victoria University List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] Applications on 2003 DC
No problems running SQL2000 on a DC.. not advisable in production of course but for a lab... now worries. Rob Chris Flesher [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/01/2004 17:16 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Applications on 2003 DC We don't have VMWARE available, and don't want to purchase it just for this test. This is a 2-3 month test bed for some software, and then the machine is going to be used for something else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pararajasingam,Anton Sent: Wednesday, January 07, 2004 11:07 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Applications on 2003 DC Chris, I don't know about SQL2000 but you can certainly install Exchange 2003 on a Windows 2003 DC - I am in a test lad working on such a system as we speak;-) If you do require separate boxes but don't have them, then why don't you explore something like VMware where you can run separate machines on ONE machine!! anton -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED]] Sent: 07 January 2004 17:00 To: [EMAIL PROTECTED] Subject: [ActiveDir] Applications on 2003 DC We are short on test hardware, and were wondering if the rumors were true that one is unable to install SQL 2000 or Exchange 2003 on a DC? This isn't a production idea, but just for test purposes so we don't have to buy a separate box for the application. Thank you in advance for the help. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** The information contained in this e-mail is confidential. It may also be protected by legal privilege. It is intended only for the stated addressee(s). If you are not an addressee you must not disclose, copy, circulate nor use the information contained in it. If you have received this e-mail in error please inform the sender immediately and delete it and any copies from your system. ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] Applications on 2003 DC
no worries even :O) Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Chris Flesher [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/01/2004 17:16 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Applications on 2003 DC We don't have VMWARE available, and don't want to purchase it just for this test. This is a 2-3 month test bed for some software, and then the machine is going to be used for something else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pararajasingam,Anton Sent: Wednesday, January 07, 2004 11:07 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Applications on 2003 DC Chris, I don't know about SQL2000 but you can certainly install Exchange 2003 on a Windows 2003 DC - I am in a test lad working on such a system as we speak;-) If you do require separate boxes but don't have them, then why don't you explore something like VMware where you can run separate machines on ONE machine!! anton -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED]] Sent: 07 January 2004 17:00 To: [EMAIL PROTECTED] Subject: [ActiveDir] Applications on 2003 DC We are short on test hardware, and were wondering if the rumors were true that one is unable to install SQL 2000 or Exchange 2003 on a DC? This isn't a production idea, but just for test purposes so we don't have to buy a separate box for the application. Thank you in advance for the help. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** The information contained in this e-mail is confidential. It may also be protected by legal privilege. It is intended only for the stated addressee(s). If you are not an addressee you must not disclose, copy, circulate nor use the information contained in it. If you have received this e-mail in error please inform the sender immediately and delete it and any copies from your system. ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] inactive computers question
funny enough I've just done the job today on my domain with :-http://www.lanicu.com/index.cfm/products/ump Rob Jorge de Almeida Pinto [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 22/12/2003 16:10 Please respond to [EMAIL PROTECTED] To 'Rich Milburn ' [EMAIL PROTECTED], '[EMAIL PROTECTED] ' [EMAIL PROTECTED] cc Subject RE: [ActiveDir] inactive computers question Hi Rich, Try the following: MS-KBQ197478: HOWTO: How to Detect and Remove Inactive Machine Accounts QUOTE This procedure uses batch files and resource kit utilities to create a list of machine accounts sorted by the last time the machine account's password was updated. The list then needs to be examined by an administrator to remove all machine accounts that are deemed active, leaving only the old machine accounts in the remaining list. The remaining list is then read by a batch file that systematically deletes the old machine accounts using Windows NT resource kit utilities. UNQUOTE Regards, Jorge -Original Message- From: Rich Milburn To: [EMAIL PROTECTED] Sent: 12/22/2003 4:59 PM Subject: [ActiveDir] inactive computers question I know that dsquery and dsrm are good for AD2003 environments to find and remove inactive computer accounts in AD, as is Robbie's script. Someone on the SMS list has AD 2000 though, dsquery doesn't work, and Robbie's script is returning nothing. Even if the info is not easily convertible to a date, seems like you should be able to sort by a column in a csvde export and see the same information - i.e. sort by pwdLastSet? Any ideas? It looked like lastLogonTimestamp might be a good one... but alas that's new with 2003 so that's no good for him. The main source of my confusion is that dsquery and a sort by pwdLastSet do not show the same computers as being inactive the longest. Thanks Rich ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
[ActiveDir] ADMTv2 Question/Issue?
Return Receipt Your [ActiveDir] ADMTv2 Question/Issue? document : was Robert Rutherford/UK/DEK received by: at: 18/12/2003 15:18:48 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] native mode
Return Receipt Your RE: [ActiveDir] native mode document : was Robert Rutherford/UK/DEK received by: at: 16/12/2003 08:42:13 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Legacy Computers in AD
If you havent started the upgrade yet then you should be going to XP. We are 2000 but would recommend going straight for XP on a new deployment as in reality 2000 is now more or less a legacy system. XP has everything 2000 has plus more my 2 cents is to go for XP. Rob George Arezina [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 24/11/2003 12:55 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] Legacy Computers in AD I have a mixed mode of computers in my current domain (Windows 98, Windows NT 4.0 workstations). We are planning to upgrade to W2K/W3K, still not sure with which Windows server version to go with, and need to know what is gained by upgrading my clients to W2K Pro or XP Pro. What is the benefit to upgrading all my clients' comps to W2K Pro/XP Pro as opposed to leaving my current comps with legacy software? Thanks. George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 - GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
Re: [ActiveDir] how do we explain this one ?
Sounds like your GC is down or not functioning properly... Id check that first Rob Graham Turner [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 24/11/2003 15:48 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject [ActiveDir] how do we explain this one ? Dear all, before i attempt the more involved debug of this funny one thought i would see if any one could confirm similar observed behaviour; win2k professional client has been migrated using ADMT 2.0 myself and and other admin can log on to the domain (same domain for user and computer by the way) at this computer - from this we infer correct machine connectivity. primary user of this computer can not logon to the domain from this computer - system can not logon . however same user can logon to the domain from another machine - user a/c is obviously ok ?? how can this be - ??!! GT List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com
RE: [ActiveDir] OT: Using InstallShield in a Startup Script
Return Receipt Your RE: [ActiveDir] OT: Using InstallShield in a Startup Script document : was Robert Rutherford/UK/DEK received by: at: 20/11/2003 13:16:07 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail. Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International or its affiliates. [EMAIL PROTECTED] This footnote also confirms that this message has been checked for the presence of computer viruses. http://www.dek.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] A replication mess
** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** Hmmm doesn't sound too nice A fw Q's? How many DC's have you got in total? 4? One Domain? How long had you left it after doing your promotions before seeing the logs?.. if less than a couple of hours then I suggest a clear the event logs and then reboot the machines. AD takes some time to fully bring up DC's. I have seen the AD sort out strange errors... sometimes after being left for 8 hours (its a wonderful animal at times) Perform some dcdiag's on your servers to see if that gives you any pointers after your reboots.. post anything that seems to relate. BR, Rob Andrew Wagg [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] A replication mess tivedir.org 18/11/2003 21:36 Please respond to ActiveDir I am seeing some interesting AD replication related errors on two of my servers. I recently added a DC to this domain and AD replication seems to be working reasonable well (I can make changes to users in the new dc, and they show up in the other two older ones.) However I am seeing the following two errors repeating on the original two DCs, ** -- Event Type: Warning Event Source: NTDS Replication Event Category: Replication Event ID: 1061 Date: 14/11/2003 Time: 11:37:20 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: EUROPA Description: Internal error: NT AUTHORITY\ANONYMOUS LOGON --- Event Type: Warning Event Source: NTDS KCC Event Category: Knowledge Consistency Checker Event ID: 1265 Date: 14/11/2003 Time: 10:52:20 AM User: N/A Computer: EUROPA Description: The attempt to establish a replication link with parameters Partition: CN=Schema,CN=Configuration,DC=ourdomain,DC=com Source DSA DN: CN=NTDS Settings,CN=CALLISTO,CN=Servers,CN=Burloak,CN=Sites,CN=Con figuration,DC=ourdomain,DC=com Source DSA Address: 5673215d-87e2-4c3b-8204- 4ffeafe0c2f2._msdcs.ourdomain.com Inter-site Transport (if any): failed with the following status: Access is denied. The record data is the status code. This operation will be retried. Data: : 05 00 00 00 I have also noticed in Replmon that the original DCs only show connections to each other in the main screen. However when I open the properties for the old servers the
RE: [ActiveDir] A replication mess
If you are taking the trouble then also perform a netdiag on the machines to see if that shows up anything. BR, Rob Andrew Wagg [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] A replication mess tivedir.org 18/11/2003 22:37 Please respond to ActiveDir Thanks Rob, it's definitely no fun :( Answers : I have one domain with two original servers (Europa, and Cockatrice) and a new one Callisto that I am trying to add. I ran dcpromo last Thursday, and the events are still happening. I'm not sure if there has been a reboot on the older DCs since then, but I don't believe so. I will try and schedule a reboot for tonight to see if that makes any difference, and then run the dcdiags tomorrow Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: November 18, 2003 4:59 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] A replication mess ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Security Concerns With Creating a Secondary DNS Zone
I would ask them there reasons and then post them here... I cant think of any real reasons as long as your servers are sat internally and talk on your private WAN? Rob [EMAIL PROTECTED] .com To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Security Concerns With Creating a Secondary DNS Zone tivedir.org 17/11/2003 16:45 Please respond to ActiveDir Hi, Are there any security concerns or issues with creating a secondary DNS zone and doing Zone transfer? If you have a root Windows 2000 domain in a different country and want to create a secondary zone for the root domain in the US, what are the security issues associated with the configuration? If the security department is not allowing the creation of a secondary zone because of Security reasons, what would be those reasons? Any input would be really appreciated. Thanks, Santhosh (See attached file: winmail.dat) ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** winmail.dat Description: Binary data
Re: [ActiveDir] Remove AD from DC
** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** Have you got a VPN to this site? Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Pelle, Joe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Remove AD from DC tivedir.org 12/11/2003 14:16 Please respond to ActiveDir Has anyone had a problem removing AD from a DC that was in a remote site? Were getting some RPC and DNS errors on the box, specifically, The directory Service failed to find a server to replicate off changes. The security context could not be established due to a failure in the requested quality of service. Any thoughts on this? Joe Pelle Systems Analyst Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent.
