[ActiveDir] Group Policy - Overview

Is there any way to get a nice overview (on excel etc) on the ADM templates that exist in AD? Have been trying to export all the settings [even the ones not set] with no luck. Any help would be appreciated. Regards, Anders == This

RE: [ActiveDir] Group Policy - Overview

Greetings Mr. Ander, You can search that on MS-KB or if you can mail me offlist i can send you as attachment coz i think i cant send as attachment to the list. Search for this key word "Group Policy Settings Reference Spreadsheet (ADM Files)" Cheers, AThif -Original

RE: [ActiveDir] Exchange 2003 and Firewalls

It wont be a port issue as you wouldn't gain connectivity at all... If it is a very old firewall then chances are that it may be causing issues Will they drop it for a testing period to see if it makes a difference? If it is for their benefit, i.e. their clients then they may? At least that

RE: [ActiveDir] Dialup add-in for ADUC

It's only supported on server. -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 20:41 To: [EMAIL PROTECTED] Subject: [ActiveDir] Dialup add-in for ADUC Does anyone know where I can find the add-in for dial-in privileges? I have them on the actual DCs,

RE: [ActiveDir] Exchange 2003 and Firewalls

have a look at Microsoft.com/kb search for: Microsoft Knowledge Base Article - 270836 - you can test this on one client and see if the performance gets better. It might be a port issue depending on how the Exchange server communicates eg Server-client Client-server and how the firewall is set

[ActiveDir] Islands and NAT

Hi, We have a simple AD. Just one domain and nothing extra (no childs etc). BUT what we do have is a domain spread across different IP addressing systems and DC's behind Firewalls that have to do NAT. One of our sites uses private IP numbers (site A) and another uses public (site B).. What

[ActiveDir] Making another server part of existing DC

Greetings, Actually I got 2 problems, originally we 2 server one is DC other is additional DC for and existing Domain. due to virus attacked server 2 was cleaned (reformatted) and reinstall window 2000 server. Problem are; (1) server 2 displays 2 operating system which I need to select,

Re: [ActiveDir] Group Policy - Overview

Anders, We market a product call PolMan that will produce a report of all settings that are enabled within your AD Policy. It provides a list of all entries with columns for the Policy name, the extension type, key name etc. We also market a nice little ADM Template editor. Feel free to

RE: [ActiveDir] Accidentally deleted OU with lots of users

the procedures are different depending on your AD infrastructure - and as also pointed out by Eric, multi-domain forests have particular challenges, mostly related to users being in groups in the other domains of the forest (e.g. Universal Groups or Domain Local Groups). If you're in a single

RE: [ActiveDir] Dialup add-in for ADUC

Have a look at:- http://www.jsiinc.com/SUBN/tip6900/rh6988.htm This worked for us Mike Waters -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED] Sent: 23 March 2004 20:41 To: [EMAIL PROTECTED] Subject: [ActiveDir] Dialup add-in for ADUC Does anyone know where I can find

RE: [ActiveDir] AcctInfo.dll doesn't work on XP

Thanks for the tip It worked on one XP/SP1 and still fails on another. If anyone know of any other workaround ... we still have Exchange 5.5 (for a while), so don't want to use Exchange2003 tools yet. Regards Mike Waters -Original Message- From: Steve Shaff [mailto:[EMAIL PROTECTED]

RE: [ActiveDir] AcctInfo.dll doesn't work on XP

I am using XP Sp1 without the Exchange 2003 tools and the DLL works like a charm om my PC. Just f.y.i. Try opening the DLL with depends, maybe you are missing some other components. Joost -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Waters, MW (Mike)

[ActiveDir] Security and AD

Hi, I want to run AD behind a firewall.Can someone please suggest what ports should I leave open so that all the clients to my AD can access it successfully? Any help would be greatly appreciated. Thanks and regards, Gagnesh List info : http://www.activedir.org/mail_list.htm List FAQ

RE: [ActiveDir] Security and AD

These articles might help: A List of the Windows 2000 Domain Controller Default Ports: http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q289241 AD Replication over Firewalls by Steve Riley, http://www.microsoft.com/SERVICEPROVIDERS/columns/config_ipsec_p63623.asp FYI: Q224196 -

RE: [ActiveDir] DNS registration errors

Peter, Our dns is configured as a forwarder only, is that the reason i'm having the problems? Do I need to add our ISP DNS IPs as forwarders or just leave the internal IPs as forwarders? thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL

RE: [ActiveDir] DNS registration errors

Return Receipt Your RE: [ActiveDir] DNS registration errors document :

RE: [ActiveDir] PKI Infrastructure Question

Well, that's not really an infrastructure then is it? That's a single server running all the roles with no separation and protection that you get from separation. More importantly, PKI has many facets that have to be taken into account. You can't just leave the root CA machine on the network and

RE: [ActiveDir] PKI Infrastructure Question

I would agree. I recommeded configured a root standalone (offline) and an enterprise subordinate issuing CA. (I realize 3 tier is best but this will work for our environment). Thanks for your opinions. I don't think my coworker really gets certain things. Kind Regards, Jennifer

RE: [ActiveDir] Group Policy - Overview

For everyone's reference, the spreadsheet of all ADM settings is here: http://www.microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14displaylang=en From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Wednesday, March 24, 2004

[ActiveDir]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've brought this topic up previously, but I thought I'd run it across you folks one more time to make sure I'm on the right track. We're preparing to upgrade a single NT4 domain to a 2003 AD domain, and I'll tentatively be using the following plan.

