Sorry, that should have been, "...check that you have not
set Block Inheritance on the Group Policy tab of Domain Controllers OU
properties."
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
MurraySent: Dienstag, 25. November 2003 07:54To:
[EMAIL PROTECTED]Subject: RE:
After reading all the DANGER, DANGER, Will Robinson entries about upgrading your
2000 AD schema to a 2003 schema with Exchange 2000 in place, I am prepared to take the
plunge.
I went to a Windows 2000 DC and tried running adprep /forestprep. I consistently get
a parameter incorrect error
Title: Deleting roaming profiles
Yes,
it's been removed. I did find that if I take ownership of the dir and
click the reset permissions box, I can finally delete the dir. No biggie I
guess. But, now that I know there's a FRS patch, does anyone still have it
that they can send? We're not
Here you go:
Best Practice Guide for Securing AD
Installations and Day-to-Day Operations: Part I
http://www.microsoft.com/downloads/details.aspx?FamilyID=f937a913-f26e-49b5-a21e-20ba5930238dDisplayLang=en
Best Practice Guide for Securing AD
Installations and Day-to-Day Operations: Part II
Anyone had any
experience creating password complexity filters for use with the Password
Policies in AD 2003 ? I'm thinking of creating one here that is more complex
than "more than 6 characters" but not so complex as "Must have either A) B) c)
or D)" as users keep phoning me up and cant be
did you fix your 2000 schema first?
see Q314649 Windows Server 2003 adprep /forestprep Command Causes Mangled
Attributes in Windows 2000 Forests That Contain Exchange 2000 Servers
http://support.microsoft.com/default.aspx?scid=kb;en-us;314649
also, make sure that you run the forestprep on the
It
isn't something I recommend toprogrammers who don't regularly code in
c/c++. You are injecting code into LSASS which is touchy at best. If you have
any memory leaks or other obscure code issues you could really hurt yourself.
When I initially started playing with them I was really good
Nice to know that MS allow us manager types to tailor our password
setup with ease !!!
Cheers:)
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: 25 November 2003 13:17
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password filters for AD 2003 (v2)
It isn't something I
I'm not one of the big brains on this list however I've been looking at distribution
groups etc in Exchange 2003 and have a couple of article links which you may not have
seen. Not sure if they will help
The Role of Groups and Access Control Lists in Microsoft Exchange 2000 Server
Deployments
Is it? What are the details that surround this flaw ? The press release
says that he disabled Kerberos. What are they talking about there in his
case? He disabled it for IIS? He disabled it for..?
How do the casual observers recreate the problem to verify if it's even an
issue to the rest
Thanks for the links; I'll have a look at them ASAP.
I'm not one of the big brains on this list however I've been looking at
distribution groups etc in Exchange 2003 and have a couple of article links
which you may not have seen. Not sure if they will help
The Role of Groups and Access
I'm trying to run what I thought would be a simple export using CSVDE.
Suuure :-)
I want to pull a list of domain groups from my Groups OU. If I use the
following command:
Csvde -f filename.csv -r (ObjectClass=Group)
I get a list of all the groups in the domain. I haven't figured out how to
Probably that DN=OU= bit as well as you need the -d flag.
Something like: csvde -f filename.csv -r (ObjectClass=Group) -d
OU=groups,DC=ECCAD,DC=COM
-r is the filter
-d is the root of the LDAP search
What you want is to start in groups and search for all objects that are of
the objectclass
okTry to stick with me, as I explain this mess.
Having inherited DNS, it appears that scavenging was never put on for the DHCP
scopes, and there are over 60k of dead PTR records to clean up. Unfortunately it
was never turned on, since the fear of static records being wiped in the process
Everyone,
I thought I would throw this one out there to see if anyone has
experienced this problem before. The issue is that I have a Terminal
Server running in Application Mode, the first user that authenticates to
the Internet through the Cisco PIX effectively opens a pipe to the
I have restored an exchange 5.5 server for a legal
case, I can access the messages,
But all messages that have attachments give a
message,
Cant open this item, operationn failed.
Nothing in the event log for either the workstation
or the server
HELP
:-)
Al,
I think you missed the key point in the message - the sarcasm over the
entire issue. I had hoped that the raging, stupid statement about 'a huge,
gaping..' blah, blah and the Dennis Miller quip tipped everyone off to my
wry humor.
Pardons if I led you astray. Personally, and
Yep. That's got it. Thanks!
**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 985 0975 x5083
**
Probably that DN=OU= bit as well as you need the -d flag.
Al
List info : http://www.activedir.org/mail_list.htm
List FAQ:
There are third party products that do this stuff. The last one that I saw
that was decent and standalone ran around $1500 per domain controller
though. It is touchy high security stuff and you need to be careful. I think
one of MS's reasons for hesitation for putting something comprehensive out
I would agree. I wouldn't spin up a separate domain for this. If the
requirement were truly there, I wouldn't just do a separate domain, I would
do a separate forest unless the people who were getting the domain didn't
mind not having any admin rights in that domain.
Having the separate domain
Yes you absolutely will run into the issue.
The problem has nothing to do with load, it is how DSPROXY hands out GC's to
clients. If you have GC's from multiple domains in the site where your
exchange servers are, the exchange servers will have them all (up to I think
25 or something like that)
At this point in the game...
Deploy W2K3 servers and XP clients.
Absolutely get rid of NT4 and Win9x. They are end of life and getting harder
and harder to patch.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of George Arezina
Sent: Monday,
Sorry for the delay on responding to this.
Exchange Rangers
We actually have some MS people onsite who don't have the highest opinion of
the rangers. Could be the ones they have dealt with but overall I haven't
found many people at MS period that seem to able to talk about Exchange. I
haven't
We had almost the same issue with our Citrix implementation where our
proxy only understood the source IP of the Terminal Server and we also
lost authentication and logging. The solution offered by the proxy
vendor was to insert an ISA server in between and have it act as an
intermediate proxy on
24 matches
Mail list logo