Re: [ActiveDir] Remove AD from DC
** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** Is anything strange showing in the event logs? Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Matja Ladava [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Remove AD from DC tivedir.org 12/11/2003 14:38 Please respond to ActiveDir RPC errors normally indicate name resolution problems. Can you verify with nslookup that your name resolution is working as it should ? How are this sites connected ? Regards Matjaz Ladava, MCSE, MCSA, MCT, MVP Microsoft MVP - Active Directory [EMAIL PROTECTED], [EMAIL PROTECTED] http://ladava.com - Original Message - From: Pelle, Joe To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 3:16 PM Subject: [ActiveDir] Remove AD from DC Has anyone had a problem removing AD from a DC that was in a remote site? Were getting some RPC and DNS errors on the box, specifically, The directory Service failed to find a server to replicate off changes. The security context could not be established due to a failure in the requested quality of service. Any thoughts on this? Joe Pelle Systems Analyst Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent.
RE: [ActiveDir] Active Directory Cookbook
ISBN- 0-596-00464-8 Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Oliver Marshall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Active Directory Cookbook tivedir.org 24/10/2003 15:42 Please respond to ActiveDir Do you have the ISBN number? Sounds perfect. Olly -Original Message- From: Lou Vega [mailto:[EMAIL PROTECTED] Sent: 24 October 2003 14:38 To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory Cookbook Received my very own copy of Mr. Robbie Allen's Tuna book last night from Amazon.com - in the first night's reading the book is already proving it's worth as I see how to do certain things much simpler than I had done them before (with regards to the VBScripts included), as well as learn new things I didn't realize could be done (in both AD2K and AD2K3). The book will be very handy as I continue to stand up my development Windows 2003 domain. To anyone else on this list who hasn't gotten it yet...it's a worthwhile addition to your Active Directory library. To Robbie (and all the others who assisted him!) - thanks for a great resource! r/ Lou List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] NTDIS Size
Plenty... I have 750 user objects and mine's 750MB. Use the ADSizer tool from the MS site to double check but you have enough space. BR Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 George Arezina [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] NTDIS Size tivedir.org 14/10/2003 09:59 Please respond to ActiveDir Hi people, Can someone please confirm that I have given enough GB for 1500 users in my AD database? I plan to install two mirrored drives on my server. One Mirror will be the system partition (18GB) and the second mirror will be 72GB where my ndts.dit database will be located. Thanks (Embedded image moved to file: pic26500.jpg) George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. * E-mail: [EMAIL PROTECTED] ( Phone:+381 (11) 3202-474 ( GSM: +381 (63) 342-321 ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** attachment: pic26500.jpg
RE: [ActiveDir] Computer Account in its Primary Domain is Missing
I've seen this many times and it does seem to relate to the PDC emulator not knowing about the machine... I don't know the exact process behind it but it does seem that the DC's in the site that you are adding the computer object and the PDC emulator must know about the new object. I never used to allow the admins on remote sites to create accounts via the 'join domain' option on the wks. I used to see your error all the time on a reboot. I eventually gave them the right to 'add wks to the domain' and all was ok. I'd be interested to see your findings/others experiences as I am looking to restrict the right to create new computer accounts back to the central HQ. BR Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Rick Kingslan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Computer Account in its Primary Domain is Missing tivedir.org 11/10/2003 21:43 Please respond to ActiveDir I've run into this exact error message in one case (well, two - you've confirmed that the object does exist, so I'll discount that). If I image a PC and apply the image to another PC and fail to run, say SIDWalker to create a random object SID for the computer object - I see this error. So, if you're using any type of imaging software to duplicate setups, look to a SID changing tool (free one available from WinTernals called NewSID - http://www.sysinternals.com/ntw2k/source/newsid.shtml) to mod the SID and avoid the problem. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FDiskThePC Sent: Saturday, October 11, 2003 9:42 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Computer Account in its Primary Domain is Missing At least once a week, an admin in our company will successfully join a computer (NT 4.0, Win2K, WinXP) to our AD domain, and upon reboot receives the computer account in its primary domain is missing error message. We assume this happens because we have two DC's in every site, the five minute intrasite replication hasn't happened, and the newly added computer is simply authenticating with the other DC. But even when we wait fifteen minutes and then reboot again, we still get the error message. Our techs have been using the take to workgroup, re-add to domain method until it's successful. One time I actually verified the existence of the computer account on both local DC's at a particular site, and yet the computer could still not login to the domain. Using replmon, I forced a sync of the domain partition from one of the local DC's out to every other DC in our environment. Immediately the workstation could login. What gives? Does every DC or a particular DC (PDC Emulator?) need to know about newly added computer accounts before they can be used? Do I need to train our techs to pre-populate computer accounts with ADUC and sync the domain before using them? A similar complaint is that sometimes the computer account simply disappears, but I haven't seen that yet personally. Any advice would be much appreciated. Thanks. -Rick Dayton __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com List info :
Re: [ActiveDir] Logon Takes too Long!
can you do a dcdiag and post the results Rob George Arezina [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Logon Takes too Long! tivedir.org 02/10/2003 10:21 Please respond to ActiveDir Hi people, Has anyone had logon problems with Windows 2003 server with AD installed? I have a test environment with Windows 2003 servers and Windows XP Pro workstations, no W2K/NT servers or workstations. After installing AD, users are taking around 20 minutes to logon to the domain. I have raised the domain and forest levels to 2003. Can anyone give me some suggestions or ideas? Regards, George (Embedded image moved to file: pic00041.jpg) George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. * E-mail: [EMAIL PROTECTED] ( Phone:+381 (11) 3202-474 ( GSM: +381 (63) 342-321 ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** attachment: pic00041.jpg
[ActiveDir] Robert Rutherford/UK/DEK is out of the office.
I will be out of the office starting 18/09/2003 and will not return until 22/09/2003. I am taking and exam and will probably pick up mail some time during the day. In an emergency please call my mobile and leave a message if unanswered. ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Robert Rutherford/UK/DEK is out of the office.
I will be out of the office starting 18/09/2003 and will not return until 22/09/2003. I am taking and exam and will probably pick up mail during the day at some point. In an emergency please call my mobile and leave a message if unanswered. ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD 2003 DB
More than enough... I have 700 users and my directory is only 75MB. Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Juan Ibarra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] AD 2003 DB tivedir.org 16/09/2003 17:03 Please respond to ActiveDir Hi, we are planning to migrate from NT to AD 2003 in the near future. We are trying to figure out the specs for new HW requirements. We are concerned with the amount of space that we will need in our DC to host the DB. I know that the more space the better, but will the DB be too big? At what rate will it grow. Will 70G will be plenty for an org with 300 users? Best regards, Juan ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Messed Up AD
This looks nasty and and seems to be related to the 'M-L' domain name. It all sounds a big mess and my recommendation would be to just blow out the whole thing and start again... I know you didnt want to hear that. You can of course build up another DC and create a new forest and then migrate the users into it... if you only have 45 users then it shouldn't take long (of course it depends on your environment). If it's for a client, and to save future issues then start again.. sorry chap. BR, Rob Michael B. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Messed Up AD tivedir.org 11/09/2003 22:04 Please respond to ActiveDir OK, you gurus? how do I resolve this? Any help and/or insight is much appreciated. (And I REALLY hope that AD re-install is not the answer ? I've got 45 workstations involved, and more user profiles than that to deal with that would have to be dealt with manually.) I just got called into a new client, who fired their old consultant. So --- I didn't cause this! J I have a single server AD (SBS 2000), which has a single label domain name. Yes, single label. It's M-L and the netbios name is MTN-L. I would've sworn (and I would've been wrong) that DCPROMO would not let me do that. But it does. I've reproduced it in a lab environment. The NetBEUI protocol is required to make this environment work. If I remove NetBEUI from the server, things start breaking fast. I would guess that WINS would let it work as well. I haven't tried. As it is, everything seems to work. Although I expect that GP prolly wouldn't work? But I get nasty event ID error messages. Every place I've looked (MSKB and eventid.net and google) implies that these event IDs are only relevant in a multi-server replication environment ? which isn't true. Remember, single server. So MSKB 232538 and 288167 do not apply. I have applied the change suggested by 300684 and rebooted, and it made no difference. The server is named server. So the FQDN for the server is server.m-l. DNS is Windows 2000 DNS, running on the server. It uses forwarders to the ISP's DNS. The NIC on the server points to itself for DNS, as do all workstations. The server has a single NIC with a static IP. Windows 2000 sp3 plus hotfixes. I get this error and warning in the event log, two sets every hour. The event id error is: Event Id: 1411 Source: NTDS Replication Description: The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server SERVER. The call is denied. The error was: A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format. The record data is the status code. Data: : 6a 21 00 00 I also get a matching warning: Event Id: 1655 Source: NTDS General Description: The attempt to communicate with global catalog \\server failed with the following status: A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format. The operation in progress might be unable to continue. The directory service will use the locator to try find an available global catalog server for the next operation that requires one. The record data is the status code. Data: : 6a 21 00 00 Thanks for any insight.