[ActiveDir] Linking other GPO objects to Domain Controllers

Hi all, Question: Has anyone experienced issues or know of any 'gotchas' with linking other GPO objects to the Domain Controllers OU in addition to the Default Domain Controllers Policy. Rationale: I would like to have a GPO ready that essentially has Windows Update enabled for deploying

RE: [ActiveDir] DNS registration errors

You should have your ISP's DNS server in the forwarders tab of the internal DNS server's properties. Your internal DNS server must be running a forward lookup zone for your AD or else you have serious issues.

RE: [ActiveDir] AcctInfo.dll doesn't work on XP

Yes, all those tried .. including unregister of the dll and re-register. No errors generated The XP/Sp1 machine it works on is a machine mainly used in our test domain, whereas the one that fails is in our production domain. The test one has had many tools added during testing (including Visual

Re: [ActiveDir] Making another server part of existing DC

Regarding problem 2, make sure that your DNS settings on Server2 are correct. -Peter [EMAIL PROTECTED]

RE: [ActiveDir] DNS registration errors

Return Receipt Your RE: [ActiveDir] DNS registration errors document :

RE: [ActiveDir] DNS registration errors

let me try to clarify everything i have. w2k server with one nic card configured with a static ip addy and our isp dns server address.(tcp/ip properties) dhcp and dns is provided by isp and assigned automatically to clients. in admin tools dns properties lists the internal dns ip as forwarders and

[ActiveDir] off topic a bit - eDirectory to AD migration

Can someone point me to a tool/way that we can extract our highly expanded eDirectory schema ? We are in the process of looking to migrating eDirectory to AD or AD/AM. Klara. The information contained in this

RE: [ActiveDir] Accidentally deleted OU with lots of users

I confess my lack of understanding of this procedure. I've used the procedure I posted many times in restoring deleted objects (including OUs). Since you posted this yesterday, I've been scratching my head and hacking OUs on my test domains and restoring them following the procedures I posted and

[ActiveDir] Recover a Domain

I have a question for everyone. If you have a child domain and for some reason you lose every domain controller in the domain, and you have a spare server that you install the OS on, how would you go about getting the domain back up and running. Do you install the OS Restore the System

RE: [ActiveDir] Accidentally deleted OU with lots of users

Deji, you'll have to go into more details of your test setup. Does multi-DC mean more than one DC in the forest (which could also be one per domain), or does it mean each domain has more than one DC in your lab? You won't see some of the issues with just one DC per domain. Also, are these DCs

RE: [ActiveDir] Linking other GPO objects to Domain Controllers

It's common practice to add other GPO links to the DC OU. -Original Message- From: Devan Pala [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 15:44 To: [EMAIL PROTECTED] Subject: [ActiveDir] Linking other GPO objects to Domain Controllers Hi all, Question: Has anyone experienced issues

RE: [ActiveDir] Recover a Domain

Title: Message In a nutshell yes.. I'd go to the Microsoft site and pull down one of their procedures... sorry I can list one off now. -Original Message-From: Salandra, Justin [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 17:01To: ActivedirSubject: [ActiveDir] Recover a

RE: [ActiveDir] Accidentally deleted OU with lots of users

I see, so you were just covering a single NC condition. Ok, your logic is correct, but the caveats are complex. Many users think they have no group memberships across the NC boundry when they do, but that's neither here nor there. I would recommend my procedure as a safe guard. Further, it

RE: [ActiveDir] off topic a bit - eDirectory to AD migration

Klara, This might help. http://www.microsoft.com/windows2000/techinfo/interop/dirsync.asp r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 10:53 AM To: [EMAIL PROTECTED] Subject:

RE: [ActiveDir] Linking other GPO objects to Domain Controllers

Agreed. Not much downside to this as long as you're not putting policies on these other GPOs that conflict with any set in the DDC policy. Even in that case, you just have to manage the conflicts. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of

RE: [ActiveDir] Recover a Domain

Title: Message Hi Justin, In the really.. you have only 3 FSMO in this child domain.. Do you install the OS Restore the System State Perform an authoritative restore of the database of the child domain If necessay seize the Roles Thanks for advance! Anderson Patricio[EMAIL

[ActiveDir] disaster recovery

I just restored AD. I had a test laptop, pulled it off the network, ran ntdsutil, seized all 3 roles,ran metadata cleanup and removed all my old dc's. deleted them with adsiedit and all dns records as well. then at the DR site, i set up new servers with the same names as the old one's, ran

