RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
Management summary? Ok... I took care of it, go back to sleep. :o) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Sunday, November 06, 2005 4:53 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes who says you can't hope for it?! ;-) grinthere may be some hope left from him to try/grin is a management summary possible? ;-) Jorge From: [EMAIL PROTECTED] on behalf of Rick KingslanSent: Sun 11/6/2005 10:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes How long have you known joe? Short version PLEASE! Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Sunday, November 06, 2005 12:17 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joeSent: Sun 11/6/2005 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. WroteSteve Balmer as a concernedMVP. 5. Posted this issue(pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged,quota management, mailbox permission reports, conferenceroom setup, etc. Anyway, I sat in theFriday con call whileonsite PSSdiscussed the issue and it sounded like the sameGC issue as I had stumbled on before.I mentioned that they would want to check that outand verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our "everyone gets in one room" meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend)who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (secur
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
joe, It appears that you could be successful writing joke books along with the technical ones! Dilbert might be looking for new material. Thanks for the laugh! Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, November 07, 2005 9:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Management summary? Ok... I took care of it, go back to sleep. :o) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Sunday, November 06, 2005 4:53 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes who says you can't hope for it?! ;-) grinthere may be some hope left from him to try/grin is a management summary possible? ;-) Jorge From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 11/6/2005 10:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes How long have you known joe? Short version PLEASE! Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Sunday, November 06, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. WroteSteve Balmer as a concernedMVP. 5. Posted this issue(pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged,quota management, mailbox permission reports, conferenceroom setup, etc. Anyway, I sat in theFriday con call whileonsite PSSdiscussed the issue and it sounded like the sameGC issue as I had stumbled on before.I mentioned that they would want to check that outand verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend)who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
and would not be changed. That prompted my note to SteveB with a question of what the hell is wrong withthe ExchangeDev people? Indicated wecurrently had a big push to go towards Linux and were doing everything we could to show how conducive MS was to making things work for us and Exchange comes along and tells us to piss off our product sucks by design and we aren't fixing it. Then went out and made sure everyone I could think of was aware of that limitation and how it would impact Enterprise deployments and the security implications and how there was no real way to really know if you had a problem with your currently configured public delegates or not without auditing every single mailbox. If just one large company or military org listened and started complaining to MS to it was a good thing. A couple of weeks later Dev came back and said it would be corrected in 2K3, probablySP2. MS then sent someone onsite to build a website for users to use to configure their public delegates and we had to retrain all of the users to use that instead of outlook. That was pretty funny too because the guy came straight to me and asked if I knew which .NET objects he could use to manipulate the Exchange pieces he needed to monkey with. I told him he needed to learn two works P-Invoke. He wasn't happy. A week later he came and asked if he could have some _vbscript_ code I had written for manipulating the folder roles, etc in a mailbox. There is even more to that story that impacted me but this is long enough already. Hopefully it illustrates things for folks. There are good and bad PSS/MCS folks, it is your duty as a technical person representing your company to understand which ones you are working with and to question them on everything that you don't understand or don't agree with. Don't be afraid to fight for what you think is right. If you are told, well you are the only that has ever said that is an issue[4], go out into the public and start asking people.The Exchange PSS person who was working onsite at the widget company was almost completely worthless and was actually often dangerous. The TAM had ordered this person not to speak during con calls or meetings unless the TAM signaled the person. The sad thing was that everyone on the account at the tech level knew this person was trouble but when I talked to them they said the person couldn't be removed unless the customer (I was a contractor for the customer) actually officially complained and I explained what my manager's manager felt about my "meddling" already. All of that and I still like MS and think they are best suited for many/most companies. I still consider Exchange to be a serious pain, but I also see it as one of the best out there that I intend to keep pushing on to get better. Currently being the best doesn't mean you can suck indefinitely. ;o) Note I don't know all aspects of Exchange and don't really intend to. I have been told the routing engines are amazing, etc. My focus is the AD integration and permissioning and monitoring and troubleshooting I find itlacking and have no issue broadcasting the lacks that I find so others won't be surprised by them at 3AM some time. Right now I am working with them on a WMI monitoring issue and I am starting to hear the By Design comments again and I am sliding into the it is by design that you can't use the interfaces designed to monitor the health to actually monitor the health response mode joe [1] All serious work happened after the normal 8 hour day when people would leave me alone. [2]Same person who did majority of the alpha/beta testing and spec'ing of the Auto Accept Agent that is publicly available now. [3] That woke up our upper Messaging management. That design cost probably millions in actual dollars for billable time to PSS/MCS over the years. [4] That is one of my particular favorites right after the its by design for something you know that they never thought of or intended. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony MurraySent: Sunday, November 06, 2005 12:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes You weren't the only one [1] Tony [1] ...but I'm guessing you were the most vocal. ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Saturday, 5 November 2005 10:41 a.m.To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes You are all welcome. ;o) This is the issue I posted about back in I think 2003 (end of summer / fall) and again in 2004(spring) that I "discussed" with MS. :o) As it mentions, this doesn't help much with DLs, it is primarily targeted to help issues with outlook modifying the account of the user who is running outlook such as public delegat