Re: [ActiveDir] Converting fat32 to NTFS
Depends on the server/pc... on average I would say 5- 10 mins Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 John Parker [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Converting fat32 to NTFS tivedir.org 10/09/2003 21:33 Please respond to ActiveDir Hey all... On a 36GB SCSIU2W with 22GB of data, how long should a conversion from FAT32 to NTFS take? Thanks John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] Be excellent to each other ---End of Line--- -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 11:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows 2003 DC issue Same Bind server. Unfortunately, I don't run the Bind server. I'll talk with the powers that be and get a response if anything looked weird. Did not run NETMON, but will to see more. Thanks for the leads. I'll let you know how it goes. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Wednesday, September 10, 2003 11:12 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Windows 2003 DC issue The only change in 2003 re SRV publication that I can recall is that the default update interval is 15 minutes in W2K3 vs. 60 minutes in W2K. Some questions: Is it the same BIND server that worked with W2K? Did you check the BIND logs? And if there was nothing there, did you run NETMON or some other network trace program? -gil -Original Message- From: Chris Flesher [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 7:43 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows 2003 DC issue We started playing with 2003 in our test environment. We came across a problem with how dynamic updates are done on 2003. Dynamic updates are done on a Sun Bind server. For some reason, the SRV records would not update on the Bind server. However, we can do dynamic update on 2000 DC to the Bind DNS. I'm just wondering if there is something new in 2003 with regards to how SRV records are created? Or maybe I'm just missing something completely. Any ideas would be appreciated. We ended up using 2003 DNS for the DC's. That worked, but isn't a representation of how production will be. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477 ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates.
Re: [ActiveDir] ADUC GPMC Authentication Errors
Do you run any proxy or firewall client software, i.e. MS. I have seen issues when running them. Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 England, Christopher M To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: Sent by: Subject: [ActiveDir] ADUC GPMC Authentication Errors [EMAIL PROTECTED] tivedir.org 10/09/2003 23:02 Please respond to ActiveDir Greetings, I work at a University with a single domain architecture, and thus my area only has control over an OU. User accounts are also managed by the central computing guys. So you can see I have few options when resolving issues like this. But has anyone seen anything like this? Before, when I used the AD Users Computers snapin from Windows Server 2003, I had no issues. Once I install the GPMC tool, I begin (in both consoles) to get authentication errors. Either when opening the consoles, or when trying to access an object in AD. It is pretty random, too. In the GPMC tool's Options, we Uncheck the box Enable trust detection, which was a suggestion I found online, but that did not help. Any help is appreciated. Thanks all, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] The specified network name is no longer availabl e
f you type nslookup a the cmd prompt - does it return with the correct DNS server without errors? looks like a DNS issues.. if this is the only machine doing it then scan the first few lines of the event log and look for hints... are there any? If you change the pc name to something different and then try to add it... do you get the same error? Dont resign as this is likely to be something simple and you will grow from the result, BR Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Clifford Airhart [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] al.comcc: Sent by: Subject: RE: [ActiveDir] The specified network name is no longer availabl e [EMAIL PROTECTED] tivedir.org 03/09/2003 20:01 Please respond to ActiveDir Is your DNS suffix correct? -Original Message- From: Mehmet AVSAR [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] The specified network name is no longer available Hi mates, I'm trying to join a Win XP Pro client in active-directory. I did it before but have to re-install XP and I'm getting the error message on the subject when joining the domain now. Everything seems fine. DNS, user rights, i can both ping server with name and ip. NetBIOS is enabled. TCP/IP Helper server starts automatically. Where am I possibly mistaken? Need urgent help. I'm about to resign just for this. Mehmet Izmir, TR List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] sysvol not replicating
Cindy, Is this DC in the same site as your FSMO holders? BR, Rob Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Rittenhouse, Cindy [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] ster.pa.us cc: Sent by:Subject: RE: [ActiveDir] sysvol not replicating [EMAIL PROTECTED] ivedir.org 29/08/2003 16:26 Please respond to ActiveDir results from dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: EastCocalicoPD\ECPDC Starting test: Connectivity . ECPDC passed test Connectivity Doing primary tests Testing server: EastCocalicoPD\ECPDC Starting test: Replications . ECPDC passed test Replications Starting test: NCSecDesc . ECPDC passed test NCSecDesc Starting test: NetLogons . ECPDC passed test NetLogons Starting test: Advertising Warning: DsGetDcName returned information for \\psdc1.police.lancco.pa.us, when we were trying to reach ECPDC. Server is not responding or is not considered suitable. . ECPDC failed test Advertising Starting test: KnowsOfRoleHolders . ECPDC passed test KnowsOfRoleHolders Starting test: RidManager . ECPDC passed test RidManager Starting test: MachineAccount . ECPDC passed test MachineAccount Starting test: Services . ECPDC passed test Services Starting test: ObjectsReplicated . ECPDC passed test ObjectsReplicated Starting test: frssysvol Error: No record of File Replication System, SYSVOL started. The Active Directory may be prevented from starting. There are errors after the SYSVOL has been shared. The SYSVOL can prevent the AD from starting. . ECPDC passed test frssysvol Starting test: kccevent . ECPDC passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x041B Time Generated: 08/29/2003 10:50:20 (Event String could not be retrieved) . ECPDC failed test systemlog Running enterprise tests on : LANCCO.ROOT Starting test: Intersite . LANCCO.ROOT passed test Intersite Starting test: FsmoCheck . LANCCO.ROOT passed test FsmoCheck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 10:39 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] sysvol not replicating whooah... easy. Can you do a dcdiag and post the results please. Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Rittenhouse, Cindy [EMAIL PROTECTED]To: [EMAIL PROTECTED] ster.pa.us cc:
Re: [ActiveDir] sysvol not replicating
whooah... easy. Can you do a dcdiag and post the results please. Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Rittenhouse, Cindy [EMAIL PROTECTED]To: [EMAIL PROTECTED] ster.pa.us cc: Sent by:Subject: [ActiveDir] sysvol not replicating [EMAIL PROTECTED] ivedir.org 29/08/2003 15:32 Please respond to ActiveDir Two days ago a consulting firm upgraded a BDC at a remote location to Windows 2000. After the upgrade users had all types of trouble connecting. It seems the sysvol is not replicating because the Do_Not_Remove_NtFrs_PreInstall_Directory, Policies directory, and Scripts directory do not exist on the remote server in either the sysvol\domain or the sysvol\sysvol directory. The rest of AD seems to be replicating fine. Can I simply copy those directories from one of my DCs to the DC in the remote location? Thanks Cynthia Rittenhouse MCSE,CCNA LAN Administrator County of Lancaster Lancaster, PA 17602 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] System Shutting Down
When did the message first appear... what changed? Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Richard Sumilang [EMAIL PROTECTED]To: [EMAIL PROTECTED] ng.comcc: Sent by: Subject: Re: [ActiveDir] System Shutting Down [EMAIL PROTECTED] tivedir.org 11/08/2003 00:39 Please respond to ActiveDir Cool but how am I supposed to install a new service pack if the computer reboots every 60 seconds when the message comes up? On Saturday, August 9, 2003, at 05:26 AM, Thommes, Michael M. wrote: Check out http://support.microsoft.com/default.aspx?scid=kb;EN-US;q284003 Mike Thommes -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Fri 8/8/2003 9:04 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] System Shutting Down I keep getting this error message and the system goes down. Give me like 60 seconds to read it... 'The system process C:\WINNT\system32\lsass.exe has terminated unexpectingly with status code - 1073741819. The system will now shut down and restart.' Is there a quick way to fix this without reformatting? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT: Server Monitoring
Depends what servers you use. I use Insight Manager and Compaq throughout and then they mail an address that also mails an SMS server (our own)... but you can get loads of free ones (SMS Gateways). If you get software that can mail then you can it delivered to an SMS gateway... I'm sure other guys on here can recommend... If not then give me a shout and I will look with you. BR Rob Robert Rutherford +44 (0)1305 208232 +44 (0)7970 122362 Salandra, Justin A. [EMAIL PROTECTED]To: ActiveDir (E-mail) [EMAIL PROTECTED] cc: Sent by: Subject: [ActiveDir] OT: Server Monitoring [EMAIL PROTECTED] tivedir.org 05/08/2003 21:35 Please respond to ActiveDir Mmy company is currently looking for a product that will monitor if the e-mail server and other servers are up or down and then notify me by e-mailing my cell phone. Question 1) What software do you use? 2) How do you get notified by e-mail if your e-mail server is down? Any help is appreciated, I have already looked at Whats Up Gold and Servers Alive. Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] SP4 time on DC's
Hi Guys, I am getting ready to deploy SP4 in the domain and would like to get some ideas about the best way to do it on the DC's on a global level... a procedure. It has been some time since the last and my domain has also grown. Any guidance would be appreciated. Cheers, Rob ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Planning the migration from NT4 to AD
How long did you run in interim mode, before decommissioning the older NT domain(s) ? - I basically upgraded and then rebuilt all the BDCs in turn and then moved the FSMO roles and rebuilt the old PDC. Did you have to touch any client machines at any point of time, interim or post-interim ? - Nope - at first I had a test site all 2000 and the rest NT - all were fine. Did you make any design changes midway, and if yes, how did AD 2003 treat you then ? - I am still 2000 AD and did make a change around on my AD design after but had no real problems as I had not yet introduced any Group Policies... had a couple of easy to resolve delegation issues. BR Rob Sharma, Shshank [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Planning the migration from NT4 to AD tivedir.org 30/07/2003 18:39 Please respond to ActiveDir I did that and had no issues for 1000 users over 30 sites... had no issues. Thanks, its reassuring. How long did you run in interim mode, before decommissioning the older NT domain(s) ? Did you have to touch any client machines at any point of time, interim or post-interim ? Did you make any design changes midway, and if yes, how did AD 2003 treat you then ? I would recommend bringing in a new BDC and taking offline though in case something does go awry on the DC upgrade. Yes, I am planning to keep a rollback, for the ooops ! scenario. Shshank Sharma, Shshank [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Planning the migration from NT4 to AD tivedir.org 30/07/2003 17:37 Please respond to ActiveDir Am planning the migration from NT 4.0 domain to AD domain. We have a single NT domain presently. Wondering if the the following is a possible migration path, and solicit feedback on it 1. Phase A: Do an in-place upgrade for the NT domain controllers to AD Domain Controllers. No restructuring and no reorganization involved. Objective is to keep disruption as minimal as possible. 2. Phase B: Introduce restructuring, by moving users into respective Ous, delegations etc. Is there something obviously wrong that I am doing here ? Shshank Sharma QTC List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses.
