My experience is that you can change one from AD integrated to Standard
Primary and change the others to standard secondaries from the new primary
without much worry.
If you're at all worried, I'd reverse the process - change all the
secondaries first, and have the last change you make be the
All,
How difficult is it to take vbscript code and convert it to compiled vb.net
code? We're discussing automating many functions and would prefer to use
compiled code in order to eliminate improper/unexpected modification to the
code.
Thanks,
Mike Baudino
*** PLEASE
http://support.microsoft.com/default.aspx?scid=kb;en-us;276382should tell you the
required attributes, as well as optional and prohibited (for import) attributes.
I think the major difference between ldifde and csvde is that you cannot use
csvde to modify existing objects, only add/delete.
There is one mandatory attribute that you need (sAMAccountName), but it is generally
useful to also have the following:
givenName
sn
displayName
userPrincipalName
userAccountControl
If might also want to set the password, which can be quite tricky with LDIF. There's
a KB article on this:
Using ADSI EDIT, can only view 10 000
objects. How and where can this be fixed
In Windows 2000 Active Directory 10 000
can also be viewed but corrected it by GPO.
That totally depends on the code and what it's expected to do. Generally
it's not terribly difficult.
Al
-Original Message-
From: Mike Baudino [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] a bit OT: vbscript to vb.net
Thanks Tony. Does the account get created with a blank password if I don't create one
myself? If so,
what would happen if the domain policy is set to not allow blank passwords?
mc
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 9:43 AM
To:
Its not impossible, but its not as easy as just compiling it. They're really
fairly different languages, they just share a common base.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original
I use python alot of the time actually. :-)
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 7:31 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] What is your favorite scripting language?
coughBS/cough
I find it interesting
Jannie
Did the GPO fix not work for ADSI Edit?
http://support.microsoft.com/?kbid=243281
Tony
-- Original Message --
Wrom: XLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCO
Reply-To: [EMAIL PROTECTED]
Date: Fri, 12 Dec 2003
Ah ha! Heres one I can answer
(having asked it myself last week)
In ADSI Edit, with the Domain Selected,
choose View/Filter. Change the number of objects to whatever
mc
-Original Message-
From: Jannie Esterhuizen - CPX
Mngd Services [mailto:[EMAIL PROTECTED]
Sent:
Sliding off topic a bit more here.. Why? What's it buy you that perl and
VBScript don't?
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Hutchins, Mike [mailto:[EMAIL
Well, they aren't very good reason, but here you are :-)
Vbscript is platform dependant. (I run some various utility boxes that
are *nix, and I tend to run scripts from them too)
Perl has a tendancy to confuse the hell out of me occasionally. I use A
LOT of the info from Robbies books, so I do
I'm afraid to ask... but... why is Perl the preferred language (besides it
works on Unix/Linux)?
Rich
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 10:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] What is your favorite scripting
This message is for Joe.
Dear Joe,
I was surprised to not see you mention, in this thread, anything about
whether or not you should run WINS on a DC. Could you please just tell me
if you are doing it? I am trying to troubleshoot why turning WINS on on a
FSMO in a small Forest (2 DCs, 3 member
One thing to consider is by using VB.NET you can take advantage of the
System.DirectoryServices namespace and that will make some of your coding
much easier - of course VB.NET will happily work with ADSI code as well.
I've noticed some things that took a lot more code under ADSI can be
I wrote an article about this topic a few weeks ago:
http://www.oreillynet.com/pub/a/network/2003/11/18/activedir_ckbk.html
There was a fair amount of discussion (at the end of the article) so I
asked O'Reilly to host the poll.
Robbie Allen
http://www.rallenhome.com/
-Original
Gil,
RE getting around the built-in security model: the local system thread
really only applies to folks that have admin rights on a DC already - i.e.
Domain Admins or Enterprise Admins. Plus the folks that have physical access
to a DC... I just don't want too many folks to get scared about the
Its got a lot of, well, interesting features to it, and it supports some
object types that aren't available in VBScript.