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. Wrote Steve Balmer as a concerned MVP. 5. Posted this issue (pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged, quota management, mailbox permission reports, conference room setup, etc. Anyway, I sat in the Friday con call while onsite PSS discussed the issue and it sounded like the same GC issue as I had stumbled on before. I mentioned that they would want to check that out and verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend) who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what she wanted to say and then said, the issue is the GC issue. MS said, no it wasn't, they couldn't confirm that. Then I said that I knew absolutely it was the issue. The people on the call knew me long enough not to question when I said absolutely versus it should be checked or it appears or possibly. So the following week we had the same meetings we had from several months ago only I was holding the hammer and I was bringing up everything MS had said previously about the design and so I asked the obvious question of were we designed to have public delegates work or did we say we didn't need those too? That was an obvious setup question because most large companies use public delegates a lot and this widget company really used public delegates a whole lot. That spawned a whole bunch
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
This IS the short version ;) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de Sent: Sun 11/6/2005 10:16 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. Wrote Steve Balmer as a concerned MVP. 5. Posted this issue (pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged, quota management, mailbox permission reports, conference room setup, etc. Anyway, I sat in the Friday con call while onsite PSS discussed the issue and it sounded like the same GC issue as I had stumbled on before. I mentioned that they would want to check that out and verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend) who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what she wanted to say and then said, the issue is the GC issue. MS said, no it wasn't, they couldn't confirm that. Then I said that I knew absolutely it was the issue. The people on the call knew me long enough not to question when I said absolutely versus it should be checked or it appears or possibly. So the following week we had
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
LOL. Seriously. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, November 06, 2005 2:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes This IS the short version ;) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de Sent: Sun 11/6/2005 10:16 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. Wrote Steve Balmer as a concerned MVP. 5. Posted this issue (pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged, quota management, mailbox permission reports, conference room setup, etc. Anyway, I sat in the Friday con call while onsite PSS discussed the issue and it sounded like the same GC issue as I had stumbled on before. I mentioned that they would want to check that out and verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend) who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what she wanted to say
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
That is the short version. That comprises highlights of things that occuredover 9 months. :o) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge deSent: Sunday, November 06, 2005 1:17 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joeSent: Sun 11/6/2005 5:12 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. WroteSteve Balmer as a concernedMVP. 5. Posted this issue(pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged,quota management, mailbox permission reports, conferenceroom setup, etc. Anyway, I sat in theFriday con call whileonsite PSSdiscussed the issue and it sounded like the sameGC issue as I had stumbled on before.I mentioned that they would want to check that outand verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our "everyone gets in one room" meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend)who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what shewanted to say and then said, the issue is the GC issue. MS said, no it wasn't, they couldn't confirm that. Then I said that I knew absolutely it was the issue. The people on the call knew me long enough not to question when I said absolutely versus it should be checked or it appears or possibly.So the following week we had the same meetings we had from several months ago only I was holding the hammer and I was bringing up everything MS had said previo
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
How long have you known joe? Short version PLEASE! Rick _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Sunday, November 06, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? _ From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. Wrote Steve Balmer as a concerned MVP. 5. Posted this issue (pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged, quota management, mailbox permission reports, conference room setup, etc. Anyway, I sat in the Friday con call while onsite PSS discussed the issue and it sounded like the same GC issue as I had stumbled on before. I mentioned that they would want to check that out and verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend) who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what she wanted to say and then said, the issue is the GC issue. MS said, no it wasn't, they couldn't confirm that. Then I said that I knew absolutely it was the issue. The people on the call knew me long enough not to question when I said absolutely versus it should be checked or it appears or possibly. So the following week we had the same meetings we had from several months ago only I was holding the hammer and I was bringing up everything MS had said previously about the design and so I asked the obvious question of were
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