Re: [ActiveDir] Simultaneous password change on multiple DCs
That will create alot of replication traffic as each DC will replicate that change to all the others. I would just recommend using the good old ADUC or a snap-in based solution and just educate them how to perform the change on the specific DC on that site... they will soon learn if they don't as the user will soon be calling if they can't logon due to the change being made on a diff DC. Just my thoughts.. Rob Fugleberg, David A [EMAIL PROTECTED]To: [EMAIL PROTECTED] m cc: Sent by: Subject: [ActiveDir] Simultaneous password change on multiple DCs [EMAIL PROTECTED] tivedir.org 30/07/2003 20:23 Please respond to ActiveDir We're looking at a product to manage passwords - it enforces common password policy and keeps passwords in sync across multiple platforms (mainframe, AD, NDS, Unix, etc.), as well as provides self-service password change/reset via a browser interface. One of its features on AD is that it's nominally site-aware - it can determine a browser's location based on IP address and change the AD password on a DC in that site. So far, so good. Now the tricky part - it can also be configured to ALWAYS change the password on one or more DCs that you specify on the config, in addition to the one it selects. The idea is to specify DCs near resources at headquarters that people access from branch offices. This is supposed to ensure that people can access the resources immediately rather than waiting for the new password to replicate. Net result is that the same password change is applied directly at multiple DCs in different sites at the same time. My question is, what is the impact on the DCs and replication traffic ? What are the caveats of such a scenario ? One other thing - the helpdesk can use the web interface to assist callers who choose not to use self-service. In that case, the helpdesk can see a list of all DCs and select the one(s) they wish to send the change to. This can be disabled, but is the default if you enable 'site-awareness'. This bothers me a bit, since there's nothing to prevent a helpdesk person from selecting 'em all. Your thoughts ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
RE: [ActiveDir] default computer account directory location
Is there any way to change using a domain setting the default container into which computer account objects are created for a windows 2000 domain. ?? It depends what your reasons are? i.e. A specific site needs computer objects added... delegate control to a local support/admin/bod to create computer objects, etc. within the specific OU... they can then create that computer object in that OU and add the computer with that name to the domain via the normal method. all depends on exactly what u r trying to achieve... please elaborate. Robert Rutherford [EMAIL PROTECTED] Sent by: To: [EMAIL PROTECTED] [EMAIL PROTECTED]cc: tivedir.orgSubject: RE: [ActiveDir] default computer account directory location 30/07/2003 19:01 Please respond to ActiveDir If you don't want to use RIS, the only other way I know is to use a Script to precreate the Computer objects FIRST before actually joining them to the Domain. In the Script you can specify exactly where the object will be created. You then set ACL on the created object to specify who can do the actual joining. HTH Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Todd Povilaitis Sent: Wed 7/30/2003 8:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] default computer account directory location Alternatively, if you are using Remote Installation Service to create your OS(es), you can specify the target location for newly created machines in your RIS configuration. __ Todd Povilaitis LAN Administrator Huntington Hospital [EMAIL PROTECTED] Phone: (626) 397-3392 Fax: (626) 397-2901 -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 07:10 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] default computer account directory location I don't believe there is an easy way to do this in Windows 2000 AD. The following article explains how to do this in Windows Server 2003 AD. http://support.microsoft.com/default.aspx?scid=kb;[LN];324949 At the end of the article it shows where the wellKnownObjects attribute of the domainDNS object for the domain can be modified. You might be able to do this modification manually in Windows 2000 AD using LDP or ADSIEdit. You would need to replace the value for the default computers location, i.e. B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=domain,DC=com; with, for example B:32:AA312825768811D1ADED00C04FD8D5CD:OU=Workstations,DC=domain,DC=com; I haven't tried this and it's probably unsupported! So don't take my word for it. Give it a go in your test lab if you want and let us know how you get on. Tony -- Original Message -- From: Graham Turner [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 30 Jul 2003 14:30:35 +0100 is there any way to change using a domain setting the default container into which computer account objects are created for a windows 2000 domain. ?? GT List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List
RE: [ActiveDir] Simultaneous password change on multiple DCs
Joe, My my last reply will obviously be down to the fact that I'm not yet running SP4 on my DCs. have you got any pointers on upgrading around 40 DCs without causing issues due to SP diff's? Am I safe to do one at a time? Best Regards, Rob Joe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Simultaneous password change on multiple DCs tivedir.org 30/07/2003 22:20 Please respond to ActiveDir By any chance is this product called PSYNC from MTEC? I have worked with them for a couple of years on various things, if so you can email me separately and we can chat... [EMAIL PROTECTED] If it isn't, consider it as they are doing a decent job now and I am sure there are some people who watch this listserv that may be shocked to see I wrote that I absolutely wouldn't recommend changing passwords in multiple sites at once, the previously valid reason for it is no longer valid UNLESS for some reason the remote site can't get to the PDC to do PDC Chaining (and the accompanying special replication that will take place in SP4 and Q812499) which would then make me ask, how would you get to the site to change the password in the first place with a centralized system. So anyway, make sure your DC's have SP4 or at least Q812499 and then change the passwords all centrally on whatever DC gets selected and you should be fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A Sent: Wednesday, July 30, 2003 3:23 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Simultaneous password change on multiple DCs We're looking at a product to manage passwords - it enforces common password policy and keeps passwords in sync across multiple platforms (mainframe, AD, NDS, Unix, etc.), as well as provides self-service password change/reset via a browser interface. One of its features on AD is that it's nominally site-aware - it can determine a browser's location based on IP address and change the AD password on a DC in that site. So far, so good. Now the tricky part - it can also be configured to ALWAYS change the password on one or more DCs that you specify on the config, in addition to the one it selects. The idea is to specify DCs near resources at headquarters that people access from branch offices. This is supposed to ensure that people can access the resources immediately rather than waiting for the new password to replicate. Net result is that the same password change is applied directly at multiple DCs in different sites at the same time. My question is, what is the impact on the DCs and replication traffic ? What are the caveats of such a scenario ? One other thing - the helpdesk can use the web interface to assist callers who choose not to use self-service. In that case, the helpdesk can see a list of all DCs and select the one(s) they wish to send the change to. This can be disabled, but is the default if you enable 'site-awareness'. This bothers me a bit, since there's nothing to prevent a helpdesk person from selecting 'em all. Your thoughts ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ
Re: [ActiveDir] GPO Question
Hi, 1) Are you saying that you dont have any protection at all from the internet, except your policies? If so then that is a dangerous situation to be in have u had a decent port scan / vulnerability test done? 2) I know that it's good practice not to go deeper than 3 OUs down on most environment and recommended on a wide scale mostly down to policy processing time though if I remember... I guess it depends on the amount of policies you are running... then again if you haven't got a firewall as u say... u must be running a good few. How are you accessing the Internet? Best Regards, Rob Charles Carerros [EMAIL PROTECTED]To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] GPO Question tivedir.org 30/07/2003 22:48 Please respond to ActiveDir Hey all, For the past few years I have been doing my GPOs primarily based up on the user settings. (We don't have a firewall on my campus so by disabling a lot of stuff using the security portion of the user GPO I can help reduce the security risk.) However, I have just been asked to only use computer based GPOs (a migration scheme will leave me no access to user accounts). 1) I was wondering if anyone has any suggestion (pro or con) to doing only computer based policies? 2) Are there any really good documents that might help clarify the process by which loopback (and troubleshooting loopback) is utilized? I will probably need to implement this in order to have a good policy. 3) Does anyone here only do computer based policies? What is your experience with them? I am going to re-read the Microsoft Group Policy white paper tonight, but if anyone knows of any additional documentation that is related to this and might discuss the issues (negative or positive) about this type of organization scheme, it would be tremendously helpful. Just for a little more background, if I end up implementing the scheme that was suggested to me today it would consist of a five level OU structure with 1 OU at 1 tier, 1 OU at 2 tier, 35 OUs at 3 tier, 4 OUs at 4 tier and 2 OUs at 5 tier (not all of the 4th tier OUs will have a fifth, only about 40% of them.) Does anyone have any feedback of having a five level nested OU structure. I would like to maintain my current 3 tier OU structure, but I need some technical ammo to defend my structure with. Thanks, Chuck List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info :
[ActiveDir] Robert Rutherford/UK/DEK is out of the office.