And its cross platform, which makes it handy to know.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems
Title: RE: [ActiveDir] User export
Mark,
Actually for csvde you need the DN and objectClass only -
DN,objectClass
CN=username,CN=Users,DC=company,DC=com,user
It will override your complexity setting and set it without a password, you can authenticate using a blank password on it (I
Title: Message
http://www.microsoft.com/downloads/details.aspx?FamilyID=89811747-c74b-4638-a2d5-ac828bdc6983DisplayLang=en
If you love the first version of the tool, you will love this version of
thetool...
It nowhas great loggingfeatures, andlots of
customization...
Todd
I've been programming computers for 25 years, but never as my main job.
My first programming was necessary evil in my life as an engineer. Then,
after slowly being seduced by the dark side, as part of my system
administration chores on various platforms.
I've programmed in various assembly,
Title: RE: [ActiveDir] a bit OT: vbscript to vb.net
Yes System.DirecotryServices does accomplish some of the ADSI tasks in managed code, but remember it is only a very thing wrapper around the ADSI Com component, there are many instances where you will need to invoke underlying ADSI COM
Rocky,
I run WINS on my DCs with not problem. My resoning was to elimate two
machines from our infrastruction. We have one site with 3 domain
controllers and about 4000 users.
Dennis
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb
Sent:
If the Policy does not allow for blank passwords, then I assume the import
fails.
If I were doing this, I'd use the ADModify tool to export the accounts. The
output will be an ldf file. I'd use an encoder like this
(http://www.opinionatedgeek.com/DotNet/Tools/Base64Encode/Default.aspx) to
encode
Title: Message
Thanks Todd. I loved the first version and look forward to
this one.
Kind of ironic that the KB that the 2.0 D/L page leads you
to has a link to D/L 1.0 :-(
From: Myrick, Todd (NIH/CIT)
[mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 8:34
AMTo: '[EMAIL
I appreciate the recommendation. It's very gratifying to be counted among the
worthy :)
I'm sure you know what I'm talking about.
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?
Guido,
Thanks for reply and the link to the article - very
useful.
However, the TS port really isn't the issue. I can TS
to the member server with no problems. The problem is that when I log into
the member server via TSwith a trusted account I get rejected. With
Windows 2000 TS,the
In another thread, Guido wrote
= people shouldn't grant full control on OUs to local admins.
which was timely for me, as I was messing around in our test environment
with various permissions scenarios. I ran into an oddity, and would be
interested in any comments
I removed the Allow Delete
We keep the DC/DNS boxes as single purpose, but in the sites with WINS, I'm
usually using a single box for WINS, DHCP, and often running our Web Content
Filtering application.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems
The import doesnt fail - ours is
set to not allow blank passwords and the import succeeds because the account is
disabled you can do this in ADUC manually too. However, if you try to
enable the manually-created account-with-blank-password in ADUC it tells you it
doesnt meet the
Anybody know of good resources for finding more info on the following
error
USERENV(52e8.5f2c) 15:32:55:476 RegisterGPNotification: CreateEvent
failed with 5
I've been having some GP oddities today and the userenv.log files on the
affected systems are covered up with this. Google returns some
Usually a Failure of 5 is Access Denied
turn on Winlogon Logging, and then use secedit to reapply security policies. It will
create the winlogon.log in the C:\winntt\security\logs directory.
Read through the log and you should see where the error is happening.
Search Technet for the keywords
Title: Message
Similar issue:
We
have a Win2k AD domain and a few holdout clients on Win9x.
Plans
are afoot to upgrade all to XP Pro but in the meantime, is there any way
to enforce password complexity on the old clients?
-Original
Message-From: Steve
Shaff
KC-
What this event is saying is that an application--probably a system
application--is trying to create an event so that it can receive a
notification when a GPO changes. However, for some reason, that
application is unable to create the event for security reasons. It would
probably be useful to
35 matches
Mail list logo