who says you can't hope for it?! ;-) grinthere may be some hope left from him to try/grin is a management summary possible? ;-) Jorge From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 11/6/2005 10:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes How long have you known joe? Short version PLEASE! Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Sunday, November 06, 2005 12:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes damn... do you have a short version of this story? From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 11/6/2005 5:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes Oh I understand. I definitely understand I wasn't the only one, I don't think it would have been fixed if it was just me. My contributions included 1. Debating strongly with Alliance PSS (on and offsite people). 2. Debating strongly with onsite MCS. 3. Debating strongly with Dev 4. Wrote Steve Balmer as a concerned MVP. 5. Posted this issue (pointing out the security aspects) both in groups like this and in the public newsgroups. (The public delegates aspect is a security issue). 6. Reposting every single time I saw anything that related to it. Initially I hit it with DLs and I got beaten down by PSS and MCS because they said the design the company had that I worked with at the time (we will call widget company again) was based on the idea that they didn't need DLs so it was specifically designed without DLs in mind and had we wanted DLs the design would have been different because they knew all about this problem. Then several months later reports of issues with public delegates started surfacing. I was working on some other thing at the time, I believe it was setting up web pages to do things like short term delegation of mailbox access so that the third level outlook people could ask to get access to a mailbox and it would all be logged, quota management, mailbox permission reports, conference room setup, etc. Anyway, I sat in the Friday con call while onsite PSS discussed the issue and it sounded like the same GC issue as I had stumbled on before. I mentioned that they would want to check that out and verify what GCs where being talked to and redirect them to a more appropriate GC as I had documented and shown for the DL issue before. I didn't want to jump into it and really look at it as I always seemed to get into some sort of trouble for finding and pointing out MS screwups and any issues in the Exchange design. My boss loved it because it meant we fixed something that would hurt once in production, my bosses boss hated it because it slowed down the project he was being graded on with the execs which was way over budget and way over timeline. Next Monday's con call they still didn't have a clue, more descriptions still sounded like a GC issue, I said so again. Ditto Tuesday con call. On Wednesday we had our everyone gets in one room meeting and discusses the problems and when that problem came up I yet again pointed it out that it really sounded like the GC issue. Either MS really didn't want it to be that and they were looking for anything else it could be or the analysts really had no clue what they were looking at. I expect the later. I told my friends in MCS that the PSS guy was screwing this up and they needed to birddog him because he was going to make MS look like idiots again. They said they couldn't for some reason or another. Thurs con call same issue, no progress. Thurs around 6PM when I was settling into the lab to get some serious work done[1] I got grabbed by one of our third level Outlook folks (a good friend) who was working the issue[2] and she said I had no choice as she would kick my butt and that she was making me work on that issue. Within 15 minutes I proved that what I had said the previous Friday was the issue and also learned about how badly Outlook handled the issue in that if you removed a public delegate it would disappear from the list because it was removed from the store but was still in AD so it was still active and outlook never showed an error message and from them on showed the value incorrectly so someone had permissions to send on behalf of that were not shown unless you looked directly at the directory (security issue). MS PSS reported again in the Friday con call that they had no idea and they were bumping the issue to Sev-A to get ROSS onsite to do a debug and I waited until the TAM was completely done with what she wanted to say and then said
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
You weren't the only one [1] Tony [1] ...but I'm guessing you were the most vocal. ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Saturday, 5 November 2005 10:41 a.m.To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes You are all welcome. ;o) This is the issue I posted about back in I think 2003 (end of summer / fall) and again in 2004(spring) that I "discussed" with MS. :o) As it mentions, this doesn't help much with DLs, it is primarily targeted to help issues with outlook modifying the account of the user who is running outlook such as public delegates and certs. If you make sure that people can only manage DLs in the same domain as their userid, this can offer relief from the issues there aswell obviously. Oh, BTW, there is a new KB article concerning some folks that may have been burned by this new functionality. http://support.microsoft.com/?id=908443 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Friday, November 04, 2005 2:57 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes It's been discussed here several times. An interesting read: http://blogs.technet.com/exchange/archive/2005/11/04/413669.aspx Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
RE: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
You are all welcome. ;o) This is the issue I posted about back in I think 2003 (end of summer / fall) and again in 2004(spring) that I "discussed" with MS. :o) As it mentions, this doesn't help much with DLs, it is primarily targeted to help issues with outlook modifying the account of the user who is running outlook such as public delegates and certs. If you make sure that people can only manage DLs in the same domain as their userid, this can offer relief from the issues there aswell obviously. Oh, BTW, there is a new KB article concerning some folks that may have been burned by this new functionality. http://support.microsoft.com/?id=908443 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Friday, November 04, 2005 2:57 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] OT (somewhat): Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes It's been discussed here several times. An interesting read: http://blogs.technet.com/exchange/archive/2005/11/04/413669.aspx Exchange Server 2003 Service Pack 2 DSProxy Referral Process Changes