I will be out of the office starting 22/07/2003 and will not return until 28/07/2003. I am away until Monday July 28th. I am available on my mobile and may check my mail now and again. ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. ** This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.dek.com ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Mixed to Native
Hi All, I've finally migrated my last remote office into my 2000 domain. All of my NT BDCs are gone and I'm 100% 2000 on the DCs I still have a couple offices on NT workstations. It's been some time since I've focussed on 2000 and can't remember if there are any gotchas with the move from mixed to native? I've read back through all my documentation/notes, but that no substitute to real worl experience... Can anyone offer some guidance? Thanks and BR, Rob Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Mixed to Native
lol. Cheers Roger Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Roger Seielstad [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] .com cc: Sent by: Subject: RE: [ActiveDir] Mixed to Native [EMAIL PROTECTED] tivedir.org 27/03/2003 12:06 Please respond to ActiveDir The worst part of the mixed to native mode conversion is picking which refreshing beverage you're going to enjoy when its done. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:49 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Mixed to Native Hi All, I've finally migrated my last remote office into my 2000 domain. All of my NT BDCs are gone and I'm 100% 2000 on the DCs I still have a couple offices on NT workstations. It's been some time since I've focussed on 2000 and can't remember if there are any gotchas with the move from mixed to native? I've read back through all my documentation/notes, but that no substitute to real worl experience... Can anyone offer some guidance? Thanks and BR, Rob Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
[ActiveDir] GPO effect on Admin
Hi All, It's been some time since I studied/looked at group policy. I want to know how to stop computer config polices applying when a selected admin logs onto any computer, even if the computers have policies applied on their OU. Any guidance would be appreciated... Also, thanks for the help on my other issues. BR, Rob Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS replication
it's mixed in with your normal AD replication This can be set under AD sites and services - Internet-Site transports I think (double check). BR Robert Rutherford Storf Alexander [EMAIL PROTECTED]To: [EMAIL PROTECTED] m cc: Sent by: Subject: [ActiveDir] DNS replication [EMAIL PROTECTED] tivedir.org 26/03/2003 14:01 Please respond to ActiveDir Hi, We have a application which has very special needs on our DNS configuration: Entries in any DNS Server (all zones are AD integrated) should be replicated as fast as possible (DHCP leased addresses for our clients). Now they are replicated every 15 minutes, which is far too slow. 1 minute is acceptable for our application. Where can this replication interval be modified? Thanks in advance, Alex List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: AW: [ActiveDir] DNS replication
You can do it though sites and services. best to use Replication Monitor from the support tools. These can be found on the 2000 server disk, under the support directory if I remember. BR Robert Rutherford Storf Alexander [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] m cc: Sent by: Subject: AW: [ActiveDir] DNS replication [EMAIL PROTECTED] tivedir.org 26/03/2003 14:41 Please respond to ActiveDir Hi there, That's my problem: 15 minutes is too slow. Is there any chance to make a kind of urgent replication like it was on a NT4 domain when you disable a user? Cu, Alex -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 26. März 2003 15:10 An: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Betreff: Re: [ActiveDir] DNS replication it's mixed in with your normal AD replication This can be set under AD sites and services - Internet-Site transports I think (double check). BR Robert Rutherford Storf Alexander [EMAIL PROTECTED]To: [EMAIL PROTECTED] m cc: Sent by: Subject: [ActiveDir] DNS replication [EMAIL PROTECTED] tivedir.org 26/03/2003 14:01 Please respond to ActiveDir Hi, We have a application which has very special needs on our DNS configuration: Entries in any DNS Server (all zones are AD integrated) should be replicated as fast as possible (DHCP leased addresses for our clients). Now they are replicated every 15 minutes, which is far too slow. 1 minute is acceptable for our application. Where can this replication interval be modified? Thanks in advance, Alex List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are
[ActiveDir] Restart/Start Services Right
Good Morning/Afternoon/Evening All, I have many DCs in many locations. I basically want to allow specific office based administrators to restart/start services on specific domain controllers. How would I go about this? Is it possible? Thanks and Best Regards, Rob Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Different password policy
The only way is to split the domain due to 'infamous domainwide security policy problem'... a drastic step. I guess you need to look at why you need a separate policy, and what would the implications be of enforcing the 'stronger password policy' domain wide. BR Robert Rutherford Ole Thomsen [EMAIL PROTECTED] Sent by: To: [EMAIL PROTECTED] [EMAIL PROTECTED]cc: tivedir.orgSubject: [ActiveDir] Different password policy 24/03/2003 14:43 Please respond to ActiveDir I need to implement a stronger password policy for a large group of users in my AD, and run into the infamous domainwide security policy problem. What is the best way to do this, and still being able to let these users have access to the file/print, Ex2K mailboxes and other resources they use today? Regards, Ole Thomsen List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Rights of builtin groups
Hi All, Does anyone know where I can grab a list of the rights for the builtin groups? Thanks in advance, Rob This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] AD design/international origination?
I found this to be very useful.. Building an Enterprise Active Directory(tm) Notes from the Field by Authors: Microsoft Consulting Services,Microsoft Consulting Services Released: 01 March, 2000 ISBN: 0735608601 Paperback BR, Rob Robert Rutherford Ryan Finnesey [EMAIL PROTECTED]To: [EMAIL PROTECTED] omcc: Sent by: Subject: [ActiveDir] AD design/international origination? [EMAIL PROTECTED] tivedir.org 14/03/2003 08:04 Please respond to ActiveDir Why can I find examples of an AD design for an international origination? I am working an a new AD design for when we deploy Windows 2003 Ryan Finnesey Diversified Solutions Group 72 Spring Street New York New York 10011 212-274-1465 Phone 212-274-1452 Fax 917-667-4812 Mobile This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DC will not demote....
Hi All, I have a DC that has some serious problems, anyway I want to dcpromo the machine down to a member server. I type dcpromo and it just hangs for hours on the 'preparing directory service for demotion' window What's the cleanest, well actually safest method of removing this DC? I take it that NTDSUTIL will be appropriate? I do however have memories in the lab of deleting the object from the DC OU, removing replication links etc, and all being ok I'm not certain. Suggestions? Thanks in advance, Rob This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DC will not demote....
Thanks Tony/Jim, Will I need to remove the servers DC records from DNS? Robert Rutherford [EMAIL PROTECTED] d.com To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: Re: [ActiveDir] DC will not demote tivedir.org 13/03/2003 15:57 Please respond to ActiveDir Tony's cited technote will work quite well, just make sure to adjust all FSMO roles and replication schemes before you go through that process since it wont do it for you. This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Default Domain Controller Container
It is generally not good practice. Can I ask your reasoning for creating a 'subset' of DCs? BR Robert Rutherford Ninet Segar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [ActiveDir] Default Domain Controller Container tivedir.org 05/03/2003 21:57 Please respond to ActiveDir Are there any reasons I should move Domain controllers from the Default container into a separate OU? I would like to delegate certain groups to be backup operators and server operators for just a subset of Domain controllers. Does anyone have any advice or technotes regarding this? This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] (OT) ISA and Sametime
Hi All, Sorry to bother you with an off topic question Has anyone set up ISA to proxy Lotus Sametime sessions? There are no real relevant resources for this anywhere. I have a fairly good base knowledge of ISA so it doesn't seem to be a simple process. Please note that I am only using the caching element of the product, and Sametime will work when not pushed through the proxy. Any help would be appreciated. Thanks and BR, Rob Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK International., or its affiliates. This footnote signifies that this message has been checked for viruses by MailswpUK1 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Clients being logged on by DCs at other sites
Actually I lied the _site folders do reappear with the correct servers in. It just takes time for them to appear. BR Robert Rutherford [EMAIL PROTECTED] Sent by: To: [EMAIL PROTECTED] [EMAIL PROTECTED]cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED], tivedir.org [EMAIL PROTECTED] Fax to: Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites 29/10/2002 21:34 Please respond to ActiveDir Thanks to all for there posts. I have spotted a few things that may be of interest to some of you :- I originally built and dcpromo'd all my DC's at my main site - they registered under DNS as DCs for this site. I then moved them to their relative sites and the DNS entries still remain. I will delete the irrelevant entries under their specific site. I tested in my test bed that if you delete a site under DNS, if the site will returned after a reboot with the relevant entries in. the answer is neither reappear I created a site in my test bed and a DC was automatically registered in DNS I also created a couple sites 4 weeks ago, which I have since put new 2000 DCs into . I checked under DNS and there were already 'random' entries for other DCs within. The new DC/s also had entries. The bottom line is (for those that don't know) that 2K does not automatically housekeep any of these DNS records. get checking. Best Regards Robert Rutherford Dave Kinnamon [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] omcc: Sent by: Fax to: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites tivedir.org 29/10/2002 18:24 Please respond to ActiveDir All, These two KB articles talk most of what has been discussed .. and more. Hopefully they will clear the air a bit ... How Domain Controllers Are Located in Windows http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247811 Windows 2000 members Still Authenticate with BDCs after PDC Upgrade http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309273 Dave -Original Message- From: Gil Kirkpatrick [mailto:gilk;netpro.com] Sent: Tuesday, October 29, 2002 11:34 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites You can delete them, but because the DCs publish them, they might very well reappear. You should figure why they got there and verify that the source of the problem has been addressed. Nothing more frustrating than deleting a bunch of objects just to have them reappear an hour later ;) Possible reasons: 1. At some point in time the DC had a different IP address 2. At some point the DCs subnet was assigned to a different site 3. The site that has the bogus records was being covered by that DC because at some point the site was DC-less 4. etc... -gil -Original Message- From: [EMAIL PROTECTED] [mailto:rrutherford;dek.com] Sent: Tuesday, October 29, 2002 8:33 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites Thanks... I can see the entries in the sites that shouldn't be there... both a _ldap and _kerberos record. Is it safe to delete these records if they also exist in other sites? Thanks again Robert Rutherford Tim HInes [EMAIL PROTECTED]
Re: [ActiveDir] Site and Site Link Question
