Sorry for the really
off topic posting, but is anyone on the list in, or around, the area of
Salzburg, Austria ? I need to get hold of something from a certain shop there,
and I need someone to see if they can get the phone number for
me.
Thanks
Olly
I live in Munich...about an hour and
a half away. Maybe I can get some info for you.
-Original Message-
From: Oliver Marshall
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003
9:51 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] [OT] Really
off-topic!
Sorry for the
After delegating control to a specific number of users to
reset and unlock locked accounts I ran into a very weird problem. The delegated
users were able to open the properties of users under ADUC. Now, when they
attempt to open the properties tab, ADUC just closes itself as if the
George
Sounds like the problem has more to do with the troubled
upgrade to SP4 on that DC than anything else. What were the problems you
had after installing SP4? It seems strange that you should have issues
with applying an SP on one DC but not the other.
Some other thoughts:
1. Are the
"I should also mention the fact
that this does not happen on another DC in my
domain."
= do you mean that your ADUChad issues when
connected to the SP3 DC, or was the ADUS running on
the respective server (logged onto the console or via TS)
?
I doubt the latter, however I've not seen the
Tony,
Delegated users are running ADUC via TS.
No out of the ordinary events in the EV
logs
No I do not see the problem when
connecting to the SP4 DC via Connect to Domain Controller option
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent:
= do you mean that your ADUChad
issues when connected
to the SP3 DC, or was the ADUS running on the
respective server (logged onto the console or via TS) ?
Already running on the
SP3 prior to install of SP4 without any problems.
do you mean the Users container in AD? You have the issue
what version is the ADUC on your TS and is this a separate
machine, or one of the DCs themselves?
you didn't mention the permissions you
set...
From: George Arezina
[mailto:[EMAIL PROTECTED] Sent: Dienstag, 4. November 2003
11:12To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] ADUC MMC
=
Hi all,
What is the permission required for configuring a child domain in an
existing forest? Is it Enterprise Admin?
Thanks in advance
Santhosh
Thanks for the response. I found an
issue with Schema update if you have Exchange 2000. Here is the KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-us;314649
Has anyone seen this?
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
yes, you'll need to have Enterprise Admin permissions to
add the first DC of a new child-domain.
Afterwards Domain Admins can continue to add DCs of that
domain.
/Guido
From: Santhosh Sivarajan
[mailto:[EMAIL PROTECTED] Sent: Dienstag, 4. November 2003
13:16To: [EMAIL PROTECTED]Subject:
Heh.
It fails on the rec.Open.
I've tried (and re-tried this morning to make sure) both
the "\" escape and the "%26" escape. Neither generate a different
error.
Thanks anyway.
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 6:29 PMTo:
[EMAIL PROTECTED]Subject: RE:
Yes
... EA permissions are required to create CrossRef objects which represent
partitions within a forest (in this context, a partition equates to a domain).
You can, however, precreate the CrossRef as an Enterprise Admins member and
delegate control over it to a suitable user who will
OK
right off the bat, I wouldn't let anyone besides the domain admins TS into a
domain controller. That isn't the root of your problem but could be the root of
others before or down the road. You will probably get someone on here that may
say that the server could be hardened but I am going
Title: Message
Please can anyone tell me if it is possible to make
aconnection to a network sharewhen a server has been booted up into
theDirectory Services Restore Mode ?
I was planning to place my system state backup file on
a network share. This is obviously a waste of time if I cant get
Oh very cool.
That works (except for two accounts out of several hundred
for some weird reason -- still tracking that), and it's much faster than ADO. It
requires a bit more setup (since you've gotta know the specific Exchange server
a mailbox resides upon), but it works quite well.
Thanks
John if you want to make sure these servers never get any GPOs you might put
in the domain, or make it more obvious at a glance what GPOs they are
getting, you can put them in their own OU and block inheritance to that OU.
Yes it is grouping them for GPO application not necessarily administrative
Title: Message
Booting a DC in DSRM effectively boots it into a "workgroup mode".