RE: [ActiveDir] Accidentally deleted OU with lots of users

From my procedure: 5) Identify groups that the users affected are a member of 6) Boot DC in to ds restore mode; mark affected groups from step 5 as Authoritative That need be dome across the domain boundary. Another option: obtain from backups or the restored dc (like if it is a gc?) DN of all

RE: [ActiveDir] Linking other GPO objects to Domain Controllers

Mike- Yea, the local policy gets over-written by the DC policy because the local policy processes first in the pecking order, then site, domain and OU linked GPOs. What you could do is create a second GPO with your policy change, linked to the DC OU but with a higher processing order (i.e. it

RE: [ActiveDir] disaster recovery

restarting netlogon or registerdns does not work. where is this copy of the root zone in my dns server. i don't think i have it by default. i had to transfer it on my dns server back home. also if i had it, wouldnt creating a AD intergrated dns server on my test DC also have it? finally, when

RE: [ActiveDir] Linking other GPO objects to Domain Controllers

Thanks, Darren! -Original Message- From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 1:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Linking other GPO objects to Domain Controllers Mike- Yea, the local policy gets over-written by the DC policy

RE: [ActiveDir] disaster recovery

Title: [ActiveDir] disaster recovery You Zones is setting for Dynamic Updates = YES??? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, TomSent: quarta-feira, 24 de maro de 2004 16:47To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] disaster recovery

[ActiveDir] Remote Desktop

Is there a way to add Domain Admins to the Remote Users of every pc in our Domain with AD and not go to every PC? This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from

RE: [ActiveDir] disaster recovery

yes. a quick question- can one restore an entire child domain without connectivity to the root domain? -Original Message- From: Anderson Santos Patricio [mailto:[EMAIL PROTECTED] Sent: Wed 3/24/2004 2:58 PM To: [EMAIL PROTECTED] Cc:

RE: [ActiveDir] Remote Desktop

yes you can You can use restricted groups in group policies to add any group you want to the local "Remote Desktop Users" at each PC. Members (Users and/or groups) of the PC's local ADministrator group are also automatically allowed to connect remotly From: [EMAIL PROTECTED]

RE: [ActiveDir] Remote Desktop

VB Script and a GPO, or Login Script. http://www.myitforum.com/articles/11/view.asp?id=2457 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios TorontoSent: Wednesday, March 24, 2004 3:16 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] Remote

RE: [ActiveDir] Remote Desktop

Do you do this on the domain controller Lynden From: Seyboldt, Volker [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 3:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Remote Desktop yes you can You can use restricted groups in group policies to add

RE: [ActiveDir] Accidentally deleted OU with lots of users

I know - and that GC won't containt the DNs of the domain local groups of the other domains, that the users were a member of. I think this is the key that I'm trying to get accross. You can get the DNs of the groups for your own domain and the UGs of other domains when you're restoring a GC -

RE: [ActiveDir] Remote Desktop

oh, I think you should have a look at some whitepapers about implementing Group Policies in Active Directory You should implement this in a group policy of active directory and yes typically this is done on a DC From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of

RE: [ActiveDir] Accidentally deleted OU with lots of users

Exactly, enter my point that you either need to restore a DC in each domain or repopulate the groups. Is it me or are we saying the same thing over and over? Are you just not happy with the language I used to say it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

RE: [ActiveDir] disaster recovery

Title: [ActiveDir] disaster recovery No, you need the root domain as it holds some of the roles etc. In order for this to work, you need to restore the root domain as well. I've found that doing this with a virtual server is sometimes easier but that just saves on hardware requirements.

RE: [ActiveDir] Remote Desktop

Do you have any white papers Lynden From: Seyboldt, Volker [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 4:18 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Remote Desktop oh, I think you should have a look at some whitepapers about implementing

RE: [ActiveDir] Accidentally deleted OU with lots of users

Be sure to ensure that at least one test user is in a dlg, gg, ug and at least one dlg across the NC boundary. That gives you the full taste of the problem. ;) You should find that the GC in the domain shows you UGs that the user is in, but not the DLG across the NC boundary. To restore that

RE: [ActiveDir] Remote Desktop

try this: http://www.microsoft.com/windowsserver2003/technologies/management/grouppolicy/default.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios TorontoSent: Wednesday, March 24, 2004 10:45 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir]

RE: [ActiveDir] disaster recovery

i don't need the schema or domain naming roles to restore my domain. i have all the other roles. yet it still has issues with finding a gc or replicating within a domain. why? this is a fundemental design flaw of AD. It boggles the mind. If in a real disaster or even a test, MS expects you to

[ActiveDir] replication

when servers replicate within a site OR intrasite, in a multi domain enviorment, do they need to contact a GC to find each other? or for any reason. what is the role of the gc in AD replication, inter and intra site? thanks .+-wi0-+YbmPi0-+bf.+-j! 0j!oryIV+v*