They will all cross replicate, i.e. the spokes replicating from other spokes.. dragging your lines down I learned from experience Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Salandra, Justin A. [EMAIL PROTECTED]To: ActiveDir (E-mail) [EMAIL PROTECTED] cc: Sent by: Fax to: [EMAIL PROTECTED]Subject: [ActiveDir] Site and Site Link Question tivedir.org 30/10/2002 14:39 Please respond to ActiveDir Hello, If I have multiple sites and a physical hub spoke configuration, can I create many sites and have them all use the same site link? What kind of problems would this cause Currently I have 4 sites and 3 site links all linking back to a common site Site 1 Site 2 Site 3 Site 4 Site Link A connects site 1 and 2 Site Link B connects site 1 and 3 Site Link C connects site 1 and 4 Can I have the following Site Link A connects Site 1, 2, 3 and 4 Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Compaq Servers
Load Insight Manager Robert Rutherford Salandra, Justin A. [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc: Sent by: Fax to: [EMAIL PROTECTED]Subject: RE: [ActiveDir] OT: Compaq Servers tivedir.org 30/10/2002 16:03 Please respond to ActiveDir That is not loaded -Original Message- From: [EMAIL PROTECTED] [mailto:Shawn.Hayes;compass.net] Sent:Wednesday, October 30, 2002 10:58 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Compaq Servers Insight Manager if the Insight Agents are loaded on the server -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Wednesday, October 30, 2002 10:53 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: Compaq Servers Does anyone know how to retrieve a Serial Number from a Compaq server remotely Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] mailto:jasalandra;chcsnet.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Clients being logged on by DCs at other sites
Hi All, All my DC's are W2K, and since moving a considerable amount of NT4 clients to 2000, I have noticed that 'some' clients are periodically being logged on by DCs at other sites. All my site config is correct, and my DC's have relatively very little load. Some of my remote sites have very small pipes, and I do not want clients being authenticated outside of their site/subnet. Has anyone seen this or know where else I can look? Thanks Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Clients being logged on by DCs at other sites
Thanks... I can see the entries in the sites that shouldn't be there... both a _ldap and _kerberos record. Is it safe to delete these records if they also exist in other sites? Thanks again Robert Rutherford Tim HInes [EMAIL PROTECTED]To: [EMAIL PROTECTED] m cc: Sent by: Fax to: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites tivedir.org 29/10/2002 15:05 Please respond to ActiveDir If your sites are configured correctly then I would assume that there may be a dns problem. DCs register ldap records in the site that they are a member of. Look in your zone for _msdcs/ dc/ _sites/ site name . Each site name folder should only have ldap records for the DCs that are within its site. If the records are not where they should be then the client may be receiving a referral to a DC that is not within its site. Tim Hines, MCSA, MCSE (2000 NT4) MVP - Active Directory - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 29, 2002 9:54 AM Subject: [ActiveDir] Clients being logged on by DCs at other sites Hi All, All my DC's are W2K, and since moving a considerable amount of NT4 clients to 2000, I have noticed that 'some' clients are periodically being logged on by DCs at other sites. All my site config is correct, and my DC's have relatively very little load. Some of my remote sites have very small pipes, and I do not want clients being authenticated outside of their site/subnet. Has anyone seen this or know where else I can look? Thanks Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Clients being logged on by DCs at other sites
Thanks but it's my W2K clients that are causing the problem. Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Ayers, Diane [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Fax to: tivedir.orgSubject: RE: [ActiveDir] Clients being logged on by DCs at other sites 29/10/2002 16:18 Please respond to ActiveDir Are your NT 4.0 clients running the DSclient add-in? Based on your email I'm going to assume no. An NT 4.0 client without the add-in will see the AD domain as an NT 4.0 domain and the DC that responds to the client the first is the one the authenticates. In the NT 4.0 world, it's still the NetBIOS stuff and several factors come into play such as client config, node types, how your are doing name resolution, WINS, etc. Diane -Original Message- From: [EMAIL PROTECTED] [mailto:rrutherford;dek.com] Sent: Tuesday, October 29, 2002 6:54 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Clients being logged on by DCs at other sites Hi All, All my DC's are W2K, and since moving a considerable amount of NT4 clients to 2000, I have noticed that 'some' clients are periodically being logged on by DCs at other sites. All my site config is correct, and my DC's have relatively very little load. Some of my remote sites have very small pipes, and I do not want clients being authenticated outside of their site/subnet. Has anyone seen this or know where else I can look? Thanks Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Clients being logged on by DCs at other sites
Thanks to all for there posts. I have spotted a few things that may be of interest to some of you :- I originally built and dcpromo'd all my DC's at my main site - they registered under DNS as DCs for this site. I then moved them to their relative sites and the DNS entries still remain. I will delete the irrelevant entries under their specific site. I tested in my test bed that if you delete a site under DNS, if the site will returned after a reboot with the relevant entries in. the answer is neither reappear I created a site in my test bed and a DC was automatically registered in DNS I also created a couple sites 4 weeks ago, which I have since put new 2000 DCs into . I checked under DNS and there were already 'random' entries for other DCs within. The new DC/s also had entries. The bottom line is (for those that don't know) that 2K does not automatically housekeep any of these DNS records. get checking. Best Regards Robert Rutherford Dave Kinnamon [EMAIL PROTECTED]To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] omcc: Sent by: Fax to: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites tivedir.org 29/10/2002 18:24 Please respond to ActiveDir All, These two KB articles talk most of what has been discussed .. and more. Hopefully they will clear the air a bit ... How Domain Controllers Are Located in Windows http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247811 Windows 2000 members Still Authenticate with BDCs after PDC Upgrade http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309273 Dave -Original Message- From: Gil Kirkpatrick [mailto:gilk;netpro.com] Sent: Tuesday, October 29, 2002 11:34 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites You can delete them, but because the DCs publish them, they might very well reappear. You should figure why they got there and verify that the source of the problem has been addressed. Nothing more frustrating than deleting a bunch of objects just to have them reappear an hour later ;) Possible reasons: 1. At some point in time the DC had a different IP address 2. At some point the DCs subnet was assigned to a different site 3. The site that has the bogus records was being covered by that DC because at some point the site was DC-less 4. etc... -gil -Original Message- From: [EMAIL PROTECTED] [mailto:rrutherford;dek.com] Sent: Tuesday, October 29, 2002 8:33 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites Thanks... I can see the entries in the sites that shouldn't be there... both a _ldap and _kerberos record. Is it safe to delete these records if they also exist in other sites? Thanks again Robert Rutherford Tim HInes [EMAIL PROTECTED]To: [EMAIL PROTECTED] m cc: Sent by: Fax to: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites tivedir.org 29/10/2002 15:05
[ActiveDir] 98 user account lockouts
Hi All, We have just performed an acquisition of a company with many 98 clients, the software they used will only run on 98. The problem I am getting is that their domain accounts seem to be locking out every couple of hours. This problem did not occur with NT DCs. This is happening on 'all' the machines - any ideas why? Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] KCC
Hi All, My KCC keeps adding links between extremely slow sites. I may be wrong (probably I am) but should the KCC not detect slow links and automatically create the best replication structure? My KCC is generally making the slowest site DCs bridgehead servers for sites that are only linked via a hub/spoke network topology. Note: I have gone into the properties of my subnets and unticked the bridge all sites option. If I create site links for all of my sites... do I do it as follows? i.e. say I have 4 sites :- UK, DE, MX, SG. Do I create a matrix structure as my sites are linked hub/spoke through the UK (at present)? UK-MX value 10 UK-DE value 10 UK-SG value 10 DE-MX value 100 DE-UK value 10 DE-SG value 100 etc? TIA, Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] KCC fun and games
Hi All, I am having some problems with my replcation topology. We have at the moment, 20 sites linked to our central site via a hub/spoke topology with Frame Relay... I know this isn't a fantastic toplogy but we will be changing it. anyway KCC creates links between what seems to be random sites, makes DCs on slow busy links Bridgehead servers. If I had manual links and delete out the other generated links then the KCC just puts more in. Should I create site link objects for every single site, and any link them to every other site and cost them? i.e UK - Paris UK- Germany UK - USA Paris - UK Paris - Germany Paris - USA Germany - etc Thanks, Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Default application installs
Hello, When building a default build for my corporate workstations should I install the default applications, i.e. Office, Notes, Acrobat, etc on the ghost image, or should I deploy these via .msi and GPO after the ghost image has been deployed? I am looking along the perspective that if Office/any default applications became corrupt - they wouldn't be healed if they were on the default ghost image ? Thanks in advance all, Rob This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Slow network printer additions/browsing
Hi All, I'm having a problems at my remote offices with browsing for a printer :- Basically when a user goes to add a network printer, and then waits for the printer browser list to come up. it can take upto 5 minutes for the printer list to appear. This is happening on both NT and 2000 machines. Any ideas? tia Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Slow network printer additions/browsing
They are both local and the clients are definitely querying the corrrect servers. It only happens for the first printer addition, if you add another there is no delay. I suspect the machine is dragging the list from my main site but don't know why. Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Precht, David N. discussions@entrysecurTo: [EMAIL PROTECTED] ity.com cc: Sent by: Subject: RE: [ActiveDir] Slow network printer additions/browsing [EMAIL PROTECTED] tivedir.org 27/06/2002 15:47 Please respond to ActiveDir Wheres the WINS and DNS servers ? Remote or local ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 27, 2002 03:00 To: [EMAIL PROTECTED] Subject: [ActiveDir] Slow network printer additions/browsing Hi All, I'm having a problems at my remote offices with browsing for a printer :- Basically when a user goes to add a network printer, and then waits for the printer browser list to come up. it can take upto 5 minutes for the printer list to appear. This is happening on both NT and 2000 machines. Any ideas? tia Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. This footnote signifies that this message has been checked for viruses using Norton and McAfee. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DC Site Move
Thats correct... Thanks for the input guys Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 Rick Kingslan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DC Site Move ivedir.org 10/05/2002 13:51 Please respond to ActiveDir Hi Robert! You've got all of the particulard worked out it appears. Obviously, the subnet object must exist and be associated witht eh site that you are moving the DC to. As to automatically sorting itself out, that's pretty much a fair assessment. Once that IP reset and the server object is moved from source to destination site container, the server is completely unaware of the previous doings. I'm sure that this site is in the same domain, yes? ;-) Good luck! Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 10, 2002 2:14 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] DC Site Move Hi Everyone, OK I am building a DC that needs to be shipped to a remote office. What are the issues involved with this? I think I am right in saying that I can fully build the DC and DCPROMO, and when the machine is dropped into the new location (in around 4 weeks), and I change the IP, it should automatically sort itself out - as long as I move the server object to the relevant site/subnet? Cheers, Robert Rutherford MIS Department - DEK +44 (0)1305 208232 +44 (0)7970 122362 ** ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. ** ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Removing AD / Lsass.exe error