However, you will be able to access a network shareif you have another DC
nearby that can authenticate the user that tries to access the network share.
So, you will need to present your credentials when you're
Joe speaking of scripts to unlock users
have you (or anyone else) ever set up an alert/script combo that triggers when
an account gets locked out, brings up the user info to you with various info,
and lets you acknowledge and unlock it / call the user / chase the hacker
depending on the
Title: Message
And
that's what's confusing. W2K DNS is told to use TCP for large packets, and
you can force that as I recall. So in your case, the firewall was the issue,
right? Slight change in the way that the DNS packets were travelling
across?
Al
-Original
I'd place them where they're managed. I.e. if a
delegated admin of a sub-domain is managing a resource that is supposed to be
secured with a UG, then place the UG in an OU where he is delegated enough
permissions to manage the group.Usually, this also equatesto hosting
the UG in the domain
Title: Message
Sure. When you boot into DSRM network works just fine.
Infact I was TS-ing to one Windows server booted in DSRM and did troubleshooting
AD over the network.
Matjaz
Ladava, MCSA, MCSE, MCT, MVP
Microsoft
MVP Windows Server- Active Directory[EMAIL PROTECTED]
Great to hear that. ADO sometimes behaves strangely. For
example if you take ADO for querying AD. There are several ways to sort ADSI
results, but none works as it should :-(
Matjaz
Ladava, MCSA, MCSE, MCT, MVP
Microsoft
MVP Windows Server- Active Directory[EMAIL PROTECTED]
Title: Message
No, I didn't change anything but where I sent
forwards. To my authoritative servers (in my DMZ but on the other side of
my PIX) instead of using root hints.
We have (for the network under
discussion)
INTERNAL - PIX - DMZ - 7200
w/IOS-FW/FS
Anyway, see the google thread on
Title: Message
So are we saying it works as long you don't
use the fixup command for DNS? Do you still need to NAT and the conduits (in
my case of older PIX ver.)?
-Original Message-
From: Mulnick, Al
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003
6:23 AM
To:
Title: Message
In my case, yes. Disabling the DNS Fixupon my PIX
made the issue disappear as soon as I entered the command. The PIX fixup was
mangling the responses back to the dns servers (much like SMTP fixup does when
in front of an Exchange server). Later yesterday I removed the acl and
Good Morning.
Windows 2003 Server environment
Single AD Domain/Forest
We have a need to map certain drives for specific individulas. Ideally, this would be
done based on Group Membership. For instance, If person X was a member of the
Accounting group, it would map an M: drive to the accounting
Try Kix32 (KixStart). It's a free login script maker that works really
well.
-Original Message-
From: Technology Listserves [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 10:35 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Question on Drive Mapping by Group
Good Morning.
I just went through this. Here are a few sites I used. The RLMueller
site has actual scripts you can use freely and adapt to your needs. Good
Luck!
http://www.rlmueller.net/
http://cwashington.netreach.net/depo/view.asp?Index=804ScriptType=vbscr
ipt
Okay, guys, I've done quite a bit of research here,
but I need some help. I don't know about you guys,
but I find it frustrating that AD has been out for
over three years and so much of this stuff is still
undocumented! Argh!
First problem was delegating the right for remote
admins to
Well, this is more of a blanket suggestion, than a solution to your problem.
After coming to find many tasks that remote admins should be able to do, but that I
don't want to give them rights to do, I tend to try and centralize tools. I've
created ASP driven admin portal which is nothing
Title: Message
I have received a
request to change an AD field that shows up in the GAL as Home2. We would
like to basically rename this fields description from "Home2" to "Radio".
Does anyone know what I would need to do to make that happen? It may not
be possible at all but I thought I
Hello,
I currently manage a 2000 Mixed Mode Child Domain. When an
Enterprise Admin runs replmon, everything works fine except for one
thing. We get an access denied error when trying to communicate with
the W32time service.
* Checking Service: w32time
Could not open w32time
Title: Message
I want
to say this is possible at the attrib level, but the display name (text caption
in the UI) is set at the UI.