Arg! Why does my pain never end! I want to remove AD from a DC. Every time I run DCpromo an error msg box pops up and displays :- The system process lsass.exe terminated unexpectedly with status code -1073741819. The system will now shut down and restart. The problem only occurs when I go to dcpromo the machine so no Technet articles seem to be relevant. I have had this problem before and ran a patch suggested in a Technet article which I had to obtain directly from MSoft. Of course when I ran the patch the machine blue screened on reboot and was never to be seen again. I don't want to be in this situation again so was just seeing if anyone else had seen this before? and resolved it? A question relating: If I just accept the machine will not demote, and I just rebuild it, and then run DCPROMO will the machine just pick up more/less where it left off? Many Thanks, Rob Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] NtFrs problems
What do you get from a dcdiag? Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 Sebastian Larsson sebastian.larsson@staff To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] .spray.se cc: Sent by: Subject: [ActiveDir] NtFrs problems [EMAIL PROTECTED] ivedir.org 13/03/2002 15:02 Please respond to ActiveDir Does anyone know why I get this error once every day: --- Event Type: Warning Event Source:NtFrs Event Category: None Event ID: 13508 Date: 2002-03-13 Time: 12:23:15 User: N/A Computer: ALF-NG Description: The File Replication Service is having trouble enabling replication from DENNIS to ALF-NG for c:\winnt\sysvol\domain using the DNS name dennis.i.spray.se. FRS will keep retrying. Following are some of the reasons you would see this warning. [1] FRS can not correctly resolve the DNS name dennis.i.spray.se from this computer. [2] FRS is not running on dennis.i.spray.se. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established. --- I have checked the things suggested in the error and i have also made sure that RPC is working, and yes... sysvol is shared! The replication seems to work, cause when I create an user account on one of the DC I get it on the other also. Manual replication with AD Sites and Services also workes perfect. regards /Seb ___s_p_r_a_y_ Sebastian Larsson | [EMAIL PROTECTED] Mob: (+46) 070 994 58 64 | Tel: (+46) 08 527 90 026 Här börjar internet | http://www.spray.se/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Directory Replicator service
All necessary stops and restarts of services will be performed by the AD wizard... If you still have NT BD's u need to set up replication of your logon scripts.. as I remember? Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Ex Domain Controller Cleanup
Hi All, I was having some problems with a DC that I needed to rebuild as a member server. I successfully transferred all the necessary roles and the domain and directory are sound. The machine would not demote via dcpromo due to some lsass errors... I received a patch directly from Microsoft and the thing blue screened! I basically didn't need the machine as a domain controller and am happy at that, the machine has now been rebuilt as a member server under a different name. Of course the old domain controller is still lingering in the AD and other DCs are trying to replicate with it, etc. How do I remove all traces of this thing? I know it's possible with ntdsutil but am unsure about how to tackle it, if not a little apprehensive of using it. Thanks and best regards, Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS question
Change the DNS properties under your adapter TCP/IP settings Put both your internal and external DNS servers in, and then resolutions will be attempted in turn. BR Robert Rutherford Mike Tonazzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] t cc: Sent by: Subject: [ActiveDir] DNS question [EMAIL PROTECTED] ivedir.org 25/02/2002 13:19 Please respond to ActiveDir Hello It's like in real life: You've heard it 1000 times, but when you need to implement it, you forgot how I have a well running AD network with 25 workstations. I installed a direct connection to the Internet through a firewall, this works fine for TCP/IP. But I cannot resolve the DNS requests for the Internet domains and my local domain at the same time. Either the DNS for internet requests works (we have a external DNS), but then the workstations won't see the domain controller (what I understand as everywhere is written to have DNS properly conifguerd...). Or the workstations are able to see the DC, but then they cannot resolve Internet-DNS requests (because the DC does not allow to refer to an external DNS server - it's outlined). What have I missed? Thank you in advandce! Regards, Mike List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Lost Groups!
Sorry Guys... Its been a very long day, week, and year! I basically demoted the server last week and it's on a SAN...The node failed back onto the machine that is not a domain controller and of course it did not have any Domain Local Groups... doh! well the trutsed domains will be happy and I go home to bed! Thanks Robert Rutherford SALANDRA, JUSTIN [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Lost Groups! ivedir.org 25/02/2002 20:17 Please respond to ActiveDir Did you check to see if they were domain local groups or universal groups? Is your domain in native or mixed mode? Were the groups accidentally created as distribution groups instead of security groups? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] \ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 3:15 PM To:[EMAIL PROTECTED] Subject:[ActiveDir] Lost Groups! Ahhh... Why does my pain never end! OK... I have a couple of boxes which I need to add some file permissions onto. I go add the relevant groups and they are not available in the list, although other global groups/accounts are. If I go into AD Users and Computers I can see the relevant groups strange!?!?! Anyone got any ideas? Thanks in advance and forever in your debt! Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Problems removing Active Directory
Rick, Yes I have manually removed the roles using the relative snap-ins. I have also looked through the logs and have found nothing that gives any clues on the error... bizarre! I guess when it flashes transferring roles that this is just a standard screen... all the roles have been moved some time ago and these were all wholly successful, well no errors appeared, and all the roles appear as they should under ntdsutil and the snap-ins. Also DCDIAG shows everything as ok. ?? Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 Rick Kingslan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Problems removing Active Directory ivedir.org 20/02/2002 18:59 Please respond to ActiveDir Robert, I'm confused. You say that you've transferred the roles, but then you state every time I run 'dcpromo' I get the following error the second it begins the transfer of roles. The role transfer was done through the applets (AD UC, AD SS, and Schema) or ntdsutil, right? Or, am I stupidly missing something? Also, do you get an opprtunity to look at the event logs to get a picture of what events are associated with the failure? Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 20, 2002 11:33 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Problems removing Active Directory Arggg! Why me! Ok I'm trying to remove active directory from a Domain Controller and every time I run 'dcpromo' I get the following error the second it begins the transfer of roles :- Lsass.exe has generated errors and will be closed by Windows The machine then pops up a system shutdown message and reboots after 60 seconds. This was the first DC in the domain.. I have transferred all the roles, etc. Is there something that I have missed? I've gone through technet and the newsgroups and found nothing! Thanks for your help in advance! Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 ** ** This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. ** ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Active Directory DNS
Thanks for all you input guys... It is much appreciated. Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 David Lloyd [EMAIL PROTECTED] To: [EMAIL PROTECTED] ukcc: Sent by: Subject: RE: [ActiveDir] Active Directory DNS [EMAIL PROTECTED] ivedir.org 19/02/2002 09:54 Please respond to ActiveDir If there are no geographic (network) reasons for the separate DNS systems I would be pointing the Placeholder servers to the Child domain DNS services. Otherwise you would either have to support a secondary zone or DNS Forwarding between the domain to resolve between the two. The only consideration for this model is if you decommission the child domain ensure first that DNS services are still available through the demoted or alternate servers. When we did exactly this with a DNS model we built a stand-alone server with DNS and then built the domain structures in so doing promoting the Stand-alone as a DC into the child domain (complimented with other DC's providing localised site DBS services). Cheers David -Original Message- From: Lancaster, Lin [mailto:[EMAIL PROTECTED]] Sent: Monday, 18 February 2002 6:35 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Active Directory DNS In line with this if you created an empty placeholder domain would you point the DCs for the root empty domain to the DNS servers in the the other AD domain or would you have the placeholder domain run it's own DNS servers? I've been playing with this and can't see why I couldn't use the DNS servers on the other domain to hold the empty placeholder domain's AD integrated DNS zone. -Original Message- From: David Lloyd [mailto:[EMAIL PROTECTED]] Sent: Monday, February 18, 2002 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Active Directory DNS Good practice has an empty placeholder domain at the top but this also requires extra expense so is not deemed acceptable for some companies for the benefit of future name flexibility and additional Schema security. The only other factors for an organisation that is not politically divided is the consideration for -Network Impacts on replication which can be reduced through domain division -Separate security policy requirements -Extended support delegation Apart from that a single domain is appropriate (although MCS does not seem to think that any other model exists). Have worked with a few clients who are scaling upwards to over 20,000 users with single domain models. Cheers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, 18 February 2002 4:56 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Active Directory DNS Hello, I have around 600 users :- 1 site has 300 users, and the other sites have the remaining computers fairly evenly distributed. I currently have all domain controllers running a single AD integrated DNS structure. Is this ideal or should I perhaps delegate some authority? BR Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author
[ActiveDir] Restructure
Evening/Afternoon/Morning Everyone! Oh the wonders of hindsight! Ok... I had a domain with about 8 different NT domains. We had a few of these domains brought into our main NT domain before I upgraded to 2000, I performed an in-place upgrade of this primary domain thus dumping everything into the root domain. I now regret not creating a pristine root What is the easiest way to gain a pristine root? ... I'm still running in mixed mode as I have a few NT DC's running in remote sites Thanks in advance Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7970 122362 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Removing a Domain Controller
Hi All, I need to rebuild my primary domain controller, basically the first controller I upgraded from NT4 on. What do I need to do, to ensure that nothing is lost from the domain? I know I need to Transfer the FSMO roles... Since the machine is the SOA for my DNS, Is changing the SOA as simple as right clicking the SOA record and changing the properties to a different server hosting AD integrated DNS? Any other thoughts and comments would be greatly appreciated. BR Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Removing a Domain Controller
As I stated before the DNS is AD integrated so hopefully that should not cause any problems. Q223346 states where you should place the FSMO roles so this should also be ok. Can anyone think of anything else? I need to check? I think thats about it. Thanks for your suggestions Robert Rutherford Benjamin Winzenz [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] omcc: Sent by: Subject: RE: [ActiveDir] Removing a Domain Controller [EMAIL PROTECTED] ivedir.org 18/01/2002 13:48 Please respond to ActiveDir There are some questions that you would need to answer. Is your DNS AD-Integrated, as Noah suggests? If so, I believe each DNS server has its own SOA record, so you don't have to worry about that. Otherwise, you will need to make sure that you have another Primary DNS server. Also, you will need to modify DHCP scopes to reflect the DNS change. As Noah also says, definitely having another GC is a must. You seem to be on the ball with the FSMO changes. Do you know all of them that need to be changed Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems -Original Message- From: Ravenscroft Noah [mailto:[EMAIL PROTECTED]] Sent: Friday, January 18, 2002 8:24 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Removing a Domain Controller Robert, AS you noted you will need to transfer the FSMO roles to another DC (this transfer should happen automatically when you use dcpromo, but it is always safer to do it manually). Your DNS seems fine, as long as the server hosts the same AD integrated zones. You'll also want to make sure you have at least one of the other DC's as a Global Catalog server, and as always make a fresh backup before you start. Hope that helps, Noah Ravenscroft -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 18, 2002 8:11 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Removing a Domain Controller Hi All, I need to rebuild my primary domain controller, basically the first controller I upgraded from NT4 on. What do I need to do, to ensure that nothing is lost from the domain? I know I need to Transfer the FSMO roles... Since the machine is the SOA for my DNS, Is changing the SOA as simple as right clicking the SOA record and changing the properties to a different server hosting AD integrated DNS? Any other thoughts and comments would be greatly appreciated. BR Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ:
Re: [ActiveDir] dcdiag question
I find that simply restarting the File Replication service will remove this message. BR Robert Rutherford Neil Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] m cc: Sent by: Subject: Re: [ActiveDir] dcdiag question [EMAIL PROTECTED] ivedir.org 16/01/2002 09:04 Please respond to ActiveDir jcl, First double check to make sure the sysvol and netlogon shares exist. Try doing a NET SHARE from a command box. If they are present then I'd say you have nothing to worry about. DCDIAG does some checking of the eventlog while processing the various tests - should you of cleared down the FRS eventlog then the orginal message confirming successful creation of the above shares will no longer be present. As a side note there is a later version of DCDIAG available. The newer tool is dated 6/9/00, 217,872bytes in size and contains some additional functionality Best... Neil - Original Message - From: Joseph Liggett [EMAIL PROTECTED] To: ActiveDir [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 11:14 PM Subject: [ActiveDir] dcdiag question I have been trying to iron out the kinks in my ad network for a while now and I think I am almost done. My servers name is 'nap' one of my final problems is when i run a dcdiag i get an error during the 'frssysvol' test. It informs me that 'These are errors after the SYSVOL has been shared. The SYSVOL can prevent the AD from starting...NAP passed the test frssysvol. Could this be from a legacy share from my old DC? thanks -jcl List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] EventID Reporter
Afternoon/Evening/Morning, Does anyone know of a good free/cheap tool to manage/view Events from the Event logs on multiple servers/workstations? Thanks in advance MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7974 249494 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] WINS/DHCP/DNS in Win2k
I suggest the best way would be to Install Wins,DHCP, and DNS on the new W2K server and disable on the old NT4 box for fail back purposes during your migration. Change your DHCP scopes on the new Server to include the new DNS and WINS servers, configure DNS... Make any changes to any static IPs. That should be about it. Best Regards, Robert Rutherford Scott Krall [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: [ActiveDir] WINS/DHCP/DNS in Win2k ivedir.org 08/01/2002 20:04 Please respond to ActiveDir I know this is not about AD but thought someone may be able to help. We have an NT 4.0 server running DHCP/DNS/WINS and we would like to know how best to move these services to a new Win2k server instead of doing an upgrade. All of our servers are currently NT 4.0. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] VPN RAS
Hi All, Quick question :- I know this a bit of a broad question but how safe if VPN access through a 2000 solution? Many colleagues in the company and I admit I also somewhat have a fear of putting any Microsoft products in such a 'vulnerable' position. Thanks in advance.. a discussion would be beneficial. Best Regards, Rob Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Removing a DC Account from the Domain
Thanks for the effort suggestion Elizabeth but this is not relevant due to the fact that its not a 2000 DC but a 3.51 BDC. I may as well just go through Server Manager for NT and remove it. Thanks very much Robert Rutherford Elizabeth Farrell elizabeth.farrell@clear To: [EMAIL PROTECTED] swift.com cc: Sent by: Subject: RE: [ActiveDir] Removing a DC Account from the Domain [EMAIL PROTECTED] ivedir.org 23/11/2001 21:17 Please respond to ActiveDir This is what a search on your error message came up with on Microsoft.com: http://support.microsoft.com/support/kb/articles/q216/3/64.asp Hope this helps! E. -Original Message- From: [EMAIL PROTECTED] Subject: [ActiveDir] Removing a DC Account from the Domain Hi All, I am having difficulty removing a server account from the domain... basically it was a legacy NT3.51 BDC. When I go into Users and Computers and try to delete the server object I get the following message:- 'The DSA Object Cannot be Deleted' I have had this problem before and just hacked round it by going into the old NT Server Manager to delete it. Is there a problem with doing this? How can I get round this problem? Thanks in advance. Robert Rutherford List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Removing a DC Account from the Domain
Hi All, I am having difficulty removing a server account from the domain... basically it was a legacy NT3.51 BDC. When I go into Users and Computers and try to delete the server object I get the following message:- 'The DSA Object Cannot be Deleted' I have had this problem before and just hacked round it by going into the old NT Server Manager to delete it. Is there a problem with doing this? How can I get round this problem? Thanks in advance. Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] a small problem.
Hey all, I know this isn't particularly related but wondered if anyone else has encountered this little problem: Whenever anyone on the network goes to open/save a document from standard app's such as Office it can take up to 2 minutes to drop down the drives list. Any Ideas? Thanks in advance Robert Rutherford This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] a small problem.
memory is not the problem as this happening on all machines... all above P500 with 128MB .. Robert Rutherford Elizabeth Farrell elizabeth.farrell@clear To: [EMAIL PROTECTED] swift.com cc: Sent by: Subject: RE: [ActiveDir] a small problem. [EMAIL PROTECTED] ivedir.org 14/11/2001 22:06 Please respond to ActiveDir I would start with memory on this one -Original Message- From: [EMAIL PROTECTED] Subject: [ActiveDir] a small problem. Hey all, I know this isn't particularly related but wondered if anyone else has encountered this little problem: Whenever anyone on the network goes to open/save a document from standard app's such as Office it can take up to 2 minutes to drop down the drives list. Any Ideas? Thanks in advance Robert Rutherford List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] CheckUpgrade
Hi, I need our remote admins to perform an upgrade check on some of our remote server. I remember seeing an .exe for this rather than using the \checkupgrade switch the reason being I don't want to send them the Server media as this has caused problems before. Thanks in advance Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7974 249494 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info: http://www.activedir.org/mail_list.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Events: 1000, and 1202
OK... Hope you are all well. I've looked at the properties of the security database c: \winnt\security\secedit.sdb on all of our DCs and have seen that the machine operating as the PDC emulators database has not been modified since the upgrade. All the other DCs security databases have been updated regularly. Looking at Q278316 I see that you can replace the file. Does anyone know if their are any risks with this? Thanks for all your help Robert Rutherford MIS Department - DEK International GmbH +44 (0)1305 208232 +44 (0)7974 249494 Previous :- After adding a policy to an OU within a domain I am getting the following errors every five minutes. Event Type:Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 16/10/2001 Time: 09:17:22 User: NT AUTHORITY\SYSTEM Computer: DEKUK2 Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1208). Event Type:Warning Event Source: SceCli Event Category: None Event ID: 1202 Date: 16/10/2001 Time: 09:17:22 User: N/A Computer: DEKUK2 Description: Security policies are propagated with warning. 0x4b8 : An extended error has occurred. Please look for more details in TroubleShooting section in Security Help. I have tried the fixes suggest by the relevant Technet articles but I am still getting the messages. I have tried entering the SYSVOL, NTDS, etc. under System Varibales with no joy also tried the registry addition ExtensionDebugLevel with no luck. Im getting the following error continually within the 'userenv.log' :- USERENV(cc.9a0) 08:54:33:437 ProcessGPOs: Extension Security ProcessGroupPolicy failed, status 0x4b8. I'm also gettting the following under 'winlogon.log' :- This is not the last GPO. --- 10/16/2001 09:37:24 Administrative privileged user logged on. Parsing template C:\WINNT\security\templates\policies\gpt0.dom. Error 1208: An extended error has occurred. Error creating database. Configuration engine is initialized with error. Un-initialize configuration engine... Any ideas would be appreciated. Thanks Again, Rob This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info: http://www.activedir.org/mail_list.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Event 1586
Hi All, I'm running in Mixed Mode and getting this Event popping up every four hours on my 2000 Domain Controllers... However it is not appearing on the controller acting as PDC emulator :- EVENT ID 1586 The checkpoint with the PDC was unsuccessful. The checkpointing process will be retried again in four hours. A full synchronization of the security database to downlevel domain controllers may take place if this machine is promoted to be the PDC before the next successful checkpoint. The error returned was: The naming context is in the process of being removed or is not replicated from the specified server. Has anyone seen this? I have been through Technet, Newsgroups, etc and found nothing that really helps. The AD seems to replicating fine and my NT BDCs also seem to be replicating their relevant info. One note which may be of relevance is that if I run a 'dcdiag' I get the following :- Starting test: frssysvol Error: No record of File Replication System, SYSVOL started. The Active Directory may be prevented from starting ...SERVERNAME passed test frssysvol Any help would appreciated. Thanks in advance, Robert Rutherford MIS Department - DEK Printing Machines Ltd. +44 (0)1305 208232 +44 (0)7974 249494 This E-mail and any files transmitted with it are in commercial confidence and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify the Administrator by E-mail ([EMAIL PROTECTED]). Any views or opinions expressed are solely those of the author and do not necessarily represent those of DEK Printing Machines Ltd., or its affiliates. List info: http://www.activedir.org/mail_list.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/