What
has me more curious is why you want to change that field? Why not use
another field somewhere that will never ever be used?
Al
-Original
Title: Message
Additional information. You could create your own class and field
and a custom app to display it in the MMC.
http://msdn.microsoft.com/library/default.asp?url="">
-Original Message-From: Weeks, Travis
(COX-Atlanta) [mailto:[EMAIL PROTECTED] Sent: Tuesday,
Title: Message
Travis,
You need to update the English language
template to display Radio instead of Home2.
Another method is to create a new attribute called, say, radioNumber,
copy the MAPIID from an unused attribute to it, and then modify the template to
display that. You then, of
Title: Message
Actually Im not dead set on renaming that field. I just need a
field in the phone/notes tab in the gal that can be named
Radio.
-Original Message-From: Mulnick, Al
[mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003
2:53 PMTo: '[EMAIL
I just spent the morning looking around at resources and doing some things
to lock down a new W2K TS. This box is a member server in a W3K domain, and
is hosting an app that end users hit. We needed to make it so that was the
only thing they could do on the box, but we still needed admin access.
Title: Message
The bug lies in the "FIX up". It's a "known" PIX issue and most truthful Cisco TAC personnel will admit to that. I went back and looked in the DNS Debug log that Miles sent last week. The "SERVFAIL" portion of the response packet is a good symptom of a "FIXED UP" anomaly.
We have a domain about to go to native mode (2 others have
already switched with absolutely no problems, of course.) This last domain is the
result of an acquisition, and there is a skeptical staff of developers there
who are trying to push back the change saying they need extensive
Everyone says this "as the UG is replicated via the GC
anyways." but I personally don't like it because it seems to want to force you
to think the group doesn't exist on normal DCs and it does, but it is also
replicated across the GC's.
Actually looking at it that way, the best place is the
Right off the bat (am I saying that too much lately)?
Ah who cares, right off the bat, you will not push changes. Windows doesn't
use push replication. All Windows Replication is pull based whether it is
WINS or AD or whatever. The DC who wants the changes pulls the changes from
the other
1.
Theoretical until you have conclusively proved in your own lab. Most likely
unsupported as a rollback mechanism by MS.
2. Not
necessarily true. There have been scattered reports of Samba and other SMB
emulation packages choking and also I have personally seen some weird stuff with
Haven't ever done it but can visualize multiple ways to pull it off
depending on how soon after the lockout you have to know about
it.
If it
is immediate I would write an LDAP API program (no other way currently) that
does change notification on the specific user object, when it detects a
Title: Message
Hi Deji. I'm not sure I'm following you here.
TS is installed in application mode. When a non-admin user logs on, they
get a desktop with only the app shortcut on it. Never having worked with TS
before, I haven't figured out how to have just the application run instead of
the
Jun 2003... sure am glad they stabilized that POS. thank god for
robocopy...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Tuesday, November 04, 2003 11:52 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Latest FRS info from MS
Thanks
Thanks for your lengthy response, Joe. I appreciate
it.
I actually knew that all AD replication was pull
replication. But replmon does have a push mode
which basically sends out a change notification to the
DC's partners so that they will immediately come pull
its changes. What's cool is that
Title: Message
I tried sending a screen-shot as a guide, but it's too large for the list. the Configuration is done on the RDP Properties.
Go to Admin Tools - Terminal Services Configuration - Connections - RDP-Tcp (or whatever your connection is named).
Double-click on it and go to
Title: Message
OK, got it. Yes, that worked. Sweet. 2 hours of MSKB and Google and
couldn't find anything that mentioned the ability to do that, much less how.
Thanks, Deji. I appreciate it!
**Charlie KaiserMCSE,
CCNASystems EngineerEssex Credit / Brickwalk510 985 0975
Title: Message
Yeah, that's what I hear.
;o)
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzoneWebLog -
www.msmvps.com/willhack4food
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Missy
50 matches
Mail list logo
